Tips to Manage Information Security with Training
Tips to Manage Information Security with Training
Feb 23, 2016
To know handy tips on using training to ensure data security and information security within the organization. Download this presentation. - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Tips to Manage Information Security with Training
Tips to Manage Information Security with Training
Welcome to the presentation on Tips to Manage Information Security with Training1
DID YOU KNOW?
Did you know that2
93% of organizations in UK faced a security breach in 2012Estimated losses: 450K to 850K
Source: Source: Information Security Breaches Survey (2013)about 93% of large organizations surveyed in UK experienced a security breach in 2012 causing them to lose anywhere between 450 thousand to 850 thousand pounds?
3
85% of organizations in US were victims of security breaches in 2012 Estimated losses; $1.4 to $46 million
Source: Ponemon Institute Research Report
Statistics from other parts of the world are no different. 85% of large companies and federal agencies in the US have been a victim of security breaches. Companies in the US lose anywhere from $1.6 to 46 million dollars per year due to cybercrimes and data breaches.
4How Does Security Breach Happen?
How does security that is causing huge losses to organizations happen?5
How Does Security Breach Happen?Viruses, malwares, trojans etcIntentional or unintentional breaches by employeesLoss of mobile devices containing dataSQL injectionPhishingCyber terrorism or espionageSocial engineering
Typical threats to information security could be in the form of viruses, malwares, trojans etc. Employee practices could result in serious compromise of data security.Laptops, Smartphones and other such mobile devices containing sensitive data could be stolen. SQL injection, Phishing, Cyber terrorism or espionage, social engineering are other forms which have come to light in recent times.6Billions are spent towards internet security technology by organizations
Human element is generally overlooked.$$$$$$
Billions are spent towards internet security technology by organizations, but not much thought is given to the human element.775% of security breaches are inside jobs
In most cases, it is NOT the technology that is to be blamed. It is said that 75% of security breaches are committed by employees within the organization - either knowingly or unknowingly. 839% of data breach is due to employee negligence(Source: Ponemon Institute Research Report)
39% of data breach is simply because of negligence by employees or lack of awareness.9What can organizations do to avert this adversity?
Organizations cannot afford to incur huge losses due to information breaches and cyber-attacks. What can organizations do to avert this adversity?10
Information Security Training Program
They need to take all measures possible to check the situation. One of the key measures is Information Security Awareness Training. Lets see some key aspects to be kept in mind with respect to IT security training.11Reduces Information Security Loss by 75%
Data loss
Research has proved that companies that have taken an initiative to conduct IT security awareness program within their organization, have reported 75% decrease in data loss through Insider attacks. 12Safeguards employee interests as well as organizational interests
Employees need to be educated that security breaches harm them, as much as their organization. Training helps employees understand that it is in their interests as much as that of the organization to follow security precautions.13Ensures regular positive reinforcementof the need for IT Security
It is only through regular and persistent training efforts that organizations can bring about behavior change in the employees. Training ensures positive reinforcement of the need for IT security.14Elicits commitment towards information security from the employees
Information security is not the responsibility to just the information security managers. Training ensures each and every employee is committed to it. 15Key topics to be covered during training
Now that we know the importance of conducting IT security awareness training, lets see the key topics that can to be covered during training.
This list can be customized based on your individual situations. Lets briefly review each one of them
16Key topics to be covered during trainingPhysical security
Physical security involves routine security practices such as locking the doors, desks or file cabinets and drawers, ensuring that sensitive data is never left unattended17Physical securityDesktop securityKey topics to be covered during training
Desktop security involves simple practices such as having desktop password, locking the computer when away from the workstation. Importance of adhering to organizational practices such as taking daily or weekly back-ups etc depending on the companys policy.18Physical securityDesktop securityPassword securityKey topics to be covered during training
Though seemingly mundane, password security training is essential in ensure employees set up a strong and secure password or passphrase that are difficult to crack. 19
Physical securityDesktop securityPassword securityWireless networks securityKey topics to be covered during training
Wireless networks and security trainings address the insecure nature of wireless networks and enable employees to exercise caution and stabilize the laptops against the dangers of sniffing20
Physical securityDesktop securityPassword securityWireless networks securityPhishingKey topics to be covered during training
Employees need to be sensitized about the dangers of clicking on links provided in an e-mail or submitting bank details via e-mail, as these practices could make them vulnerable to Phishing.
