SlideShare ist ein Scribd-Unternehmen logo

Security Awareness Program

Als PPTX, PDF herunterladen
D
David Wigton
1 von 16
David Wigton Walden University Dr. Constance Blanson June 5, 2016 1
Outline  Welcome  Introduction to Security Awareness Program  Password Usage and Management  Virus Protection  E-mail  Internet Usage  Shoulder Surfing  Social Engineering  Access Control  Personal Devices  Summary  References 2
Welcome To Security Awareness Training  Why are we here?  We are here because security Awareness is becoming a bigger issue every day that passes.  What will we be discussing? In a few words, we will be discussing how to be more security minded.  A little about myself  I have been in the IT field for 15+ years now and now am a security Analyst and trainer. 3
Introduction to Security Awareness Program  “Security awareness training is a formal process for educating employees about computer security” (Rouse, M. (2016)).  A good security awareness program should educate employees about corporate policies and procedures for working with information technology (IT).  Employees should receive information about who to contact if they discover a security threat and be taught that data as a valuable corporate asset.  Regular training is particularly necessary in organizations with high turnover rates and those that rely heavily on contract or temporary staff.  Confirming how well the awareness program is working can be difficult. The most common metric looks for a downward trend in the number of incidents over time. 4
Password Usage and Management  Passwords must be at least 8 characters long  Passwords must include one Capital, lower case letter, a number and a special character, example *%$#^&@!  Passwords may not be dictionary words or Names  Passwords expire after 150 days. You will be given notice that they are expiring  Cannot be repeated 5
Virus Protection  IT Department will scan all computers and servers on Wednesday Nights  Must stay installed on all computers  Will Scan E-mails 6
E-mail  DO NOT OPEN suspicious e-mails  If you have doubts about opening up attachment, then immediately delete then empty deleted folder.  Contact IT with any questions  Leads to attacks like shoulder surfing and social engineering 7
What is Shoulder Surfing?  According to Searchsecurity.techtarget.com, “Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it's relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision- enhancing devices. To prevent shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand” (searchsecurity.techtarget.com. (2016)).  Shoulder surfing, we all have done this more than once in our lives. People tend to stand over you when you enter your password or other data. 8
What is Shoulder Surfing?  Techopedia explains Shoulder surfing as: “Because of our data and identity driven society, personal security keys, like username and password combinations, are critical personal and private data safeguards. Unfortunately, technical savvy is not always required for hackers to gain information. The most commonly stolen data through shoulder surfing includes credit card numbers, personal identification numbers (PIN), important personal information (like middle name and birth date used in password recovery) and usernames/passwords. This type of information may be used to login to accounts and steal other information, such as money, in the case of bank accounts” (www.techopedia.com. (2016). 9
What is Social Engineering?  “Social engineering is an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures” (Rouse, M. (2016)).  Depends on you being helpful with information. Do not share information with those who do not need to know it. 10
Popular types of social engineering attacks include:  Baiting: Baiting is when an attacker leaves a malware-infected physical device, such as an USB flash drive in a place it is sure to be found. The finder then picks up the device and loads it onto his or her computer, unintentionally installing the malware.  Phishing: Phishing is when a malicious party sends a fraudulent email disguised as a legitimate email, often purporting to be from a trusted source. The message is meant to trick the recipient into sharing personal or financial information or clicking on a link that installs malware.  Spear phishing: Spear phishing is like phishing, but tailored for a specific individual or organization.  Pretexting: Pretexting is when one party lies to another to gain access to privileged data. For example, a pretexting scam could involve an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient.  Scareware: Scareware involves tricking the victim into thinking his computer is infected with malware or has inadvertently downloaded illegal content. The attacker then offers the victim a solution that will fix the bogus problem; in reality, the victim is simply tricked into downloading and installing the attacker's malware. 11
Internet Usage  For Work usage only  IT department will be monitoring usage  NO Social Media Sites allowed  Personal usage will be during lunch only  No music or video streaming will be allowed 12
Access Control  All employees will be given an access card to enter the facilities.  Must always check in at security sites  This must be with you at all times.  Some areas will require a passcode  Must report it stolen or missing immediately  Access control to data will be determined by your job functions. 13
Personal Devices  Cell Phones  Laptops  Tablets  None of these will be allowed to connect to the Wi-Fi.  Usage is prohibited unless on breaks or lunch  Must get permission from Management before Company E-mail is attached to device 14
Summary  What is a SAP? Security Awareness Program  Why is it necessary? To keep all employees informed to security  When will we receive training? At least once a year  Where will the training be held? Front Conference Room  Remember: If you have a bad feeling about something, then listen to that feeling and seek assistance from IT 15
References  Searchsecurity.techtarget.com. (2016). Shoulder Surfing. Retrieved from http://searchsecurity.techtarget.com/definition/shoulde r-surfing  www.techopedia.com. (2016). Shoulder Surfing. Retrieved from https://www.techopedia.com/definition/4103/shoulder- surfing  Rouse, M. (2016). Social Engineering. Retrieved from http://searchsecurity.techtarget.com/definition/social- engineering  Rouse, M. (2016). Security Awareness Training. Retrieved from http://searchsecurity.techtarget.com/definition/security- 16

