Information security (un)awareness by Marc Vael
-
Upload
confenis-2012 -
Category
Technology
-
view
103 -
download
1
description
Transcript of Information security (un)awareness by Marc Vael
![Page 1: Information security (un)awareness by Marc Vael](https://reader033.fdocuments.us/reader033/viewer/2022051819/54c73b954a7959e5208b46d1/html5/thumbnails/1.jpg)
1
Marc Vael CONFENIS
ISACA September 2012
Information Security (Un)Awareness
Marc Vael International Vice-President
Information Security
(un)awareness
“My management
just does not “get”
information
security!” Anonymous CISO of a large financial institution
![Page 2: Information security (un)awareness by Marc Vael](https://reader033.fdocuments.us/reader033/viewer/2022051819/54c73b954a7959e5208b46d1/html5/thumbnails/2.jpg)
2
Marc Vael CONFENIS
ISACA September 2012
Information Security (Un)Awareness
“I am overwhelmed with
all the passwords I have
to remember. I just write
them down & leave them
with my executive
assistant.” Anonymous manager working in an insurance company
“Management has
authorized acquisition of
security monitoring tools,
but they did not give me
any budget for people to
do this monitoring.” Anonymous CISO of a multinational service organisation
![Page 3: Information security (un)awareness by Marc Vael](https://reader033.fdocuments.us/reader033/viewer/2022051819/54c73b954a7959e5208b46d1/html5/thumbnails/3.jpg)
3
Marc Vael CONFENIS
ISACA September 2012
Information Security (Un)Awareness
“Sure, I support
information security,
but my people need to
work and make money.”
Anonymous CEO of a retailer
“Our information security
department keeps getting
more tools, but I do not
think we are any more
secure.” Anonymous CRO of a large financial institution
![Page 4: Information security (un)awareness by Marc Vael](https://reader033.fdocuments.us/reader033/viewer/2022051819/54c73b954a7959e5208b46d1/html5/thumbnails/4.jpg)
4
Marc Vael CONFENIS
ISACA September 2012
Information Security (Un)Awareness
“Security policy is one
thing. Reality is another.”
Anonymous COO from a consulting company
“All that information security people do is
say “No!”.
They should learn how
we really work.
Angry manager of a governmental agency
![Page 5: Information security (un)awareness by Marc Vael](https://reader033.fdocuments.us/reader033/viewer/2022051819/54c73b954a7959e5208b46d1/html5/thumbnails/5.jpg)
5
Marc Vael CONFENIS
ISACA September 2012
Information Security (Un)Awareness
![Page 6: Information security (un)awareness by Marc Vael](https://reader033.fdocuments.us/reader033/viewer/2022051819/54c73b954a7959e5208b46d1/html5/thumbnails/6.jpg)
6
Marc Vael CONFENIS
ISACA September 2012
Information Security (Un)Awareness
![Page 7: Information security (un)awareness by Marc Vael](https://reader033.fdocuments.us/reader033/viewer/2022051819/54c73b954a7959e5208b46d1/html5/thumbnails/7.jpg)
7
Marc Vael CONFENIS
ISACA September 2012
Information Security (Un)Awareness
![Page 8: Information security (un)awareness by Marc Vael](https://reader033.fdocuments.us/reader033/viewer/2022051819/54c73b954a7959e5208b46d1/html5/thumbnails/8.jpg)
8
Marc Vael CONFENIS
ISACA September 2012
Information Security (Un)Awareness
Cyberwarfare is
"the fifth domain of
warfare“
![Page 9: Information security (un)awareness by Marc Vael](https://reader033.fdocuments.us/reader033/viewer/2022051819/54c73b954a7959e5208b46d1/html5/thumbnails/9.jpg)
9
Marc Vael CONFENIS
ISACA September 2012
Information Security (Un)Awareness
Impact of an attack on the business
![Page 10: Information security (un)awareness by Marc Vael](https://reader033.fdocuments.us/reader033/viewer/2022051819/54c73b954a7959e5208b46d1/html5/thumbnails/10.jpg)
10
Marc Vael CONFENIS
ISACA September 2012
Information Security (Un)Awareness
People are the weakest link.
You can have the best technology, firewalls, intrusion-detection systems,
biometric devices - and somebody can call an unsuspecting employee.
That's all she wrote, baby. They got everything.
Kevin Mitnick, ex hacker, IT security consultant.
