PINAR AKKAYA - The Human Dimension

•

0 likes•830 views

Pinar AKKAYA

Human Aspect of Information Security > Presentation done on 12 October, 2011 E-Crime Event, Istanbul

Technology

> The Human
dimension
human aspect of information security

bad information security
means

bad company security

lost credibility

we must be sure that
we protect our data, our
commercial secrets, our assets
and our business transactions

YOU DO EVERYTHING TO
MAKE THIS HAPPEN
FOR SURE

but…

EMPLOYEES WORK WITH COMPANY DATA,
COMPANY SYSTEMS, THEY ARE IN TOUCH WITH
CLIENTS, SERVICES AND PRODUCTS.

THEY NEED TO UNDERSTAND THE BASIC
PRINCIPLES OF INFORMATION SECURITY.

Fact:
HUMAN ERROR IS THE
CAUSE OF 42% OF ALL
SECURITY BREACHES

ISC2 White Paper : Securing the Organizations: Creating A
Partnership Between HR and Information Security

Information security is one of
the biggest challenges a business faces today.

55% of 50% of

companies used respondents think that
their employees had
over 7 different little or even no
vendors to keep awareness of data
their network protection issues or
secure. corporate security policy.

Ref: Checkpoint Technologies&The Ponemon Institute Survey 2011 >>
2,400 IT security staff across the world

Do you know what these are?

123456

Password

iloveu

I mean…
The gap between you
guys
And your average
employee
is

HUGE

Paper, pen, letter
typewriter
computer
internet, e-mail
Web 2.0, social media
Virtual communities

People move…
Both in real and virtual world…
And they create risk!
With or without knowing it

A picture…
87,5% of large businesses have a security policy in place.

67% of the companies that give a high priority to security also had a security policy.

A big majority of companies take steps to raise awareness among employees.

More than 50% allow staff to access their systems remotely.

The proportion of businesses restricting internet access dropped by 50%.

Now only fewer than 10% gave no access to the internet.

Employees are increasingly being targeted by "social engineering" attacks.

Businesses are becoming more concerned about what was being said about them on
social networking sites.

More than 80% of large companies blocked access to inappropriate websites.

86% logged and monitored staff access to the internet.

Research by PWC UK , 2010

more exposure,
more action,
more knowhow sharing,
more interaction

The Return is big but
the Risk is big too

your employees
can fast become
the weakest link
in your information
security

changing employee behaviour
is the key
to improving information security.

Offer them a clear framework

EMAIL SECURITY
INTERNET SECURITY
DATA SECURITY
ASSETS SECURITY

Customize the access
according to the skills and
needs of the employees

customize the risk

But standardize your
policies

The worst way to
communicate a policy is
Publishing it

Educate, educate, educate:

have your employees build
the “awareness” muscle

Give people good habits

Create an awareness
culture:
let it be a dialogue

Make it simple,

make it fun,

make it participative

Prohibiting
Limiting
Banning
is not your key to success

trust

Hr & it partnership*

Does hr talk about these?

I am afraid not…

Legal base remains unclear too…

You have to be security
and policy mentor

Your employees have to be
security and policy literate

Your company has to be
security and policy fluent

get connected
E-mail:
pinar.akkaya.pa@gmail.com

LinkedIn:
http://tr.linkedin.com/in/pinarakkaya

Twitter: http://twitter.com/PINARAKKAYA
http://twitter.com/lifesocialmedia

http://tr.linkedin.com/groups/hrleadersturkey

What's hot

1. Augmenting Work with AI and Driving Adoption of Collaboration

Alan Hamilton

Cyber liability and cyber security

Helen Carpenter

Managing Cyber Risk: Are Companies Safeguarding Their Assets?

EMC

Allow is the New Block

Sean Dickson

Edelman Privacy Risk Index 2012

Edelman.ergo GmbH

Reaching the position of CEO inside a company is definitely one of the highest goals that a person can achieve, however the responsibilities that come together with this position are even higher. Generally speaking, a CEO should have work experience and general knowledge. In addition, a CEO should be a good communicator, be eager to develop and present a vision and a strategy for the company, motivate others, garner respect and have knowledge about entire management processes inside the company. However, no one can have a professional knowledge and be a master of everything; this is the reason why a CEO should be regularly informed over the company’s issues. The data of negotiated contracts, marketing plan decisions, new employees’ CVs, customers’ information, ideas, etc. All these information a CEO can receive on a daily bases. The value of these received data goes beyond the written words, especially nowadays when the breaches toward these data are constantly evolving together with its cost. The Ponemon Institute published the results of data breach for 2014. According to this institute, the average total cost of a data breach in 2014 was $3.5 million, 15 percent higher as compared to the previous year, and it is rising to $5.85 million for an organization in the United States.