21
Physical securityDesktop securityPassword securityWireless networks securityPhishingFile sharing and copyrightKey topics to be covered during training
You need to inform your employees about the organizations policy about file sharing and copyright violations. An employee could send sensitive data to a home computer, or allow others to use his or her lap top to surf the internet. Security precautions to be taken during such instances are very valuable.22
Physical securityDesktop securityPassword securityWireless networks securityPhishingFile sharing and copyrightSteps to be taken in case of a threatKey topics to be covered during training
Another important aspect that employees need to know is to identify a threat and report it to the concerned authority for action. A timely action can save organization huge amounts of dollars.
23Modes of Training
What are the methods one can adopt to ensure effective information security awareness?
You need to adopt a multiple methods of training for the information to stick and to make the training effective. Lets see what the different training methods are that can be adopted.24Web-based training Modes of Training
Web-based training is perhaps the most feasible and easy methods these days, if you want to have trainings at regular frequency. It could be in the form of eLearning modules, short videos, webinars etc.25
Web-based training Classroom training & workshopsModes of Training
Classroom training and workshops is another method, which can be conducted done once a year as an organizational exercise. This can be reinforced through other forms as mere once a year classroom training would just not be effective.26
Web-based training Classroom training & workshopsOnline resources on security policiesModes of Training
It is a good practice to have online resources on security policies and best practices for easy reference, when an employee has a doubt. Key topics pertaining to passwords, security measures can be made available for easy access either in the form of PDF documents, short eLearning modules, stories or videos. 27
Source: nie.edu.sgWeb-based training Classroom training & workshopsOnline resources on security policiesArticles/posters/booklets/flyersModes of Training
It is always better to have information in multiple formats, so that it caters to employees who have varied preferences.28Web-based training Classroom training & workshopsOnline resources on security policiesArticles/posters/booklets/flyersPop-up reminders on network/LMSModes of Training
Useful hints can be pushed on to the employees screens in the form of pop-up reminders when they log in to the network or LMS. Tips and reminders such as Never write your password anywhere such as post-it notes or Did you run virus-scan lately? always help employees remain vigilant.29Tips for IT Security training program
Here are some tips that you can keep in mind when you are planning an IT security training program.30Tips for IT Security training programTip 1:Identification of threats
Employees need to understand and identify the practices that might constitute data threat.31
Tips for IT Security training programTip 2:Ease of comprehension
Make the content simple and easy to understand for employees at all levels.32Tips for IT Security training programTip 3:Anecdotes, Real-Instances and Case studies
It is always effective to use anecdotes, stories and real life case studies to impress upon the impact of any careless action33Tips for IT Security training programTip 4:Management buy-in
Get someone from senior management to address the issue with employees. It accentuates the seriousness of the situation both to the management as well as employees.34Tips for IT Security training programTip 5: Collective responsibility
Reaffirm the fact that Information Security is a collective responsibility of each one in the organization35Conclusion36ConclusionLack of information and employee awareness is a major threat to Information Security. Well-thought out training program is the key to ensure that your organizations data is protected and secured at all times.
Lack of information and employee awareness is a major threat to Information Security. Well-thought out training program is the key to ensure that your organizations data is protected and secured at all times.37To read articles on similar topics, please visitblog.commlabindia.com
Lack of information and employee awareness is a major threat to Information Security. Well-thought out training program is the key to ensure that your organizations data is protected and secured at all times.38
Lack of information and employee awareness is a major threat to Information Security. Well-thought out training program is the key to ensure that your organizations data is protected and secured at all times.39
Related Documents