![Page 11: Information security (un)awareness by Marc Vael](https://reader033.fdocuments.us/reader033/viewer/2022051819/54c73b954a7959e5208b46d1/html5/thumbnails/11.jpg)
11
Marc Vael CONFENIS
ISACA September 2012
Information Security (Un)Awareness
Business Model for Information Security
![Page 12: Information security (un)awareness by Marc Vael](https://reader033.fdocuments.us/reader033/viewer/2022051819/54c73b954a7959e5208b46d1/html5/thumbnails/12.jpg)
12
Marc Vael CONFENIS
ISACA September 2012
Information Security (Un)Awareness
![Page 13: Information security (un)awareness by Marc Vael](https://reader033.fdocuments.us/reader033/viewer/2022051819/54c73b954a7959e5208b46d1/html5/thumbnails/13.jpg)
13
Marc Vael CONFENIS
ISACA September 2012
Information Security (Un)Awareness
![Page 14: Information security (un)awareness by Marc Vael](https://reader033.fdocuments.us/reader033/viewer/2022051819/54c73b954a7959e5208b46d1/html5/thumbnails/14.jpg)
14
Marc Vael CONFENIS
ISACA September 2012
Information Security (Un)Awareness
Managing risks appropriately
![Page 15: Information security (un)awareness by Marc Vael](https://reader033.fdocuments.us/reader033/viewer/2022051819/54c73b954a7959e5208b46d1/html5/thumbnails/15.jpg)
15
Marc Vael CONFENIS
ISACA September 2012
Information Security (Un)Awareness
Risk always exists! (whether or not it is
detected / recognised by the organisation).
![Page 16: Information security (un)awareness by Marc Vael](https://reader033.fdocuments.us/reader033/viewer/2022051819/54c73b954a7959e5208b46d1/html5/thumbnails/16.jpg)
16
Marc Vael CONFENIS
ISACA September 2012
Information Security (Un)Awareness
EDUCATION!
![Page 17: Information security (un)awareness by Marc Vael](https://reader033.fdocuments.us/reader033/viewer/2022051819/54c73b954a7959e5208b46d1/html5/thumbnails/17.jpg)
17
Marc Vael CONFENIS
ISACA September 2012
Information Security (Un)Awareness
![Page 18: Information security (un)awareness by Marc Vael](https://reader033.fdocuments.us/reader033/viewer/2022051819/54c73b954a7959e5208b46d1/html5/thumbnails/18.jpg)
18
Marc Vael CONFENIS
ISACA September 2012
Information Security (Un)Awareness
Corporate governance : ERM = COSO
Support from Board of Directors & Executive Management
![Page 19: Information security (un)awareness by Marc Vael](https://reader033.fdocuments.us/reader033/viewer/2022051819/54c73b954a7959e5208b46d1/html5/thumbnails/19.jpg)
19
Marc Vael CONFENIS
ISACA September 2012
Information Security (Un)Awareness
Policies & Standards
Project Management
![Page 20: Information security (un)awareness by Marc Vael](https://reader033.fdocuments.us/reader033/viewer/2022051819/54c73b954a7959e5208b46d1/html5/thumbnails/20.jpg)
20
Marc Vael CONFENIS
ISACA September 2012
Information Security (Un)Awareness
Providing proper funding
Providing proper resources
![Page 21: Information security (un)awareness by Marc Vael](https://reader033.fdocuments.us/reader033/viewer/2022051819/54c73b954a7959e5208b46d1/html5/thumbnails/21.jpg)
21
Marc Vael CONFENIS
ISACA September 2012
Information Security (Un)Awareness
Measuring performance
Review / Audit
![Page 22: Information security (un)awareness by Marc Vael](https://reader033.fdocuments.us/reader033/viewer/2022051819/54c73b954a7959e5208b46d1/html5/thumbnails/22.jpg)
22
Marc Vael CONFENIS
ISACA September 2012
Information Security (Un)Awareness
Your security solution
is as strong …
… as its weakest link
![Page 23: Information security (un)awareness by Marc Vael](https://reader033.fdocuments.us/reader033/viewer/2022051819/54c73b954a7959e5208b46d1/html5/thumbnails/23.jpg)
23
Marc Vael CONFENIS
ISACA September 2012
Information Security (Un)Awareness
![Page 24: Information security (un)awareness by Marc Vael](https://reader033.fdocuments.us/reader033/viewer/2022051819/54c73b954a7959e5208b46d1/html5/thumbnails/24.jpg)
24
Marc Vael CONFENIS
ISACA September 2012
Information Security (Un)Awareness
www.isaca.org/knowledgecenter
![Page 25: Information security (un)awareness by Marc Vael](https://reader033.fdocuments.us/reader033/viewer/2022051819/54c73b954a7959e5208b46d1/html5/thumbnails/25.jpg)
25
Marc Vael CONFENIS
ISACA September 2012
Information Security (Un)Awareness
www.isaca.org/cobit
Marc Vael
International Vice-President
Chairman of the Knowledge Board
ISACA
http://www.isaca.org/
For more information…
http://www.linkedin.com/in/marcvael
@marcvael