Empfohlen

Think like a hacker for better security awareness
Think like a hacker for better security awarenessThink like a hacker for better security awareness
Think like a hacker for better security awareness
COMSATS
 
Dont Let Data And Business Assets Slip Out The Back Door Cm101243
Dont Let Data And Business Assets Slip Out The Back Door Cm101243Dont Let Data And Business Assets Slip Out The Back Door Cm101243
Dont Let Data And Business Assets Slip Out The Back Door Cm101243
Erik Ginalick
 
Ci31560566
Ci31560566Ci31560566
Ci31560566
IJERA Editor
 
Trustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education CatalogTrustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education Catalog
Trustwave
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook Security
Rogers Communications
 
Security Feature Cover Story
Security Feature Cover StorySecurity Feature Cover Story
Security Feature Cover Story
Torrid Networks Private Limited
 
Psychological Security: Introducing the PsySec Field
Psychological Security: Introducing the PsySec FieldPsychological Security: Introducing the PsySec Field
Psychological Security: Introducing the PsySec Field
Zach(ary) Eikenberry
 
Security Transformation
Security TransformationSecurity Transformation
Security Transformation
Faisal Yahya
 

Empfohlen

Think like a hacker for better security awareness
Think like a hacker for better security awarenessThink like a hacker for better security awareness
Think like a hacker for better security awareness
COMSATS
 
Dont Let Data And Business Assets Slip Out The Back Door Cm101243
Dont Let Data And Business Assets Slip Out The Back Door Cm101243Dont Let Data And Business Assets Slip Out The Back Door Cm101243
Dont Let Data And Business Assets Slip Out The Back Door Cm101243
Erik Ginalick
 
Ci31560566
Ci31560566Ci31560566
Ci31560566
IJERA Editor
 
Trustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education CatalogTrustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education Catalog
Trustwave
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook Security
Rogers Communications
 
Security Feature Cover Story
Security Feature Cover StorySecurity Feature Cover Story
Security Feature Cover Story
Torrid Networks Private Limited
 
Psychological Security: Introducing the PsySec Field
Psychological Security: Introducing the PsySec FieldPsychological Security: Introducing the PsySec Field
Psychological Security: Introducing the PsySec Field
Zach(ary) Eikenberry
 
Security Transformation
Security TransformationSecurity Transformation
Security Transformation
Faisal Yahya
 
Information Security Governance at Board and Executive Level
Information Security Governance at Board and Executive LevelInformation Security Governance at Board and Executive Level
Information Security Governance at Board and Executive Level
Koen Maris
 
Symantec_2004_AnnualReport
Symantec_2004_AnnualReportSymantec_2004_AnnualReport
Symantec_2004_AnnualReport
finance40
 
Security, Privacy and the Future Internet
Security, Privacy and the Future InternetSecurity, Privacy and the Future Internet
Security, Privacy and the Future Internet
Fraunhofer Institute for Secure Information Technology
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructure
Anton Chuvakin
 
Justifying IT Security: Managing Risk
Justifying IT Security: Managing Risk Justifying IT Security: Managing Risk
Justifying IT Security: Managing Risk
judythornell
 
Cyber Sec Project Proposal
Cyber Sec Project ProposalCyber Sec Project Proposal
Cyber Sec Project Proposal
Chris Young
 
A Guide To SMB Network Security Compliance Research Group(1)
A Guide To SMB Network Security Compliance Research Group(1)A Guide To SMB Network Security Compliance Research Group(1)
A Guide To SMB Network Security Compliance Research Group(1)
GuardEra Access Solutions, Inc.
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Sandra (Sandy) Dunn
 
