SlideShare ist ein Scribd-Unternehmen logo

Security Awareness Training by HIMSS Louisiana Chapter

Als PPT, PDF herunterladen
Atlantic Training, LLC.
Atlantic Training, LLC.
BusinessTechnologie
1 von 30
“Securing the Unsecured” Security Awareness Training HIMSS Louisiana Chapter October 8, 2004
Agenda  Why  Who  What  When  Where and How  Tests for Understanding  Documentation Slide 2
Why Security Awareness Training  Regulatory/Corporate Compliance  Users Don’t Get It  It Can’t Happen Here Syndrome  Make Our Lives Easier  Goals of Security Awareness Training Slide 3
Why: Regulatory/Corporate Compliance  Sarbanes-Oxley • Requires companies to become more fiscally accountable  JCAHO • “To continuously improve the safety and quality of care provided to the public through the provision of health care accreditation and related services that support performance improvement in health care organizations. “  USA Patriot Act • Requires seeking, detecting, and reporting computer trespasses  HIPAA • Requires CIA of patients' private information Slide 4
Why: Users Don’t Get It  There’s nothing important on my computer  We have virus software so my computer is protected from everything  All threats are from the outside  It’s not my job/I’m too busy to worry about security  Technology provides full protection Slide 5
Why: It Can’t Happen Here Syndrome  Use Examples from Your Organization  Use Examples from Others: • • • • • • • • • Two years of research material lost with no backup Test results are changed Falsified ID is used to send threatening e-mail Employees running side business with our technology Hospital machines used as zombies for DDOS attacks Virus, worm, trojan infestations and attacks Illegal music downloading Online gaming IT equipment stolen Slide 6
Why: Make Our Lives Easier  Routine Helpdesk Calls are Reduced  Fewer Malicious Code Outbreaks  Lowers Data Restore Requests  Able to Focus on Projects  Users Feel Ownership  Users Think More Highly of IT  Less Time Spent Firefighting Slide 7
Goals of Security Awareness Training  Establish a knowledge baseline for the entire organization  Modifying user behavior helps the security team  Adds a human component to defense-in-depth  Securing people is at least as important as securing systems Slide 8
Who Needs Security Awareness Training  Employees  Non-employees Slide 9
Who: Employees  All Employees • Determine minimum level for everyone • Include volunteers, medical staff and administration  Department Champions • Find your IT want-to-bes • Use them to help smooth the path  Management • Make sure that they are not embarrassed • Provide justification for expenditures  IT Staff • Keep them fully informed Slide 10
Who: Non-employees  On-site • Volunteers • Medical Staff • Others  Remote • Medical Staff • Public • Support  Contract/Non-contract • Escort? Slide 11
What: Security Awareness Training  Most Common Mistakes  Training Topics  Acceptable Use Policy/Agreement Slide 12
What: Most Common Mistakes  Poor Password Management  Workstation Attached and Unattended  Malicious E-mail Attachments  Ineffective Anti-virus Software  Uncontrolled Laptops  Unreported Security Violations  Updates, Hot Fixes, Service Packs not Installed  Poor Perimeter Protection • Electronic • Physical Slide 13
What: Training Topics  Data Backup/Restore  Physical Security  Portables  Social Engineering  ID/Passwords  E-mail  Wireless  Malicious Software Slide 14
Data Backup/Restore  Users are responsible for communicating their needs  IT is responsible for making sure it happens • Included in IT procedures • Tools supplied to users Slide 15
