Download Importance of SETA programs

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
Document related concepts

Wireless security wikipedia , lookup

Post-quantum cryptography wikipedia , lookup

Mobile security wikipedia , lookup

Information security wikipedia , lookup

Security printing wikipedia , lookup

Airport security wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Computer security wikipedia , lookup

Security-focused operating system wikipedia , lookup

Transcript 
Security Education, Training,
and Awareness Programs
Jeff Summits
Overview
 Importance of security programs
 Three types of programs
* Security Education
* Security Training
* Security Awareness
Importance of SETA programs
 To enhance security in three ways:
* by building in-depth knowledge to design,
implement, or operate security programs
* by developing skills and knowledge so that
users can perform their jobs more securely
* by improving awareness of the need to
protect system resources
Importance of SETA programs
 Benefits of the programs
* Can improve employee behavior
* Enable the organization to hold
employees accountable for their
actions.
Security Education
 Many organizations encourage their employees to
seek proper formal education as a method to learn
more about their role within the company
 Different sources of education
*Colleges and Universities
*Private companies that specialize in security
education
*Government agencies
Security Education
 National Security Agency
 National Institute of Standards and
Technology
 Virginia Alliance for Security Computing and
Networking
Security Education
 “An educational system that cultivates an
appropriate knowledge of computer security will
increase the likelihood that the next generation of
IT workers will have the background needed to
design and develop systems that are engineered to
be reliable and secure”
~Integrating Security into the Curriculum
Security Training
 Providing members of the organization with
detailed information and hands-on instruction
 Training can either be:
* In-house training
* Outsourced formal training
 Good, quality training methods are vital to the
prosperity, development, and security of an
organization
Security Training
 In-house training methods can include:
* One-on-One: a trainer works with each trainee
* Formal Class: a single trainer teaches multiple
trainees in a formal setting
* Computer-Based: prepackaged software that
provides training
* Distance Seminars: trainees receive a seminar
presentation at their computer
Security Training cont.
* On-the-Job: trainees learn the specifics of their
jobs while working
* Self-Study: trainees study their material on
their own
Security Training
 SysAdmin, Audit, Network, Security (SANS)
 CSI
 Information Systems Security Association (ISSA)
*These organizations teach security training in a
number of ways. They conduct conferences,
meetings, and seminars. They also create monthly
journals and online newsletters.
Security Training
 “Training criteria are established according to trainees’
role(s) within their organizations, and are measured by
their on-the-job performance. This emphasis on roles
and results, rather than on fixed content, gives the
Training Requirements flexibility, adaptability, and
longevity… Organizations cannot protect the integrity,
confidentiality, and availability of information in today’s
highly networked system environment without ensuring
that each person involved understand their roles and
responsibilities and is adequately trained to perform
them”
Security Awareness
 Most effective security method
 Keeps information security at the forefront of
user’s minds on a daily basis
 Serves to instill a sense of responsibility and
purpose in employees
 Reminds users of the procedures to be followed
 Designed to modify any employee behavior that
endangers the security of sensitive information
Security Awareness
The Ten Commandments of Security Awareness
* Information security is a people issue
* Speak their language so they can understand
* They must see it to learn it
* Define at least one key learning objective
* Keep things light and add some humor
* Don’t overload the users
* Help users understand their roles
* Take advantage of in-house communication
* Make the awareness program formal
* Provide good information early and be timely
Security Awareness
 Many security awareness components are
available at low cost, or virtually no cost at all
 Awareness components can include:
* Videos
* Posters and banners
* Computer-based training
* Newsletters
* Brochures and flyers
* Trinkets (coffee cups, pens and pencils, T-shirts)
* Bulletin boards
Security Awareness
Security Awareness
Conclusion
* Education, Training, and Awareness
Programs are essential components to
keeping an organization’s information assets
secure, and also is important for the longevity
of the organization too.
Any questions??
Related documents
Word - Larmat
Word - Larmat
File
File
Infozoom Instruction Script
Infozoom Instruction Script
Eumetcal_2010_-_Presentation_L_BORREL
Eumetcal_2010_-_Presentation_L_BORREL
Jonathan Jaques Children`s Center
Jonathan Jaques Children`s Center
Submission - Current and future skills needs
Submission - Current and future skills needs
ro-cdirt - Cluj School of Public Health
ro-cdirt - Cluj School of Public Health
Trainees - Cnam - Pays de la Loire
Trainees - Cnam - Pays de la Loire
Chapter 007 Training Employees
Chapter 007 Training Employees
Education for Sustainable Development through Art and
Education for Sustainable Development through Art and
Maintenance sample courses up to 40 instructional hours
Maintenance sample courses up to 40 instructional hours
Document
Document
UW Medicine fact sheet
UW Medicine fact sheet
TSM AL Practium Checklist - Therapeutic Spiral International
TSM AL Practium Checklist - Therapeutic Spiral International
THE INCAS INSTITUTE IN MALTA TRAINING MODULES We
THE INCAS INSTITUTE IN MALTA TRAINING MODULES We
Available Internships / Placements for Business, Marketing
Available Internships / Placements for Business, Marketing
LARC Training Clinical Placement Agreement
LARC Training Clinical Placement Agreement
Princess Margaret Cancer Centre
Princess Margaret Cancer Centre
The nuclear plant currently has 350 fully trained workers
The nuclear plant currently has 350 fully trained workers
invest in people invest in trainees
invest in people invest in trainees
The Attitudes Of Teacher Trainees Towards
The Attitudes Of Teacher Trainees Towards
Clinical Genetics - NHS Education for Scotland
Clinical Genetics - NHS Education for Scotland