Cybersecurity Actions for CEOs

PECB

In today’s environment, the need for organizations to enable secure remote access to corporate networks, enhance their online services, and open new opportunities for e-commerce is bringing ever-growing attention to the importance of securing user access and validating identities. In addition, the recent barrage of identity theft and corporate fraud cases has brought corporate responsibility and the protection of sensitive data to the spotlight. Consumer demands and compliance pressures bring organizations and institutions to search for new ways to strengthen their internal controls, authentication methods, and identity management practices. The message is clear – action is needed to stay ahead in the fast changing, security-conscious market.

Strong Authentication: Securing Identities and Enabling Business

SafeNet

True Drivers of MDM webinar

Kalido

Cloud security and cloud adoption public

John Mathon

Nexus It Group Resume Writing

tlinde

What people Analytics can't capture

FaisalAhmed312

All clear id_whitepaper__not_all_breaches_are_created_equal

Nicholas Cramer

Leveraging Human Factors for Effective Security Training, for ISSA Webinar Ma...

Jason Hong

Perception Gaps in Cyber Resilience: What Are Your Blind Spots?

Sarah Nirschl

Get Employees Invested In CyberSecurity

Scott Maurice

Business Objects Security

Sebastien Goiffon

When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...

GFI Software

Security Analytics for Certified Fraud Examiners

The Lorenzi Group

What's hot (18)

1. Augmenting Work with AI and Driving Adoption of Collaboration

Cyber liability and cyber security

Managing Cyber Risk: Are Companies Safeguarding Their Assets?

Allow is the New Block

Edelman Privacy Risk Index 2012

Cybersecurity Actions for CEOs

Strong Authentication: Securing Identities and Enabling Business

True Drivers of MDM webinar

Cloud security and cloud adoption public

Nexus It Group Resume Writing

What people Analytics can't capture

All clear id_whitepaper__not_all_breaches_are_created_equal

Leveraging Human Factors for Effective Security Training, for ISSA Webinar Ma...

Perception Gaps in Cyber Resilience: What Are Your Blind Spots?

Get Employees Invested In CyberSecurity

Business Objects Security

When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...

Security Analytics for Certified Fraud Examiners

Similar to PINAR AKKAYA - The Human Dimension

Three tools to reduce employee apathy

Stephen P. Abbey

Decoding Organizational DNA: Trust, Data and Unlocking Value in the Digital W...

Accenture Insurance

Rogers eBook Security

Rogers Communications

BBA 3551, Information Systems Management 1 Course Learning Outcomes for Unit VIII Upon completion of this unit, students should be able to: 3. Examine the importance of mobile systems and securing information and knowledge. Reading Assignment Chapter 12: Information Security Management Unit Lesson In the last unit, we discussed outsourcing, the functions and organization of the IS department, and user rights and responsibilities. In this final unit, we will focus on security threats to information systems. PRIDE and System Security PRIDE processes privacy settings on the server and returns a code that indicates which of the four privacy levels defined for PRIDE govern a particular individual with a particular report/data requestor. By processing settings on the server, those settings are not exposed to the Internet. The return code is, however, and the operational system should probably use https for both the code and to return the report. This was not done in the prototype, though. The relationship between patients and PRIDE participants is N:M. One patient has potentially many organizations, and an organization has potentially many patients. What this means is that a patient has a relationship, potentially, to many participants of a given type: many doctors, many health clubs, many insurance companies, and even many employers. In addition, a patient has a relationship to, potentially, many types of participants. Given the N:M relationships, a natural place to put privacy settings is in the intersection table. That table serves, intuitively, as an opacity filter between a given patient and a given doctor (or other person/organization). The tension in the dialog between Maggie and Ajit at the beginning of Chapter 12 regarding what terminology to use with Dr. Flores is intended to set up a discussion from both perspectives. It is a common problem for techies when talking with business professionals: How much technical language should I use? It is important to use enough to demonstrate competency, but not so much as to drown the businessperson in terminology. Using the Ethics Guide: Securing Privacy In this chapter, we discuss three categories of criteria for evaluating business actions and employee behaviors:  legal  ethical (categorical imperative or utilitarianism)  good business practice UNIT VIII STUDY GUIDE Information Security Management BBA 3551, Information Systems Management 2 We can clearly see the differences in these criteria with regard to data security. A doctor’s office that does not create systems to comply with HIPAA is violating the law. An e-commerce business that collects customer data and sells it to spammers is behaving unethically (by either ethical perspective). An e-commerce business that is lackadaisical about securing its customers data is engaging in poor business practices. Even still, business professionals today need t ...