Physical Security  Every User is an Extension of the Security Force  Lock Offices as Often as Practical  Restrict Open External Entrances  Technology • • • • Cameras Motion sensors Alarm systems Tags Slide 16
Portables  Favorite Target of Thieves  Less Likely to Draw Attention  Easily Hidden  “Turn” Fast at Pawn Shops and Online  Almost Always Contain “Sensitive” Data Slide 17
Social Engineering  “This is (manager, director, etc.) and I need…”  “This is Sue with the Help Desk and we are: • verifying your passwords…” • troubleshooting logon problems…” • got your (bogus) request to change your…”  E-mail Attachments  Dumpster Diving  Recover Data from Surplus Equipment/Media Slide 18
ID/Passwords  Users are responsible for what happens with their ID/password  If you HAVE to write them down treat the paper like a credit card  Change passwords if there is a possibility it has been compromised  Use complex passwords  The sanctions for not protecting login credentials are… Slide 19
From the University of Michigan Passwords Are Like Underwear:  Change yours often!  Don’t leave yours lying around!  The longer the more protection!  Don’t share yours with friends!  Be mysterious! Slide 20
E-Mail  E-mails Exist in Multiple Places  Deleting an Email from One Place Does Not Delete it from Anywhere Else  Be Aware of “bcc”  Spam Effects and Avoidance  Verify Attachments Before Opening  Don’t Send Confidential Information via Standard E-mail  E-mail Can be Forged Slide 21
Wireless  Don’t Plug in Your Own Wireless Access Point  Don’t Change the Secure Configuration: • To make it work with your home network • So it will connect in the airport • To access other facilities networks  Use a Wire When Available • Faster • More secure • Less competition for access point bandwidth Slide 22
Malicious Software  Leave Virus Protection and Firewall Programs Running  Check for or Allow Updates  Recognize Potential Malicious Activities: • • • • • Hard drive running when no programs are running Unusual or unexpected logon screens Boot up speed or sequence changes Performance degradation Returned e-mails  Others? Slide 23
What: Acceptable Use Policy/Agreement  Include All Security Topics  Templates and Examples are Available Online  Include in Training  Have Users Sign  May Include Confidentiality and Privacy Slide 24
When: Security Awareness Training  Prior to System/Facility Access • Require security training • Have Acceptable Use Policy; Confidentiality; Privacy and other agreements signed  Ongoing • • • • New Hire Reminder Annual Include security every chance  Non-employees Slide 25
Where and How: Security Awareness Training  Posters  Newsletters  Login Dialogue Boxes  E-mails  Display Tables  Contests  “Mystery Guest” Slide 26
Tests for Understanding  Positives • Proof that learning occurred • Program improvements  Negatives • Proof that learning did not occur • Handling the failures Slide 27
Documentation  Annual Plan  Who/What/When Matrix  Proof of Occurrence  Quality Review  Meeting Minutes Slide 28
From George Mason University S.E.C.U.R.E. I.T.  Simple (All users can implement these procedures)  Effective (Problems are solved by following procedures)  Concerned (All users should be concerned about security)  Useful (Procedures keep resources safe and available)  Responsibility (All users must follow the AUP)  Economical (Resources are protected and conserved)  Information (Confidentiality, integrity, accessibility)  Technology (Hardware is protected and preserved) Slide 29
Thank You Healthlink Incorporated 3800 Buffalo Speedway, Suite 550 Houston, TX . 77098 1.800.223.8956 claude.younger@healthlinkinc.com www.healthlinkinc.com

