Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Cyber Security Awareness

2.260 Aufrufe

Veröffentlicht am

Cyber Security Awareness introduction. Why is Cyber Security important? What do I have to do to protect me from Cyber attacks? How to create a IT Security Awareness Plan ?

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

Cyber Security Awareness

  1. 1. Cyber Security Awareness Ramiro Cid | @ramirocid ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
  2. 2. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 2 Index 1. Introduction to Cyber Security Page 3 2. Why is Cyber Security important? Page 4 3. What do I have to do to protect me from Cyber attacks? Page 5 4. How to create a IT Security Awareness Plan ? Page 7 5. Sources used and webs to expand knowledge Page 11
  3. 3. Introduction to Cyber Security Cybersecurity, also known as “IT security” or “Computer security” is information security applied to computing devices such as servers, computers and mobile devices (as smartphones, tablets), etc., as well as computer networks such as private and public networks, including the whole Internet. Network outages, data compromised by hackers, social attacks, computer viruses and other security incidents could affect our lives in ways that range from inconvenient to life-threatening. As the number of mobile users and devices, web applications and data networks increase, so do the opportunities for exploitation. The field covers all the processes and mechanisms by which digital equipment, information and services are protected from unintended or unauthorized access, change or destruction, and is of growing importance in line with the increasing reliance on computer systems of most societies worldwide. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
  4. 4. Why is Cyber Security important? Governments, military, private corporations, financial institutions, hospitals and other businesses collect, process and store a great deal of confidential information on computers and transmit that data across their networks (using also external suppliers and customers networks too) to send their data to other computers. With the growing volume and sophistication of cyber attacks, ongoing attention is required to protect sensitive business and personal information, as well as safeguard national security and personal data. Nowadays, the nation's top intelligence officials warned that cyber attacks and digital spying are the top threat to national security, eclipsing terrorism. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
  5. 5. What do I have to do to protect me from Cyber attacks? • Common sense (the less common of the senses) is something we have to use (in addition of Best Practices about IT Security off course) but not always people use it properly. • There are different countermeasures in relation of the asset to protect against different vulnerabilities which could affect it. Depends on the case you must use one or other. • In a corporate environment it is a good practice split the responsibilities between IT management and IT Security Management. Not always possible in small companies or areas. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
  6. 6. What do I have to do to protect me from Cyber attacks? • Companies which want to have a correct IT Security Awareness need to develop a plan to do the rollout of trainning about this awareness. • People is often the weak link in the chain in IT Security. The best technical security efforts will fail if their company has a weak security culture. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
  7. 7. How to create a IT Security Awareness Plan ? There are different ways to get it, now I will explain a way to do it: ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 1. C-Level support Awareness programs that obtain C-level support are more successful. Top Management has to give the support to this process. This support inevitably leads to more freedom, larger budgets and support from other departments. 2. Partnering with key departments Successful awareness programs found a way to involve other departments, such as legal, compliance, human resources, marketing, privacy and physical security.
  8. 8. How to create a IT Security Awareness Plan ? ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 3. Creativity Creativity is a must. While a large budget helps, companies with a small security awareness budget have still been able to establish successful programs. Creativity and enthusiasm can make up for a small budget. 4. Metrics One of the key factors in having a successful effort is being able to prove that your effort is successful. The only way to do this is to collect metrics prior to initiated new awareness efforts.
  9. 9. How to create a IT Security Awareness Plan ? ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 5. Department of how Awareness efforts that focus on how to accomplish actions are more successful than those that focus on telling people that they should not be doing things. 6. 90-day plans Most security awareness programs follow a one-year plan. Those plans also attempt to cover one topic a month. This is ineffective, as it does not reinforce knowledge, and does not allow for feedback or to account for ongoing events.
  10. 10. How to create a IT Security Awareness Plan ? 7. Multimodal awareness materials The most successful programs are not only creative; they rely on many forms of awareness materials. While there is a potential place for learning management system training modules, too many programs rely on them completely as an awareness program. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
  11. 11. Sources used and webs to expand knowledge “What is Cyber Security?” – UMUC | URL: http://www.umuc.edu/cybersecurity/about/cybersecurity-basics.cfm “IT Security Review: Privacy, Protection, Access Control, Assurance and System Security” URL: http://www.sersc.org/journals/IJMUE/vol2_no2_2007/2.pdf Wikipedia | URL: http://en.wikipedia.org/wiki/Computer_security “The 7 elements of a successful security awareness program” URL: http://www.csoonline.com/article/2133408/network-security/the-7-elements-of-a-successful-security-awareness-program.html “Why you shouldn't train employees for security awareness?” URL: http://www.csoonline.com/article/2131941/security-awareness/why-you-shouldn-t-train-employees-for-security-awareness.html “Ten commandments for effective security training” URL: http://www.csoonline.com/article/2131688/security-awareness/ten-commandments-for-effective-security-training.html ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
  12. 12. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid Questions ? Many thanks ! Ramiro Cid CISM, CGEIT, ISO 27001 LA, ISO 22301 LA, ITIL ramiro@ramirocid.com @ramirocid http://www.linkedin.com/in/ramirocid http://ramirocid.com http://es.slideshare.net/ramirocid http://www.youtube.com/user/cidramiro

×