BBA 3551, Information Systems Management 1 Course Lea.docx

aryan532920

Decoding Organizational DNA

accenture

Decoding Organizational DNA

accenture

Windstream Cloud Security Checklist

Ideba

5 Questions Executives Should Be Asking Their Security Teams

Arun Chinnaraju MBA, PMP, CSM, CSPO, SA

Organizational Security: When People are Involved

Social Media Performance Group

Microsoft DATA Protection To Put secure.

jayceewong1

The Trust Paradox: Access Management and Trust in an Insecure Age

EMC

What Small Business Can Do To Protect Themselves Now in Cybersecurity

Reading Works Detroit

1. Reply to Discussion ( Minimum 200 Words) 1. What types of ethical issues and information security issues are common in organizations? Ethical issues that companies are faced with is ensuring the proper use of the employee, user, and technological data that the company has in their possession. Some organizations have been known in the past to sell the data that the users provide them. This could be an ethical issue by selling the data that is trusted to the organization this falls under the ethical issue of confidentiality. Privacy is the issue of ensuring that the data is secured against attacks and hacker trying to obtain the data. Security issues include the organization developing policies and procedures that ensure the proper use and protection of the data the company has. To develop the policies and procedures a company can have their team look at the OWASP top ten on the OWASP website. (OWASP, 2017) This shows the top rated security issues that the company can employ to ensure the security of their data. 2. How can a company participating in e-business keep its information secure? A company can ensure that they are ad-hearing the OWASP TOP ten along with making sure that the work stations and servers are up to date with all current patches and anti-virus software. 3. In regards to the organization or company you have chosen to analyze this semester, what types of ethics and information security concerns are there in your organization? What recommendations would you make to the company to better secure their information? When it comes to recruiting service the data that we need to protect is extremely important we take care of a significant portion of the PII data. Ethical issues that come to though are how the government uses the data which could be used for personal gain or malicious purposes when it comes to the applicant. I think that giving the applicant the power to put their own information into a secure web site and then be allowed to transmit their own information for security clearance would allow the applicant and the air force to take the human element middle man out of the equation and can help mitigate the ethical issues that the organization is faced with. 1. What types of ethical issues and information security issues are common in organizations? Ethical issues that companies are faced with is ensuring the proper use of the employee, user, and technological data that the company has in their possession. Some organizations have been known in the past to sell the data that the users provide them. This could be an ethical issue by selling the data that is trusted to the organization this falls under the ethical issue of confidentiality. Privacy is the issue of ensuring that the data is secured against attacks and hacker trying to obtain the data. Security issues include the organization developing policies and procedures that ensure the proper use and protection of the data the company has. To develop the policies and p.