Ehc brochure
Ehc brochureEhc brochure
Ehc brochure
Ehab El Barbary
 
Trustwave Cybersecurity Education Catalog 2019
Trustwave Cybersecurity Education Catalog 2019Trustwave Cybersecurity Education Catalog 2019
Trustwave Cybersecurity Education Catalog 2019
Trustwave
 
Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof Sood
Zsolt Nemeth
 
amrapali builders @@hacking printers.pdf
amrapali builders @@hacking printers.pdfamrapali builders @@hacking printers.pdf
amrapali builders @@hacking printers.pdf
amrapalibuildersreviews
 
Beyond top secret
Beyond top secretBeyond top secret
Beyond top secret
gorin2008
 
Influential Business Leaders in Security services | CIO Look
Influential Business Leaders in Security services | CIO LookInfluential Business Leaders in Security services | CIO Look
Influential Business Leaders in Security services | CIO Look
CIO Look Magazine
 
Cybersecurity-2013
Cybersecurity-2013Cybersecurity-2013
Cybersecurity-2013
Jennie Hwang
 
Fns Incident Management Powered By En Case
Fns Incident Management Powered By En CaseFns Incident Management Powered By En Case
Fns Incident Management Powered By En Case
tbeckwith
 
Cyber Safety Awareness Training (Brochure)
Cyber Safety Awareness Training (Brochure)Cyber Safety Awareness Training (Brochure)
Cyber Safety Awareness Training (Brochure)
NAFCU Services Corporation
 
The OK! technology - Exposé v3.26 20170208
The OK! technology - Exposé v3.26 20170208The OK! technology - Exposé v3.26 20170208
The OK! technology - Exposé v3.26 20170208
Manuel Mejías
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systems
Zsolt Nemeth
 
Cybersecurity awareness.pdf
Cybersecurity awareness.pdfCybersecurity awareness.pdf
Cybersecurity awareness.pdf
CRO Cyber Rights Organization
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Ncell
 
Social engineering
Social engineeringSocial engineering
Social engineering
Alexander Zhuravlev
 

Weitere ähnliche Inhalte

Was ist angesagt?

Information Security Governance at Board and Executive Level
Information Security Governance at Board and Executive LevelInformation Security Governance at Board and Executive Level
Information Security Governance at Board and Executive Level
Koen Maris
 
Symantec_2004_AnnualReport
Symantec_2004_AnnualReportSymantec_2004_AnnualReport
Symantec_2004_AnnualReport
finance40
 
Justifying IT Security: Managing Risk
Justifying IT Security: Managing Risk Justifying IT Security: Managing Risk
Justifying IT Security: Managing Risk
judythornell
 
Cyber Sec Project Proposal
Cyber Sec Project ProposalCyber Sec Project Proposal
Cyber Sec Project Proposal
Chris Young
 
Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof Sood
Zsolt Nemeth
 
amrapali builders @@hacking printers.pdf
amrapali builders @@hacking printers.pdfamrapali builders @@hacking printers.pdf
amrapali builders @@hacking printers.pdf
amrapalibuildersreviews
 
Beyond top secret
Beyond top secretBeyond top secret
Beyond top secret
gorin2008
 
Cybersecurity-2013
Cybersecurity-2013Cybersecurity-2013
Cybersecurity-2013
Jennie Hwang
 

Was ist angesagt? (19)

Information Security Governance at Board and Executive Level
Information Security Governance at Board and Executive LevelInformation Security Governance at Board and Executive Level
Information Security Governance at Board and Executive Level
 
Symantec_2004_AnnualReport
Symantec_2004_AnnualReportSymantec_2004_AnnualReport
Symantec_2004_AnnualReport
 
Security, Privacy and the Future Internet
Security, Privacy and the Future InternetSecurity, Privacy and the Future Internet
Security, Privacy and the Future Internet
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructure
 
Justifying IT Security: Managing Risk
Justifying IT Security: Managing Risk Justifying IT Security: Managing Risk
Justifying IT Security: Managing Risk
 
Cyber Sec Project Proposal
Cyber Sec Project ProposalCyber Sec Project Proposal
Cyber Sec Project Proposal
 
A Guide To SMB Network Security Compliance Research Group(1)
A Guide To SMB Network Security Compliance Research Group(1)A Guide To SMB Network Security Compliance Research Group(1)
A Guide To SMB Network Security Compliance Research Group(1)
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
 
