SlideShare ist ein Scribd-Unternehmen logo

Staff awareness: developing a security culture

IT Governance Ltd
IT Governance Ltd

This webinar illustrates: - Why staff awareness matters - Assessing your culture - Common challenges - Generating a culture shift - Monitoring progress and measuring sucess A recording of the webinar can be found here: https://www.youtube.com/watch?v=8xbIt-5GnuM

Business
1 von 37
Downloaden Sie, um offline zu lesen
© IT Governance Ltd 2018 Presenter:StefanieRetfalvi,LearningDesign&SolutionsConsultant,ITGovernance Staff Awareness: Developing a Security Culture
© IT Governance Ltd 2018 Agenda 01 02 03 04 06 07 ? Q&A 05 Cyber Security Awareness Programme Staff Awareness: Creatinga SecurityCulture
About IT Governance & Introduction
© IT Governance Ltd 2018 About IT Governance
© IT Governance Ltd 2018 Introduction • Stefanie Ildiko RETFALVI • Learning Design & Solutions Consultant • International cross-sectorexperience
© IT Governance Ltd 2018 Why Staff Awareness matters
© IT Governance Ltd 2018 ISO 27001 7 Support Persons doing work under the organization’s control shall be aware of: a) the information security policy; b) their contribution to the effectiveness of the information security management system, including the benefits of improved information security performance; and c) the implications of not conforming with the information security management system requirements.
© IT Governance Ltd 2018 GDPR Article 39 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;
© IT Governance Ltd 2018 Why it matters ICO Publication: “Preparing for the General Data Protection Regulation (GDPR) - 12 steps to take now.”
© IT Governance Ltd 2018 • Learner fatigue. • Stronger defencee against threats / lower risk thanks to increased awareness. • Best ROI due to risk matrix and prioritisation; • Credibility and trust. • Empowering of employees to make informed decisions (size of security function = as large as the organisation). • The consequences of non-compliance. More than just Compliance
© IT Governance Ltd 2018 Assessing your Culture
© IT Governance Ltd 2018 Setting off on your Journey to a Culture of Security Awareness ‘Are we there yet?’
© IT Governance Ltd 2018 Identifying Problems Identifying common drivers for resistance or gaps in understanding is the first step to gaining organisation-wide buy-in.
© IT Governance Ltd 2018 Common Challenges
© IT Governance Ltd 2018 Security & Mindset • Viewed as hindering productivity • Perceived as dry and/or overwhelming • Other misconceptions
© IT Governance Ltd 2018 Quality & Compliance Learning & Development & Internal Communications
© IT Governance Ltd 2018 Generating a Culture Shift
© IT Governance Ltd 2018 Security affects Everyone • C-suite, senior management buy-in (leading by example) • DPOs, CISOs, CIOs • Business process owners • HR, Change Management, Internal Comms • Organisation-wide buy-in
© IT Governance Ltd 2018 • Understand your audience(s) • Align your strategy and your culture • Make use of proven engagement techniques • Be opportunistic Planning Change
© IT Governance Ltd 2018 Implementing a Security Awareness Programme It is important to offer a modern mix of different security-focused learning and communications tools to address individuals’ diverse needs and preferences.
© IT Governance Ltd 2018 To attain the highest levels of employee engagement, it is important to generate personal investment and motivation for adopting best practice. Gaining organisation-wide Buy-in
© IT Governance Ltd 2018 Example
© IT Governance Ltd 2018 Delivering Knowledge For optimal knowledge retention, information needs to be clear, accessible and easy to digest.
© IT Governance Ltd 2018 Example
© IT Governance Ltd 2018 Encouraging Knowledge Transfer to the Workplace It is not enough to know what best practice involves. Employees need to apply their obtained knowledge in their everyday activities.
© IT Governance Ltd 2018 Sample Solution These should: • Be meaningful, encouraging deep reflection and the transfer of acquired knowledge to the workplace; • Make learners active participants, by challenging them to recall key information in relevant contexts; and • Prompt participants to identify risks and apply best practice in situations that could arise in real life on the job.
© IT Governance Ltd 2018 Example
© IT Governance Ltd 2018 Monitoring Progress & Measuring Success
© IT Governance Ltd 2018 Continual monitoring of progress will ensure that everyone has achieved the required level of knowledge, understanding and engagement. Evaluation
© IT Governance Ltd 2018 Example
© IT Governance Ltd 2018 Once the programme is finished, it is important to ensure that security remains at the forefront of individuals’ minds. Continuous Reinforcement
© IT Governance Ltd 2018 Useful References
© IT Governance Ltd 2018 Useful References • IT Governance: www.itgovernance.co.uk/blog# • CIPD website: www.cipd.co.uk/ • WFPMA website: www.wfpma.com/ • PWC: www.pwc.com/gx/en/services/audit-assurance/risk- assurance/game-changers/culture-behaviours.html • HP Enterprise: www.riscs.org.uk/wp- content/uploads/2015/12/Awareness-is-Only-the-First-Step.pdf
© IT Governance Ltd 2018 Conclusion & Your Turn! Q&A
© IT Governance Ltd 2018 Conclusion
© IT Governance Ltd 2018 Call us +44 (0)333 800 7000 Email us servicecentre@itgovernance.co.uk Visit our website www.itgovernance.co.uk Like us on Facebook /ITGovernanceLtd Follow us on Twitter /itgovernance Join us on LinkedIn /company/it-governance Read our blog www.itgovernance.co.uk/blog Stay in touch!
© IT Governance Ltd 2018 Queries? Understanding? Clarification? Your Turn!