Empfohlen

IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalAtlantic Training, LLC.
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awarenesshubbargf
 
Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityAtlantic Training, LLC.
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...David Menken
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 

Empfohlen

IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalAtlantic Training, LLC.
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by FortinetAtlantic Training, LLC.
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awarenesshubbargf
 
Information Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityInformation Security Awareness Training by Wilfrid Laurier University
Information Security Awareness Training by Wilfrid Laurier UniversityAtlantic Training, LLC.
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...David Menken
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
GRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of usersGRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of usersJoel Cardella
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information SecurityKen Holmes
 
Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Michael Kaishar, MSIA | CISSP
 
Isa Prog Need L
Isa Prog Need LIsa Prog Need L
Isa Prog Need LR_Yanus
 
Information security awareness, middle management
Information security awareness, middle managementInformation security awareness, middle management
Information security awareness, middle managementhaneen Emeir, CISA, ISO27001
 
Raising information security awareness
Raising information security awarenessRaising information security awareness
Raising information security awarenessTerranovatraining
 
Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber Security Infotech
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness ProgramBill Gardner
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness courseAbdul Manaf Vellakodath
 
The need for effective information security awareness practices.
The need for effective information security awareness practices.The need for effective information security awareness practices.
The need for effective information security awareness practices.CAS
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Programdavidcurriecia
 
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handoutInformation security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handoutMarc Vael
 
Itsa end user 2013
Itsa end user 2013Itsa end user 2013
Itsa end user 2013salleh1n
 
How To Promote Security Awareness In Your Company
How To Promote Security Awareness In Your CompanyHow To Promote Security Awareness In Your Company
How To Promote Security Awareness In Your Companydanielblander
 
Executive Information Security Training
Executive Information Security TrainingExecutive Information Security Training
Executive Information Security TrainingAngela Samuels
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness Net at Work
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)Biswajit Bhattacharjee
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingKimberly Hood
 
Security Training and Threat Awareness by Pedraza
Security Training and Threat Awareness by PedrazaSecurity Training and Threat Awareness by Pedraza
Security Training and Threat Awareness by PedrazaAtlantic Training, LLC.
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 

Weitere ähnliche Inhalte

Was ist angesagt?

GRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of usersGRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of usersJoel Cardella
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information SecurityKen Holmes
 
Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Michael Kaishar, MSIA | CISSP
 
Isa Prog Need L
Isa Prog Need LIsa Prog Need L
Isa Prog Need LR_Yanus
 
Raising information security awareness
Raising information security awarenessRaising information security awareness
Raising information security awarenessTerranovatraining
 
Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber Security Infotech
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness ProgramBill Gardner
 
The need for effective information security awareness practices.
The need for effective information security awareness practices.The need for effective information security awareness practices.
The need for effective information security awareness practices.CAS
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Programdavidcurriecia
 
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handoutInformation security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handoutMarc Vael
 
Itsa end user 2013
Itsa end user 2013Itsa end user 2013
Itsa end user 2013salleh1n
 
How To Promote Security Awareness In Your Company
How To Promote Security Awareness In Your CompanyHow To Promote Security Awareness In Your Company
How To Promote Security Awareness In Your Companydanielblander
 
Executive Information Security Training
Executive Information Security TrainingExecutive Information Security Training
Executive Information Security TrainingAngela Samuels
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness Net at Work
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)Biswajit Bhattacharjee
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingKimberly Hood
 

Was ist angesagt? (20)

GRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of usersGRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of users
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
 
Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...
 
Isa Prog Need L
Isa Prog Need LIsa Prog Need L
Isa Prog Need L
 
Information security awareness, middle management
Information security awareness, middle managementInformation security awareness, middle management
Information security awareness, middle management
 
Raising information security awareness
Raising information security awarenessRaising information security awareness
Raising information security awareness
 
Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)
 
Building An Information Security Awareness Program
Building An Information Security Awareness ProgramBuilding An Information Security Awareness Program
Building An Information Security Awareness Program
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
 
The need for effective information security awareness practices.
The need for effective information security awareness practices.The need for effective information security awareness practices.
The need for effective information security awareness practices.
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handoutInformation security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
 
Itsa end user 2013
Itsa end user 2013Itsa end user 2013
Itsa end user 2013
 
How To Promote Security Awareness In Your Company
How To Promote Security Awareness In Your CompanyHow To Promote Security Awareness In Your Company
How To Promote Security Awareness In Your Company
 
Executive Information Security Training
Executive Information Security TrainingExecutive Information Security Training
Executive Information Security Training
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and Training
 

Andere mochten auch

Security Training and Threat Awareness by Pedraza
Security Training and Threat Awareness by PedrazaSecurity Training and Threat Awareness by Pedraza
Security Training and Threat Awareness by PedrazaAtlantic Training, LLC.
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness PresentationCristian Mihai
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security PresentationWajahat Rajab
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security pptLipsita Behera
 