Ehc brochure
Ehc brochureEhc brochure
Ehc brochure
 
Trustwave Cybersecurity Education Catalog 2019
Trustwave Cybersecurity Education Catalog 2019Trustwave Cybersecurity Education Catalog 2019
Trustwave Cybersecurity Education Catalog 2019
 
Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof Sood
 
amrapali builders @@hacking printers.pdf
amrapali builders @@hacking printers.pdfamrapali builders @@hacking printers.pdf
amrapali builders @@hacking printers.pdf
 
Beyond top secret
Beyond top secretBeyond top secret
Beyond top secret
 
Influential Business Leaders in Security services | CIO Look
Influential Business Leaders in Security services | CIO LookInfluential Business Leaders in Security services | CIO Look
Influential Business Leaders in Security services | CIO Look
 
Cybersecurity-2013
Cybersecurity-2013Cybersecurity-2013
Cybersecurity-2013
 
Fns Incident Management Powered By En Case
Fns Incident Management Powered By En CaseFns Incident Management Powered By En Case
Fns Incident Management Powered By En Case
 
Cyber Safety Awareness Training (Brochure)
Cyber Safety Awareness Training (Brochure)Cyber Safety Awareness Training (Brochure)
Cyber Safety Awareness Training (Brochure)
 
The OK! technology - Exposé v3.26 20170208
The OK! technology - Exposé v3.26 20170208The OK! technology - Exposé v3.26 20170208
The OK! technology - Exposé v3.26 20170208
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systems
 

Ähnlich wie Security Awareness Program

Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014
Joseph White MPA CPM
 
Digital safety[1]
Digital safety[1]Digital safety[1]
Digital safety[1]
sheenau
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
banerjeea
 

Ähnlich wie Security Awareness Program (20)

Cybersecurity awareness.pdf
Cybersecurity awareness.pdfCybersecurity awareness.pdf
Cybersecurity awareness.pdf
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Building a culture of security
Building a culture of securityBuilding a culture of security
Building a culture of security
 
Mobile security
Mobile securityMobile security
Mobile security
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014
 
Security awareness-checklist 2019
Security awareness-checklist 2019Security awareness-checklist 2019
Security awareness-checklist 2019
 
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdfCybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
 
Cybersecurity Awareness E-book by Propelled Technologies
Cybersecurity Awareness E-book by Propelled Technologies Cybersecurity Awareness E-book by Propelled Technologies
Cybersecurity Awareness E-book by Propelled Technologies
 
Digital safety[1]
Digital safety[1]Digital safety[1]
Digital safety[1]
 
Document safer online for nonprofits guide
Document safer online for nonprofits guideDocument safer online for nonprofits guide
Document safer online for nonprofits guide
 
The Major Types of Cybercrime
The Major Types of CybercrimeThe Major Types of Cybercrime
The Major Types of Cybercrime
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingment
 
Champaign EDC Cybersecurity Seminar by John Bambenek - March 25, 2014
Champaign EDC Cybersecurity Seminar by John Bambenek - March 25, 2014Champaign EDC Cybersecurity Seminar by John Bambenek - March 25, 2014
Champaign EDC Cybersecurity Seminar by John Bambenek - March 25, 2014
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 
I’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextI’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take Next
 
Module 5: Safety
Module 5: SafetyModule 5: Safety
Module 5: Safety
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptx
 
