More Related Content Similar to Valuendo 25 Things Not To Do (March 2009) Handout (20) Valuendo 25 Things Not To Do (March 2009) Handout1. 25 tips & tricks
25 Examples
of what you should not do
March 2009
Mr. Marc Vael
Managing Director
Valuendo
© 2009 Valuendo. All rights reserved.
1
INFORMATION CLASSIFICATION = PUBLIC
Agenda
• Introduction
• Concept
• 25 Statements
• Conclusion
© 2009 Valuendo. All rights reserved.
2
INFORMATION CLASSIFICATION = PUBLIC
Marc Vael InfoSecurity 2009
Valuendo March 2009
1
2. 25 tips & tricks
Introduction
• Marc Vael
• Managing Director Valuendo (“value & do”) since July 2001
• Education
– Master Applied Economics (UAntwerp)
– Master Information Management (UHasselt)
– Master+ Applied Economics & ICT (KUL)
• Core Services
– Enterprise Risk Management
– IT Governance
– Information Security Management
– Data Privacy & Protection
– Business Continuity / Disaster Recovery
– Crisis Management
– IT Audit & Compliance
• Certifications in good standing
– CISA / CISM / CISSP / ITIL Service Manager
© 2009 Valuendo. All rights reserved.
3
INFORMATION CLASSIFICATION = PUBLIC
Concept
• First :
Statement
• Second :
Voting on your current experience
© 2009 Valuendo. All rights reserved.
4
INFORMATION CLASSIFICATION = PUBLIC
Marc Vael InfoSecurity 2009
Valuendo March 2009
2
3. 25 tips & tricks
Test : The economic crisis has no impact
on the way we handle security
• Fully Agree
• Do not agree
• Don’t know really
© 2009 Valuendo. All rights reserved.
5
INFORMATION CLASSIFICATION = PUBLIC
Lesson 1 : Security > Business needs
•Yes
•Not always
•No
© 2009 Valuendo. All rights reserved.
6
INFORMATION CLASSIFICATION = PUBLIC
Marc Vael InfoSecurity 2009
Valuendo March 2009
3
4. 25 tips & tricks
Lesson 2 : It is the CISO who is
driving security in our organisation
•Of course.
•No, the real driver is
someone else
•I’m not sure
© 2009 Valuendo. All rights reserved.
7
INFORMATION CLASSIFICATION = PUBLIC
Lesson 3 : Security budget is easy to
calculate and to defend/present
•Absolutely
•Difficult to calculate,
but easy to defend / present
•Not really
© 2009 Valuendo. All rights reserved.
8
INFORMATION CLASSIFICATION = PUBLIC
Marc Vael InfoSecurity 2009
Valuendo March 2009
4
5. 25 tips & tricks
Lesson 4 : The security vision is
understood by everyone
•Yes and we even
have checked this
•We hope so
•No
© 2009 Valuendo. All rights reserved.
9
INFORMATION CLASSIFICATION = PUBLIC
Lesson 5 : Everybody understands
security terminology used
•Yes we know and
we even have a glossary
•We hope so
•No
© 2009 Valuendo. All rights reserved.
10
INFORMATION CLASSIFICATION = PUBLIC
Marc Vael InfoSecurity 2009
Valuendo March 2009
5
6. 25 tips & tricks
Lesson 6 : Security and risk management
are two different professions
•Yes
•No
•Don’t know really
© 2009 Valuendo. All rights reserved.
11
INFORMATION CLASSIFICATION = PUBLIC
Lesson 7 : People recognize security
incidents
•Yes and we even
have tested this
•We hope so
•No
© 2009 Valuendo. All rights reserved.
12
INFORMATION CLASSIFICATION = PUBLIC
Marc Vael InfoSecurity 2009
Valuendo March 2009
6
7. 25 tips & tricks
Lesson 8 : People know how to
classify and secure their information
•Yes and we even
have tested this
•We hope so
•No
© 2009 Valuendo. All rights reserved.
13
INFORMATION CLASSIFICATION = PUBLIC
Lesson 9 : Security audits are
essential to determine what’s wrong
•Yes
•We hope so
•No
© 2009 Valuendo. All rights reserved.
14
INFORMATION CLASSIFICATION = PUBLIC
Marc Vael InfoSecurity 2009
Valuendo March 2009
7
8. 25 tips & tricks
Lesson 10 : Security awareness
posters are the most effective tool
•Yes and we even
have checked this
•We hope so
•No
© 2009 Valuendo. All rights reserved.
15
INFORMATION CLASSIFICATION = PUBLIC
Lesson 11 : People remember all
passwords & pin-codes
•Yes and we even
have checked this
•We hope so
•No
© 2009 Valuendo. All rights reserved.