Empfohlen

Soc
SocSoc
Soc
Mukesh Chaudhari
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
Security Culture
Security CultureSecurity Culture
Security Culture
PLN9 Security Services Pvt. Ltd.
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
technakama
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
Amir Hossein Zargaran
 
Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001
Yerlin Sturdivant
 
Adarsh Resume ISO27001
Adarsh Resume ISO27001Adarsh Resume ISO27001
Adarsh Resume ISO27001
Adarsh HIRENALLUR
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
PECB
 

Empfohlen

Soc
SocSoc
Soc
Mukesh Chaudhari
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
Security Culture
Security CultureSecurity Culture
Security Culture
PLN9 Security Services Pvt. Ltd.
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
technakama
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
Amir Hossein Zargaran
 
Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001
Yerlin Sturdivant
 
Adarsh Resume ISO27001
Adarsh Resume ISO27001Adarsh Resume ISO27001
Adarsh Resume ISO27001
Adarsh HIRENALLUR
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
PECB
 
Integrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptxIntegrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptx
ControlCase
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
Tudor Damian
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
Ãsħâr Ãâlâm
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for Businesses
Alex Rudie
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
The Open Group SA
 
Cobit itil and iso 27001 mapping
Cobit itil and iso 27001 mappingCobit itil and iso 27001 mapping
Cobit itil and iso 27001 mapping
Muhammad Aslam
 
ISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptxISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptx
foram74
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
PECB
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
NQA
 
IT governance and Information System Security
IT governance and Information System SecurityIT governance and Information System Security
IT governance and Information System Security
CSSRL PUNE
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT management
Christian F. Nissen
 
Cisa domain 3
Cisa domain 3Cisa domain 3
Cisa domain 3
ShivamSharma909
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
Imran Ahmed
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance Framework
Sherri Booher
 
GDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardGDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on board
IT Governance Ltd
 
Creating an effective cyber security awareness programme
Creating an effective cyber security awareness programmeCreating an effective cyber security awareness programme
Creating an effective cyber security awareness programme
IT Governance Ltd
 

Weitere ähnliche Inhalte

Was ist angesagt?

IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
Tudor Damian
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
PECB
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
NQA
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
 

Was ist angesagt? (20)

Integrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptxIntegrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptx
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for Businesses
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 
Cobit itil and iso 27001 mapping
Cobit itil and iso 27001 mappingCobit itil and iso 27001 mapping
Cobit itil and iso 27001 mapping
 
ISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptxISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptx
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
 
IT governance and Information System Security
IT governance and Information System SecurityIT governance and Information System Security
IT governance and Information System Security
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT management
 
Cisa domain 3
Cisa domain 3Cisa domain 3
Cisa domain 3
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance Framework
 

Ähnlich wie Staff awareness: developing a security culture

Critical Success Factors (CSFs) for Effective IT Governance Implementations
Critical Success Factors (CSFs) for Effective IT Governance ImplementationsCritical Success Factors (CSFs) for Effective IT Governance Implementations
Critical Success Factors (CSFs) for Effective IT Governance Implementations
Rachid Meziani, PhD, CGEIT, PMP
 

Ähnlich wie Staff awareness: developing a security culture (20)

GDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardGDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on board
 
Creating an effective cyber security awareness programme
Creating an effective cyber security awareness programmeCreating an effective cyber security awareness programme
Creating an effective cyber security awareness programme
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber Resilience
 
MAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCEMAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCE
 
Being digital: Fast-forward to the right digital strategy
Being digital: Fast-forward to the right digital strategyBeing digital: Fast-forward to the right digital strategy
Being digital: Fast-forward to the right digital strategy
 
IT Risk assessment and Audit Planning
IT Risk assessment and Audit PlanningIT Risk assessment and Audit Planning
IT Risk assessment and Audit Planning
 
[AIIM18] Does Your C-Suite Care about Information Governance? They will if yo...
[AIIM18] Does Your C-Suite Care about Information Governance? They will if yo...[AIIM18] Does Your C-Suite Care about Information Governance? They will if yo...
[AIIM18] Does Your C-Suite Care about Information Governance? They will if yo...
 
How To Set Security Awareness Strategic Goals, KPIs and Metrics
How To Set Security Awareness Strategic Goals, KPIs and MetricsHow To Set Security Awareness Strategic Goals, KPIs and Metrics
How To Set Security Awareness Strategic Goals, KPIs and Metrics
 
Webinar for May 2020 - Putting people skills and cultural change at the heart...
Webinar for May 2020 - Putting people skills and cultural change at the heart...Webinar for May 2020 - Putting people skills and cultural change at the heart...
Webinar for May 2020 - Putting people skills and cultural change at the heart...
 
CGI Final
CGI FinalCGI Final
CGI Final
 
It Governance in time of Covid-19
It Governance in time of Covid-19It Governance in time of Covid-19
It Governance in time of Covid-19
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
 
Agile and Risk Management: How Agile Becomes Risky Business
Agile and Risk Management: How Agile Becomes Risky BusinessAgile and Risk Management: How Agile Becomes Risky Business
Agile and Risk Management: How Agile Becomes Risky Business
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
Critical Success Factors (CSFs) for Effective IT Governance Implementations
Critical Success Factors (CSFs) for Effective IT Governance ImplementationsCritical Success Factors (CSFs) for Effective IT Governance Implementations
Critical Success Factors (CSFs) for Effective IT Governance Implementations
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016
 
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
 
Practical Use Case for Lean IT Kaizen
Practical Use Case for Lean IT KaizenPractical Use Case for Lean IT Kaizen
Practical Use Case for Lean IT Kaizen
 
Executive's Handbook on IT Strategy and Governance
Executive's Handbook on IT Strategy and GovernanceExecutive's Handbook on IT Strategy and Governance
Executive's Handbook on IT Strategy and Governance
 

Mehr von IT Governance Ltd

GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
IT Governance Ltd
 
NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...
IT Governance Ltd
 

Mehr von IT Governance Ltd (20)

GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
 
Business Continuity Management: How to get started
Business Continuity Management: How to get startedBusiness Continuity Management: How to get started
Business Continuity Management: How to get started
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
 
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR
 
Risk assessments and applying organisational controls for GDPR compliance
Risk assessments and applying organisational controls for GDPR complianceRisk assessments and applying organisational controls for GDPR compliance
Risk assessments and applying organisational controls for GDPR compliance
 
The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...
 
Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...
 