1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx

ambersalomon88660

Edelman Privacy Risk Index Powered by Ponemon

Edelman

Before you collaborate

Todd Nilson

The 10 Secret Codes of Security

Karina Elise

Top 6 things_small_businesses_q12015

anpapathanasiou

Assignmnt-700 words with 3 references Today, there is a crisis about organizations’ inability to resolve the age-old problem of how to control the abuse of trust and confidence given to authorized officials to freely logon onto the organization’s system, Many such officials , turn around to betray the organization by committing cybercrimes. Vulnerability stems from interactions and communications among several system components and categorized as deficiency, weakness and security cavity on network data center. To what extent do internal threats constitute a key factor against any organization’s ability to battle insider threats caused by people who abuse assigned privilege? What is the most effective mechanism for organizations to combat internal threats? Why should disgruntled employees must be trained on the danger of throwing wastepaper and electronic media in a bin within and outside the facility? Discussion: 400 words with 2 references Per Fennelly (2017-182), “Why do Employees steal?” employee stealing is a multiple part operation. Most organizations are often intolerant and impatient to verify employee’s identity and background and establish trust due to the time-consuming nature of daily assignments. Most organizations often ignore to establish and adopt on-board ecological waste management action plans to deal with discarded materials, shredded left-over documents and magnetic media and placing fragments in isolated location. Nonetheless, organizations must learn to support and train employers who are assigned to work and protect the organization data center, facilities and resources. Large segments of any organizations’ facility managers are often none-aggressive and choose short cuts in discharging assigned services by posting passwords on the screen and leaving confidential documents lying out on the table and uploading same document to associates, husbands, loved ones and competitors. Most authorized users within the organization are often the puniest linkage in any security operation. Per Fennelly (2017-182), “Why do Employees steal?” employee stealing is a multiple part operation. Disgruntled employees can install sniffers on organizations’ data file server via polite phone calls They can gain required user identification and password to access the organization’s secured data center. Most organization retain an employee on the same salary for twenty years and they pay new a newly hired employee the salary of the actively existing employee. Most organizations often ignore to establish and adopt on-board ecological waste management action plans to deal with discarded materials, shredded left-over documents and magnetic media and placing fragments in isolated location. .

Assignmnt-700 words with 3 referencesToday, there is a crisi.docx

normanibarber20063

Austin Bsides March 2016 Cyber Presentation

Expressworks International

Protecting the Core of Your Network

Mighty Guides, Inc.

Similar to PINAR AKKAYA - The Human Dimension (20)

Three tools to reduce employee apathy

Decoding Organizational DNA: Trust, Data and Unlocking Value in the Digital W...

Rogers eBook Security

BBA 3551, Information Systems Management 1 Course Lea.docx

Decoding Organizational DNA

Windstream Cloud Security Checklist

5 Questions Executives Should Be Asking Their Security Teams

Organizational Security: When People are Involved

Microsoft DATA Protection To Put secure.

The Trust Paradox: Access Management and Trust in an Insecure Age

What Small Business Can Do To Protect Themselves Now in Cybersecurity

1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx

Edelman Privacy Risk Index Powered by Ponemon

Before you collaborate

The 10 Secret Codes of Security

Top 6 things_small_businesses_q12015

Assignmnt-700 words with 3 referencesToday, there is a crisi.docx

Austin Bsides March 2016 Cyber Presentation

Protecting the Core of Your Network

Recently uploaded

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

What are drone anti-jamming systems? The drone anti-jamming systems and anti-spoof technology protect against interference, jamming, and spoofing of the UAVs. To protect their security, countries are beginning to research drone anti-jamming systems, also known as drone strike weapons. The anti-jam and anti-spoof technology protects against interference, jamming and spoofing. A drone strike weapon is a drone attack weapon that can attack and destroy enemy drones. So what is so unique about this amazing system?

What Are The Drone Anti-jamming Systems Technology?

Antenna Manufacturer Coco

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

[2024]Digital Global Overview Report 2024 Meltwater.pdf

hans926745

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

Real Time Object Detection Using Open CV

Khem

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Tech Trends Report 2024 Future Today Institute.pdf

hans926745

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

This presentation explores the impact of HTML injection attacks on web applications, detailing how attackers exploit vulnerabilities to inject malicious code into web pages. Learn about the potential consequences of such attacks and discover effective mitigation strategies to protect your web applications from HTML injection vulnerabilities. for more information visit https://bostoninstituteofanalytics.org/category/cyber-security-ethical-hacking/

HTML Injection Attacks: Impact and Mitigation Strategies

Boston Institute of Analytics

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

Recently uploaded (20)

🐬 The future of MySQL is Postgres 🐘

What Are The Drone Anti-jamming Systems Technology?

Exploring the Future Potential of AI-Enabled Smartphone Processors

[2024]Digital Global Overview Report 2024 Meltwater.pdf

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

How to Troubleshoot Apps for the Modern Connected Worker

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Real Time Object Detection Using Open CV

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Axa Assurance Maroc - Insurer Innovation Award 2024

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Tech Trends Report 2024 Future Today Institute.pdf

Tata AIG General Insurance Company - Insurer Innovation Award 2024

Data Cloud, More than a CDP by Matt Robison

2024: Domino Containers - The Next Step. News from the Domino Container commu...