cyber security.pptx
cyber security.pptxcyber security.pptx
cyber security.pptx
 

Security Awareness Program

  • 1. David Wigton Walden University Dr. Constance Blanson June 5, 2016 1
  • 2. Outline  Welcome  Introduction to Security Awareness Program  Password Usage and Management  Virus Protection  E-mail  Internet Usage  Shoulder Surfing  Social Engineering  Access Control  Personal Devices  Summary  References 2
  • 3. Welcome To Security Awareness Training  Why are we here?  We are here because security Awareness is becoming a bigger issue every day that passes.  What will we be discussing? In a few words, we will be discussing how to be more security minded.  A little about myself  I have been in the IT field for 15+ years now and now am a security Analyst and trainer. 3
  • 4. Introduction to Security Awareness Program  “Security awareness training is a formal process for educating employees about computer security” (Rouse, M. (2016)).  A good security awareness program should educate employees about corporate policies and procedures for working with information technology (IT).  Employees should receive information about who to contact if they discover a security threat and be taught that data as a valuable corporate asset.  Regular training is particularly necessary in organizations with high turnover rates and those that rely heavily on contract or temporary staff.  Confirming how well the awareness program is working can be difficult. The most common metric looks for a downward trend in the number of incidents over time. 4
  • 5. Password Usage and Management  Passwords must be at least 8 characters long  Passwords must include one Capital, lower case letter, a number and a special character, example *%$#^&@!  Passwords may not be dictionary words or Names  Passwords expire after 150 days. You will be given notice that they are expiring  Cannot be repeated 5
  • 6. Virus Protection  IT Department will scan all computers and servers on Wednesday Nights  Must stay installed on all computers  Will Scan E-mails 6
  • 7. E-mail  DO NOT OPEN suspicious e-mails  If you have doubts about opening up attachment, then immediately delete then empty deleted folder.  Contact IT with any questions  Leads to attacks like shoulder surfing and social engineering 7
  • 8. What is Shoulder Surfing?  According to Searchsecurity.techtarget.com, “Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it's relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision- enhancing devices. To prevent shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand” (searchsecurity.techtarget.com. (2016)).  Shoulder surfing, we all have done this more than once in our lives. People tend to stand over you when you enter your password or other data. 8
  • 9. What is Shoulder Surfing?  Techopedia explains Shoulder surfing as: “Because of our data and identity driven society, personal security keys, like username and password combinations, are critical personal and private data safeguards. Unfortunately, technical savvy is not always required for hackers to gain information. The most commonly stolen data through shoulder surfing includes credit card numbers, personal identification numbers (PIN), important personal information (like middle name and birth date used in password recovery) and usernames/passwords. This type of information may be used to login to accounts and steal other information, such as money, in the case of bank accounts” (www.techopedia.com. (2016). 9
  • 10. What is Social Engineering?  “Social engineering is an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures” (Rouse, M. (2016)).  Depends on you being helpful with information. Do not share information with those who do not need to know it. 10
  • 11. Popular types of social engineering attacks include:  Baiting: Baiting is when an attacker leaves a malware-infected physical device, such as an USB flash drive in a place it is sure to be found. The finder then picks up the device and loads it onto his or her computer, unintentionally installing the malware.  Phishing: Phishing is when a malicious party sends a fraudulent email disguised as a legitimate email, often purporting to be from a trusted source. The message is meant to trick the recipient into sharing personal or financial information or clicking on a link that installs malware.  Spear phishing: Spear phishing is like phishing, but tailored for a specific individual or organization.  Pretexting: Pretexting is when one party lies to another to gain access to privileged data. For example, a pretexting scam could involve an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient.  Scareware: Scareware involves tricking the victim into thinking his computer is infected with malware or has inadvertently downloaded illegal content. The attacker then offers the victim a solution that will fix the bogus problem; in reality, the victim is simply tricked into downloading and installing the attacker's malware. 11
  • 12. Internet Usage  For Work usage only  IT department will be monitoring usage  NO Social Media Sites allowed  Personal usage will be during lunch only  No music or video streaming will be allowed 12
  • 13. Access Control  All employees will be given an access card to enter the facilities.  Must always check in at security sites  This must be with you at all times.  Some areas will require a passcode  Must report it stolen or missing immediately  Access control to data will be determined by your job functions. 13
  • 14. Personal Devices  Cell Phones  Laptops  Tablets  None of these will be allowed to connect to the Wi-Fi.  Usage is prohibited unless on breaks or lunch  Must get permission from Management before Company E-mail is attached to device 14
  • 15. Summary  What is a SAP? Security Awareness Program  Why is it necessary? To keep all employees informed to security  When will we receive training? At least once a year  Where will the training be held? Front Conference Room  Remember: If you have a bad feeling about something, then listen to that feeling and seek assistance from IT 15
  • 16. References  Searchsecurity.techtarget.com. (2016). Shoulder Surfing. Retrieved from http://searchsecurity.techtarget.com/definition/shoulde r-surfing  www.techopedia.com. (2016). Shoulder Surfing. Retrieved from https://www.techopedia.com/definition/4103/shoulder- surfing  Rouse, M. (2016). Social Engineering. Retrieved from http://searchsecurity.techtarget.com/definition/social- engineering  Rouse, M. (2016). Security Awareness Training. Retrieved from http://searchsecurity.techtarget.com/definition/security- 16