The first steps towards GDPR compliance 
The first steps towards GDPR compliance The first steps towards GDPR compliance 
The first steps towards GDPR compliance 
 
Data transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRData transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPR
 
The GDPR’s impact on your business and preparing for compliance
The GDPR’s impact on your business and preparing for complianceThe GDPR’s impact on your business and preparing for compliance
The GDPR’s impact on your business and preparing for compliance
 
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
 
Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...
 
NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...
 
Revising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRRevising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPR
 
Privacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failingPrivacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failing
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketing
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR
 
Appointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPRAppointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPR
 
GDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud ProvidersGDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud Providers
 

Kürzlich hochgeladen

Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
uneakwhite
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptx
Roofing Contractor
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
daisycvs
 
Cracking the 'Career Pathing' Slideshare
Cracking the 'Career Pathing' SlideshareCracking the 'Career Pathing' Slideshare
Cracking the 'Career Pathing' Slideshare
Workforce Group
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
pr788182
 

Kürzlich hochgeladen (20)

Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
Buy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail AccountsBuy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail Accounts
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
Pre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptxPre Engineered Building Manufacturers Hyderabad.pptx
Pre Engineered Building Manufacturers Hyderabad.pptx
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
Cracking the 'Career Pathing' Slideshare
Cracking the 'Career Pathing' SlideshareCracking the 'Career Pathing' Slideshare
Cracking the 'Career Pathing' Slideshare
 
Over the Top (OTT) Market Size & Growth Outlook 2024-2030
Over the Top (OTT) Market Size & Growth Outlook 2024-2030Over the Top (OTT) Market Size & Growth Outlook 2024-2030
Over the Top (OTT) Market Size & Growth Outlook 2024-2030
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
CROSS CULTURAL NEGOTIATION BY PANMISEM NS
CROSS CULTURAL NEGOTIATION BY PANMISEM NSCROSS CULTURAL NEGOTIATION BY PANMISEM NS
CROSS CULTURAL NEGOTIATION BY PANMISEM NS
 
BeMetals Investor Presentation_May 3, 2024.pdf
BeMetals Investor Presentation_May 3, 2024.pdfBeMetals Investor Presentation_May 3, 2024.pdf
BeMetals Investor Presentation_May 3, 2024.pdf
 
HomeRoots Pitch Deck | Investor Insights | April 2024
HomeRoots Pitch Deck | Investor Insights | April 2024HomeRoots Pitch Deck | Investor Insights | April 2024
HomeRoots Pitch Deck | Investor Insights | April 2024
 
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdf
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdfTVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdf
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdf
 
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
 
Arti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdfArti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdf
 