Employee security awareness communication
Employee security awareness communicationEmployee security awareness communication
Employee security awareness communicationSnapComms
 
SnapComms for Security Awareness
SnapComms for Security AwarenessSnapComms for Security Awareness
SnapComms for Security AwarenessSnapComms
 
Trustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education CatalogTrustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education CatalogTrustwave
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Security training module
Security training moduleSecurity training module
Security training modulepagare_c
 
The Funny Thing About Information Security
The Funny Thing About Information SecurityThe Funny Thing About Information Security
The Funny Thing About Information SecuritySecurity BSides London
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1NetWatcher
 
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Netskope
 

Andere mochten auch (20)

Security Training and Threat Awareness by Pedraza
Security Training and Threat Awareness by PedrazaSecurity Training and Threat Awareness by Pedraza
Security Training and Threat Awareness by Pedraza
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security Presentation
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 
Employee security awareness communication
Employee security awareness communicationEmployee security awareness communication
Employee security awareness communication
 
SnapComms for Security Awareness
SnapComms for Security AwarenessSnapComms for Security Awareness
SnapComms for Security Awareness
 
Trustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education CatalogTrustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education Catalog
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
Security training module
Security training moduleSecurity training module
Security training module
 
The Funny Thing About Information Security
The Funny Thing About Information SecurityThe Funny Thing About Information Security
The Funny Thing About Information Security
 
Making Information Security Fun
Making Information Security FunMaking Information Security Fun
Making Information Security Fun
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1
 
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.
 
Ctpat
CtpatCtpat
Ctpat
 

Ähnlich wie Security Awareness Training by HIMSS Louisiana Chapter

Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19TechSoup
 
Security Awareness Training for Community Colleges 2009
Security Awareness Training for Community Colleges 2009Security Awareness Training for Community Colleges 2009
Security Awareness Training for Community Colleges 2009Donald E. Hester
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessNicholas Davis
 
Security Training: Making your weakest link the strongest - CircleCityCon 2017
Security Training: Making your weakest link the strongest - CircleCityCon 2017Security Training: Making your weakest link the strongest - CircleCityCon 2017
Security Training: Making your weakest link the strongest - CircleCityCon 2017Aaron Hnatiw
 
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01TechSoup
 
Cyber awareness ppt on the recorded data
Cyber awareness ppt on the recorded dataCyber awareness ppt on the recorded data
Cyber awareness ppt on the recorded dataTecnoIncentive
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxinfosec train
 
Small Business Administration Recommendations
Small Business Administration RecommendationsSmall Business Administration Recommendations
Small Business Administration RecommendationsMeg Weber
 
Users awarness programme for Online Privacy
Users awarness programme for Online PrivacyUsers awarness programme for Online Privacy
Users awarness programme for Online PrivacyKazi Sarwar Hossain
 
Course Tech 2013, Mark Ciampa, Helping Students Stay Secure
Course Tech 2013, Mark Ciampa, Helping Students Stay SecureCourse Tech 2013, Mark Ciampa, Helping Students Stay Secure
Course Tech 2013, Mark Ciampa, Helping Students Stay SecureCengage Learning
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Web Security Overview
Web Security OverviewWeb Security Overview
Web Security OverviewNoah Jaehnert
 
Jisc e safety presentation AoC 2014
Jisc e safety presentation AoC 2014Jisc e safety presentation AoC 2014
Jisc e safety presentation AoC 2014Jisc
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Hannah Jane del Castillo
 
Et5083 module 3 application ppt
Et5083 module 3 application pptEt5083 module 3 application ppt
Et5083 module 3 application pptswahl123
 
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...Security Innovation
 

Ähnlich wie Security Awareness Training by HIMSS Louisiana Chapter (20)

Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19Webinar - Compliance with the Microsoft Cloud- 2017-04-19
Webinar - Compliance with the Microsoft Cloud- 2017-04-19
 
Security Awareness Training for Community Colleges 2009
Security Awareness Training for Community Colleges 2009Security Awareness Training for Community Colleges 2009
Security Awareness Training for Community Colleges 2009
 
Security, Devices and Education
Security, Devices and EducationSecurity, Devices and Education
Security, Devices and Education
 
Assessing Your security
Assessing Your securityAssessing Your security
Assessing Your security
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your Business
 
Security Training: Making your weakest link the strongest - CircleCityCon 2017
Security Training: Making your weakest link the strongest - CircleCityCon 2017Security Training: Making your weakest link the strongest - CircleCityCon 2017
Security Training: Making your weakest link the strongest - CircleCityCon 2017
 
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
Webinar - Keep Your Connected Nonprofit or Library Secure - 2015-10-01
 
Cyber awareness ppt on the recorded data
Cyber awareness ppt on the recorded dataCyber awareness ppt on the recorded data
Cyber awareness ppt on the recorded data
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
 
Small Business Administration Recommendations
Small Business Administration RecommendationsSmall Business Administration Recommendations
Small Business Administration Recommendations
 
Users awarness programme for Online Privacy
Users awarness programme for Online PrivacyUsers awarness programme for Online Privacy
Users awarness programme for Online Privacy
 
Course Tech 2013, Mark Ciampa, Helping Students Stay Secure
Course Tech 2013, Mark Ciampa, Helping Students Stay SecureCourse Tech 2013, Mark Ciampa, Helping Students Stay Secure
Course Tech 2013, Mark Ciampa, Helping Students Stay Secure
 
8._safety_and_security.pdf
8._safety_and_security.pdf8._safety_and_security.pdf
8._safety_and_security.pdf
 
Team black
Team blackTeam black
Team black
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Web Security Overview
Web Security OverviewWeb Security Overview
Web Security Overview
 
Jisc e safety presentation AoC 2014
Jisc e safety presentation AoC 2014Jisc e safety presentation AoC 2014
Jisc e safety presentation AoC 2014
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)
 
Et5083 module 3 application ppt
Et5083 module 3 application pptEt5083 module 3 application ppt
Et5083 module 3 application ppt
 
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
 

Mehr von Atlantic Training, LLC.

Stress and Worker Safety by Pennsylvania L&I
Stress and Worker Safety by Pennsylvania L&IStress and Worker Safety by Pennsylvania L&I
Stress and Worker Safety by Pennsylvania L&IAtlantic Training, LLC.
 
Workplace Harassment Prevention by UT EAP
Workplace Harassment Prevention by UT EAPWorkplace Harassment Prevention by UT EAP
Workplace Harassment Prevention by UT EAPAtlantic Training, LLC.
 
Preventing Falls, Slips and Trips by MGSU
Preventing Falls, Slips and Trips by MGSUPreventing Falls, Slips and Trips by MGSU
Preventing Falls, Slips and Trips by MGSUAtlantic Training, LLC.
 
Preventing Workplace Harassment by Pennsylvania L&I
Preventing Workplace Harassment by Pennsylvania L&IPreventing Workplace Harassment by Pennsylvania L&I
Preventing Workplace Harassment by Pennsylvania L&IAtlantic Training, LLC.
 
Warehouses In Emergencies by WFP Logistics
Warehouses In Emergencies by WFP LogisticsWarehouses In Emergencies by WFP Logistics
Warehouses In Emergencies by WFP LogisticsAtlantic Training, LLC.
 
Sexual Harassment in the Workplace Training by Shumaker
Sexual Harassment in the Workplace Training by ShumakerSexual Harassment in the Workplace Training by Shumaker
Sexual Harassment in the Workplace Training by ShumakerAtlantic Training, LLC.
 