16
INFORMATION CLASSIFICATION = PUBLIC
Marc Vael InfoSecurity 2009
Valuendo March 2009
8
9. 25 tips & tricks
Lesson 12 : People always select a
strong password
•Yes and we
even enforce this
•We hope so
•No
© 2009 Valuendo. All rights reserved.
17
INFORMATION CLASSIFICATION = PUBLIC
Lesson 13 : People lock their PC
information via screen saver
•Yes and we even
have checked this
•We hope so
•No
© 2009 Valuendo. All rights reserved.
18
INFORMATION CLASSIFICATION = PUBLIC
Marc Vael InfoSecurity 2009
Valuendo March 2009
9
10. 25 tips & tricks
Lesson 14 : People respect clean
desk policy
•Yes and we even
have checked this
•We hope so
•No
© 2009 Valuendo. All rights reserved.
19
INFORMATION CLASSIFICATION = PUBLIC
Lesson 15 : People always use the
security tools we give them
•Yes and we even
have checked this
•We hope so
•No
© 2009 Valuendo. All rights reserved.
20
INFORMATION CLASSIFICATION = PUBLIC
Marc Vael InfoSecurity 2009
Valuendo March 2009
10
11. 25 tips & tricks
Lesson 16 : IT people give the good
example of respecting security rules
•Yes and we even
have checked this
•We hope so
•No
© 2009 Valuendo. All rights reserved.
21
INFORMATION CLASSIFICATION = PUBLIC
Lesson 17 : People only use official
authorized software
•Yes and we even
have tested this
•We hope so
•No
© 2009 Valuendo. All rights reserved.
22
INFORMATION CLASSIFICATION = PUBLIC
Marc Vael InfoSecurity 2009
Valuendo March 2009
11
12. 25 tips & tricks
Lesson 18 : Only naughty people get
naughty spam mails
•Yes
•No
•Don’t know really
© 2009 Valuendo. All rights reserved.
23
INFORMATION CLASSIFICATION = PUBLIC
Lesson 19 : Only dumb people fall for
phishing scams / mails
•Yes
•No
•Don’t know really
© 2009 Valuendo. All rights reserved.
24
INFORMATION CLASSIFICATION = PUBLIC
Marc Vael InfoSecurity 2009
Valuendo March 2009
12
13. 25 tips & tricks
Lesson 20 : People mention their
backups in their OOO when unavailable
•Yes
•No
•Don’t know really
© 2009 Valuendo. All rights reserved.
25
INFORMATION CLASSIFICATION = PUBLIC
Lesson 21 : People suggest alternative
communication channels when unavailable
•Yes
•No
•Don’t know really
© 2009 Valuendo. All rights reserved.
26
INFORMATION CLASSIFICATION = PUBLIC
Marc Vael InfoSecurity 2009
Valuendo March 2009
13
14. 25 tips & tricks
Lesson 22 : People know & respect
security rules when at other companies
•Yes
•No
•Don’t know really
© 2009 Valuendo. All rights reserved.
27
INFORMATION CLASSIFICATION = PUBLIC
Lesson 23 : People need full internet
access for professional reasons
•Yes
•No
•Don’t know really
© 2009 Valuendo. All rights reserved.
28
INFORMATION CLASSIFICATION = PUBLIC
Marc Vael InfoSecurity 2009
Valuendo March 2009
14
15. 25 tips & tricks
Lesson 24 : People know how to secure
their wired & wireless network access
•Yes
•No
•Don’t know really
© 2009 Valuendo. All rights reserved.
29
INFORMATION CLASSIFICATION = PUBLIC
Lesson 25 : Security is still better on
paper than on digital format
•Yes
•No
•Don’t know really
© 2009 Valuendo. All rights reserved.
30
INFORMATION CLASSIFICATION = PUBLIC
Marc Vael InfoSecurity 2009
Valuendo March 2009
15
16. 25 tips & tricks
Conclusion
© 2009 Valuendo. All rights reserved.
31
INFORMATION CLASSIFICATION = PUBLIC
Contact information
Mr. Marc Vael, CISA, CISM, CISSP, ITIL
Managing Director
Valuendo
Kriebrugstraat 33
1760 Roosdaal
Belgium
T: +32 5 433 61 93
M: +32 473 99 30 31
M: mvael@valuendo.com
mvael@valuendo.com
W: www.valuendo.com
© 2009 Valuendo. All rights reserved.
32
INFORMATION CLASSIFICATION = PUBLIC
Marc Vael InfoSecurity 2009
Valuendo March 2009
16