HTML Injection Attacks: Impact and Mitigation Strategies

The 7 Things I Know About Cyber Security After 25 Years | April 2024

A Domino Admins Adventures (Engage 2024)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

PINAR AKKAYA - The Human Dimension

1. > The Human dimension human aspect of information security

2. Guess You’ll all agree with me that….

3. bad information security means bad company security lost credibility

4. we must be sure that we protect our data, our commercial secrets, our assets and our business transactions

5. YOU DO EVERYTHING TO MAKE THIS HAPPEN FOR SURE

6. but… EMPLOYEES WORK WITH COMPANY DATA, COMPANY SYSTEMS, THEY ARE IN TOUCH WITH CLIENTS, SERVICES AND PRODUCTS. THEY NEED TO UNDERSTAND THE BASIC PRINCIPLES OF INFORMATION SECURITY.

7. Fact: HUMAN ERROR IS THE CAUSE OF 42% OF ALL SECURITY BREACHES ISC2 White Paper : Securing the Organizations: Creating A Partnership Between HR and Information Security

8. Information security is one of the biggest challenges a business faces today. 55% of 50% of companies used respondents think that their employees had over 7 different little or even no vendors to keep awareness of data their network protection issues or secure. corporate security policy. Ref: Checkpoint Technologies&The Ponemon Institute Survey 2011 >> 2,400 IT security staff across the world

10. When does “an employee” becomes a RISK?

11. Do you know what these are? 123456 Password iloveu

12. I mean… The gap between you guys And your average employee is HUGE

13. Fact: We don’t know As much as you do

14. Paper, pen, letter typewriter computer internet, e-mail Web 2.0, social media Virtual communities

15. People move… Both in real and virtual world… And they create risk! With or without knowing it

16. A picture… 87,5% of large businesses have a security policy in place. 67% of the companies that give a high priority to security also had a security policy. A big majority of companies take steps to raise awareness among employees. More than 50% allow staff to access their systems remotely. The proportion of businesses restricting internet access dropped by 50%. Now only fewer than 10% gave no access to the internet. Employees are increasingly being targeted by "social engineering" attacks. Businesses are becoming more concerned about what was being said about them on social networking sites. More than 80% of large companies blocked access to inappropriate websites. 86% logged and monitored staff access to the internet. Research by PWC UK , 2010

17. more exposure, more action, more knowhow sharing, more interaction The Return is big but the Risk is big too

18. your employees can fast become the weakest link in your information security

19. changing employee behaviour is the key to improving information security.

20. The big how

21. Offer them a clear framework EMAIL SECURITY INTERNET SECURITY DATA SECURITY ASSETS SECURITY

22. Do you have policies? Why?

23. Customize the access according to the skills and needs of the employees customize the risk But standardize your policies

24. The worst way to communicate a policy is Publishing it

25. Educate, educate, educate: have your employees build the “awareness” muscle Give people good habits

26. Communicate your best practices

27. Create an awareness culture: let it be a dialogue

28. Make it formal: it is serious

29. Make it simple, make it fun, make it participative

30. Make it a management issue

31. Be fully proactive

32. Tell them Personal = professional

33. Prohibiting Limiting Banning is not your key to success trust

34. answer WIIFM?

35. Hr & it partnership* Does hr talk about these? I am afraid not… Legal base remains unclear too…

36. You have to be security and policy mentor Your employees have to be security and policy literate Your company has to be security and policy fluent

37. get connected E-mail: pinar.akkaya.pa@gmail.com LinkedIn: http://tr.linkedin.com/in/pinarakkaya Twitter: http://twitter.com/PINARAKKAYA http://twitter.com/lifesocialmedia http://tr.linkedin.com/groups/hrleadersturkey

PINAR AKKAYA - The Human Dimension

Recommended

Recommended

More Related Content

What's hot

What's hot (18)

Similar to PINAR AKKAYA - The Human Dimension

Similar to PINAR AKKAYA - The Human Dimension (20)

More from Pinar AKKAYA

More from Pinar AKKAYA (6)

Recently uploaded

Recently uploaded (20)

PINAR AKKAYA - The Human Dimension