New Employee Safety Orientation by Oregon State University
New Employee Safety Orientation by Oregon State UniversityNew Employee Safety Orientation by Oregon State University
New Employee Safety Orientation by Oregon State UniversityAtlantic Training, LLC.
 

Mehr von Atlantic Training, LLC. (20)

Wellness for Supervisors by SWOSU
Wellness for Supervisors by SWOSUWellness for Supervisors by SWOSU
Wellness for Supervisors by SWOSU
 
Workplace Wellness by PHA
Workplace Wellness by PHAWorkplace Wellness by PHA
Workplace Wellness by PHA
 
Stress Management Training by SG
Stress Management Training by SGStress Management Training by SG
Stress Management Training by SG
 
Stress Management Training by SW
Stress Management Training by SWStress Management Training by SW
Stress Management Training by SW
 
Stress and Worker Safety by Pennsylvania L&I
Stress and Worker Safety by Pennsylvania L&IStress and Worker Safety by Pennsylvania L&I
Stress and Worker Safety by Pennsylvania L&I
 
Respectful Workplace by RDTC
Respectful Workplace by RDTCRespectful Workplace by RDTC
Respectful Workplace by RDTC
 
Workplace Harassment by CLGW
Workplace Harassment by CLGWWorkplace Harassment by CLGW
Workplace Harassment by CLGW
 
Workplace Harassment Prevention by UT EAP
Workplace Harassment Prevention by UT EAPWorkplace Harassment Prevention by UT EAP
Workplace Harassment Prevention by UT EAP
 
Welding Safety by Pennsylvania L&I
Welding Safety by Pennsylvania L&IWelding Safety by Pennsylvania L&I
Welding Safety by Pennsylvania L&I
 
Slips Trips & Falls Training by Signal
Slips Trips & Falls Training by SignalSlips Trips & Falls Training by Signal
Slips Trips & Falls Training by Signal
 
Preventing Falls, Slips and Trips by MGSU
Preventing Falls, Slips and Trips by MGSUPreventing Falls, Slips and Trips by MGSU
Preventing Falls, Slips and Trips by MGSU
 
Preventing Workplace Harassment by Pennsylvania L&I
Preventing Workplace Harassment by Pennsylvania L&IPreventing Workplace Harassment by Pennsylvania L&I
Preventing Workplace Harassment by Pennsylvania L&I
 
Warehouses In Emergencies by WFP Logistics
Warehouses In Emergencies by WFP LogisticsWarehouses In Emergencies by WFP Logistics
Warehouses In Emergencies by WFP Logistics
 
Prevention of Sexual Harassment by USMC
Prevention of Sexual Harassment by USMCPrevention of Sexual Harassment by USMC
Prevention of Sexual Harassment by USMC
 
Sexual Harassment by DEOMI
Sexual Harassment by DEOMISexual Harassment by DEOMI
Sexual Harassment by DEOMI
 
Sexual Harassment in the Workplace Training by Shumaker
Sexual Harassment in the Workplace Training by ShumakerSexual Harassment in the Workplace Training by Shumaker
Sexual Harassment in the Workplace Training by Shumaker
 
Sexual Harassment Training by NAP
Sexual Harassment Training by NAPSexual Harassment Training by NAP
Sexual Harassment Training by NAP
 
Scaffolds Training by Pennsylvania L&I
Scaffolds Training by Pennsylvania L&IScaffolds Training by Pennsylvania L&I
Scaffolds Training by Pennsylvania L&I
 
Supervision
SupervisionSupervision
Supervision
 
New Employee Safety Orientation by Oregon State University
New Employee Safety Orientation by Oregon State UniversityNew Employee Safety Orientation by Oregon State University
New Employee Safety Orientation by Oregon State University
 

Kürzlich hochgeladen

Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy Verified Accounts
 
Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchirictsugar
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCRashishs7044
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...ictsugar
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Pereraictsugar
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...ssuserf63bd7
 
India Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportIndia Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportMintel Group
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Anamaria Contreras
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMVoces Mineras
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionMintel Group
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckHajeJanKamps
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationAnamaria Contreras
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
IoT Insurance Observatory: summary 2024
IoT Insurance Observatory: summary 2024IoT Insurance Observatory: summary 2024
IoT Insurance Observatory: summary 2024Matteo Carbone
 

Kürzlich hochgeladen (20)

Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail Accounts
 
Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchir
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Perera
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...
 
India Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportIndia Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample Report
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQM
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted Version
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement Presentation
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 Edition
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
IoT Insurance Observatory: summary 2024
IoT Insurance Observatory: summary 2024IoT Insurance Observatory: summary 2024
IoT Insurance Observatory: summary 2024
 
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
 

Security Awareness Training by HIMSS Louisiana Chapter

  • 1. “Securing the Unsecured” Security Awareness Training HIMSS Louisiana Chapter October 8, 2004
  • 2. Agenda  Why  Who  What  When  Where and How  Tests for Understanding  Documentation Slide 2
  • 3. Why Security Awareness Training  Regulatory/Corporate Compliance  Users Don’t Get It  It Can’t Happen Here Syndrome  Make Our Lives Easier  Goals of Security Awareness Training Slide 3
  • 4. Why: Regulatory/Corporate Compliance  Sarbanes-Oxley • Requires companies to become more fiscally accountable  JCAHO • “To continuously improve the safety and quality of care provided to the public through the provision of health care accreditation and related services that support performance improvement in health care organizations. “  USA Patriot Act • Requires seeking, detecting, and reporting computer trespasses  HIPAA • Requires CIA of patients' private information Slide 4
  • 5. Why: Users Don’t Get It  There’s nothing important on my computer  We have virus software so my computer is protected from everything  All threats are from the outside  It’s not my job/I’m too busy to worry about security  Technology provides full protection Slide 5
  • 6. Why: It Can’t Happen Here Syndrome  Use Examples from Your Organization  Use Examples from Others: • • • • • • • • • Two years of research material lost with no backup Test results are changed Falsified ID is used to send threatening e-mail Employees running side business with our technology Hospital machines used as zombies for DDOS attacks Virus, worm, trojan infestations and attacks Illegal music downloading Online gaming IT equipment stolen Slide 6
  • 7. Why: Make Our Lives Easier  Routine Helpdesk Calls are Reduced  Fewer Malicious Code Outbreaks  Lowers Data Restore Requests  Able to Focus on Projects  Users Feel Ownership  Users Think More Highly of IT  Less Time Spent Firefighting Slide 7
  • 8. Goals of Security Awareness Training  Establish a knowledge baseline for the entire organization  Modifying user behavior helps the security team  Adds a human component to defense-in-depth  Securing people is at least as important as securing systems Slide 8
  • 9. Who Needs Security Awareness Training  Employees  Non-employees Slide 9
  • 10. Who: Employees  All Employees • Determine minimum level for everyone • Include volunteers, medical staff and administration  Department Champions • Find your IT want-to-bes • Use them to help smooth the path  Management • Make sure that they are not embarrassed • Provide justification for expenditures  IT Staff • Keep them fully informed Slide 10
  • 11. Who: Non-employees  On-site • Volunteers • Medical Staff • Others  Remote • Medical Staff • Public • Support  Contract/Non-contract • Escort? Slide 11
  • 12. What: Security Awareness Training  Most Common Mistakes  Training Topics  Acceptable Use Policy/Agreement Slide 12
  • 13. What: Most Common Mistakes  Poor Password Management  Workstation Attached and Unattended  Malicious E-mail Attachments  Ineffective Anti-virus Software  Uncontrolled Laptops  Unreported Security Violations  Updates, Hot Fixes, Service Packs not Installed  Poor Perimeter Protection • Electronic • Physical Slide 13
  • 14. What: Training Topics  Data Backup/Restore  Physical Security  Portables  Social Engineering  ID/Passwords  E-mail  Wireless  Malicious Software Slide 14