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
 

Staff awareness: developing a security culture

  • 1. © IT Governance Ltd 2018 Presenter:StefanieRetfalvi,LearningDesign&SolutionsConsultant,ITGovernance Staff Awareness: Developing a Security Culture
  • 2. © IT Governance Ltd 2018 Agenda 01 02 03 04 06 07 ? Q&A 05 Cyber Security Awareness Programme Staff Awareness: Creatinga SecurityCulture
  • 3. About IT Governance & Introduction
  • 4. © IT Governance Ltd 2018 About IT Governance
  • 5. © IT Governance Ltd 2018 Introduction • Stefanie Ildiko RETFALVI • Learning Design & Solutions Consultant • International cross-sectorexperience
  • 6. © IT Governance Ltd 2018 Why Staff Awareness matters
  • 7. © IT Governance Ltd 2018 ISO 27001 7 Support Persons doing work under the organization’s control shall be aware of: a) the information security policy; b) their contribution to the effectiveness of the information security management system, including the benefits of improved information security performance; and c) the implications of not conforming with the information security management system requirements.
  • 8. © IT Governance Ltd 2018 GDPR Article 39 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;
  • 9. © IT Governance Ltd 2018 Why it matters ICO Publication: “Preparing for the General Data Protection Regulation (GDPR) - 12 steps to take now.”
  • 10. © IT Governance Ltd 2018 • Learner fatigue. • Stronger defencee against threats / lower risk thanks to increased awareness. • Best ROI due to risk matrix and prioritisation; • Credibility and trust. • Empowering of employees to make informed decisions (size of security function = as large as the organisation). • The consequences of non-compliance. More than just Compliance
  • 11. © IT Governance Ltd 2018 Assessing your Culture
  • 12. © IT Governance Ltd 2018 Setting off on your Journey to a Culture of Security Awareness ‘Are we there yet?’
  • 13. © IT Governance Ltd 2018 Identifying Problems Identifying common drivers for resistance or gaps in understanding is the first step to gaining organisation-wide buy-in.
  • 14. © IT Governance Ltd 2018 Common Challenges
  • 15. © IT Governance Ltd 2018 Security & Mindset • Viewed as hindering productivity • Perceived as dry and/or overwhelming • Other misconceptions
  • 16. © IT Governance Ltd 2018 Quality & Compliance Learning & Development & Internal Communications
  • 17. © IT Governance Ltd 2018 Generating a Culture Shift
  • 18. © IT Governance Ltd 2018 Security affects Everyone • C-suite, senior management buy-in (leading by example) • DPOs, CISOs, CIOs • Business process owners • HR, Change Management, Internal Comms • Organisation-wide buy-in
  • 19. © IT Governance Ltd 2018 • Understand your audience(s) • Align your strategy and your culture • Make use of proven engagement techniques • Be opportunistic Planning Change
  • 20. © IT Governance Ltd 2018 Implementing a Security Awareness Programme It is important to offer a modern mix of different security-focused learning and communications tools to address individuals’ diverse needs and preferences.
  • 21. © IT Governance Ltd 2018 To attain the highest levels of employee engagement, it is important to generate personal investment and motivation for adopting best practice. Gaining organisation-wide Buy-in
  • 22. © IT Governance Ltd 2018 Example
  • 23. © IT Governance Ltd 2018 Delivering Knowledge For optimal knowledge retention, information needs to be clear, accessible and easy to digest.
  • 24. © IT Governance Ltd 2018 Example
  • 25. © IT Governance Ltd 2018 Encouraging Knowledge Transfer to the Workplace It is not enough to know what best practice involves. Employees need to apply their obtained knowledge in their everyday activities.
  • 26. © IT Governance Ltd 2018 Sample Solution These should: • Be meaningful, encouraging deep reflection and the transfer of acquired knowledge to the workplace; • Make learners active participants, by challenging them to recall key information in relevant contexts; and • Prompt participants to identify risks and apply best practice in situations that could arise in real life on the job.
  • 27. © IT Governance Ltd 2018 Example
  • 28. © IT Governance Ltd 2018 Monitoring Progress & Measuring Success
  • 29. © IT Governance Ltd 2018 Continual monitoring of progress will ensure that everyone has achieved the required level of knowledge, understanding and engagement. Evaluation
  • 30. © IT Governance Ltd 2018 Example
  • 31. © IT Governance Ltd 2018 Once the programme is finished, it is important to ensure that security remains at the forefront of individuals’ minds. Continuous Reinforcement
  • 32. © IT Governance Ltd 2018 Useful References
  • 33. © IT Governance Ltd 2018 Useful References • IT Governance: www.itgovernance.co.uk/blog# • CIPD website: www.cipd.co.uk/ • WFPMA website: www.wfpma.com/ • PWC: www.pwc.com/gx/en/services/audit-assurance/risk- assurance/game-changers/culture-behaviours.html • HP Enterprise: www.riscs.org.uk/wp- content/uploads/2015/12/Awareness-is-Only-the-First-Step.pdf
  • 34. © IT Governance Ltd 2018 Conclusion & Your Turn! Q&A
  • 35. © IT Governance Ltd 2018 Conclusion
  • 36. © IT Governance Ltd 2018 Call us +44 (0)333 800 7000 Email us servicecentre@itgovernance.co.uk Visit our website www.itgovernance.co.uk Like us on Facebook /ITGovernanceLtd Follow us on Twitter /itgovernance Join us on LinkedIn /company/it-governance Read our blog www.itgovernance.co.uk/blog Stay in touch!
  • 37. © IT Governance Ltd 2018 Queries? Understanding? Clarification? Your Turn!