  • 15. Data Backup/Restore  Users are responsible for communicating their needs  IT is responsible for making sure it happens • Included in IT procedures • Tools supplied to users Slide 15
  • 16. Physical Security  Every User is an Extension of the Security Force  Lock Offices as Often as Practical  Restrict Open External Entrances  Technology • • • • Cameras Motion sensors Alarm systems Tags Slide 16
  • 17. Portables  Favorite Target of Thieves  Less Likely to Draw Attention  Easily Hidden  “Turn” Fast at Pawn Shops and Online  Almost Always Contain “Sensitive” Data Slide 17
  • 18. Social Engineering  “This is (manager, director, etc.) and I need…”  “This is Sue with the Help Desk and we are: • verifying your passwords…” • troubleshooting logon problems…” • got your (bogus) request to change your…”  E-mail Attachments  Dumpster Diving  Recover Data from Surplus Equipment/Media Slide 18
  • 19. ID/Passwords  Users are responsible for what happens with their ID/password  If you HAVE to write them down treat the paper like a credit card  Change passwords if there is a possibility it has been compromised  Use complex passwords  The sanctions for not protecting login credentials are… Slide 19
  • 20. From the University of Michigan Passwords Are Like Underwear:  Change yours often!  Don’t leave yours lying around!  The longer the more protection!  Don’t share yours with friends!  Be mysterious! Slide 20
  • 21. E-Mail  E-mails Exist in Multiple Places  Deleting an Email from One Place Does Not Delete it from Anywhere Else  Be Aware of “bcc”  Spam Effects and Avoidance  Verify Attachments Before Opening  Don’t Send Confidential Information via Standard E-mail  E-mail Can be Forged Slide 21
  • 22. Wireless  Don’t Plug in Your Own Wireless Access Point  Don’t Change the Secure Configuration: • To make it work with your home network • So it will connect in the airport • To access other facilities networks  Use a Wire When Available • Faster • More secure • Less competition for access point bandwidth Slide 22
  • 23. Malicious Software  Leave Virus Protection and Firewall Programs Running  Check for or Allow Updates  Recognize Potential Malicious Activities: • • • • • Hard drive running when no programs are running Unusual or unexpected logon screens Boot up speed or sequence changes Performance degradation Returned e-mails  Others? Slide 23
  • 24. What: Acceptable Use Policy/Agreement  Include All Security Topics  Templates and Examples are Available Online  Include in Training  Have Users Sign  May Include Confidentiality and Privacy Slide 24
  • 25. When: Security Awareness Training  Prior to System/Facility Access • Require security training • Have Acceptable Use Policy; Confidentiality; Privacy and other agreements signed  Ongoing • • • • New Hire Reminder Annual Include security every chance  Non-employees Slide 25
  • 26. Where and How: Security Awareness Training  Posters  Newsletters  Login Dialogue Boxes  E-mails  Display Tables  Contests  “Mystery Guest” Slide 26
  • 27. Tests for Understanding  Positives • Proof that learning occurred • Program improvements  Negatives • Proof that learning did not occur • Handling the failures Slide 27
  • 28. Documentation  Annual Plan  Who/What/When Matrix  Proof of Occurrence  Quality Review  Meeting Minutes Slide 28
  • 29. From George Mason University S.E.C.U.R.E. I.T.  Simple (All users can implement these procedures)  Effective (Problems are solved by following procedures)  Concerned (All users should be concerned about security)  Useful (Procedures keep resources safe and available)  Responsibility (All users must follow the AUP)  Economical (Resources are protected and conserved)  Information (Confidentiality, integrity, accessibility)  Technology (Hardware is protected and preserved) Slide 29
  • 30. Thank You Healthlink Incorporated 3800 Buffalo Speedway, Suite 550 Houston, TX . 77098 1.800.223.8956 claude.younger@healthlinkinc.com www.healthlinkinc.com