Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Wireless security wikipedia , lookup
Post-quantum cryptography wikipedia , lookup
Mobile security wikipedia , lookup
Information security wikipedia , lookup
Security printing wikipedia , lookup
Airport security wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Security Education, Training, and Awareness Programs Jeff Summits Overview Importance of security programs Three types of programs * Security Education * Security Training * Security Awareness Importance of SETA programs To enhance security in three ways: * by building in-depth knowledge to design, implement, or operate security programs * by developing skills and knowledge so that users can perform their jobs more securely * by improving awareness of the need to protect system resources Importance of SETA programs Benefits of the programs * Can improve employee behavior * Enable the organization to hold employees accountable for their actions. Security Education Many organizations encourage their employees to seek proper formal education as a method to learn more about their role within the company Different sources of education *Colleges and Universities *Private companies that specialize in security education *Government agencies Security Education National Security Agency National Institute of Standards and Technology Virginia Alliance for Security Computing and Networking Security Education “An educational system that cultivates an appropriate knowledge of computer security will increase the likelihood that the next generation of IT workers will have the background needed to design and develop systems that are engineered to be reliable and secure” ~Integrating Security into the Curriculum Security Training Providing members of the organization with detailed information and hands-on instruction Training can either be: * In-house training * Outsourced formal training Good, quality training methods are vital to the prosperity, development, and security of an organization Security Training In-house training methods can include: * One-on-One: a trainer works with each trainee * Formal Class: a single trainer teaches multiple trainees in a formal setting * Computer-Based: prepackaged software that provides training * Distance Seminars: trainees receive a seminar presentation at their computer Security Training cont. * On-the-Job: trainees learn the specifics of their jobs while working * Self-Study: trainees study their material on their own Security Training SysAdmin, Audit, Network, Security (SANS) CSI Information Systems Security Association (ISSA) *These organizations teach security training in a number of ways. They conduct conferences, meetings, and seminars. They also create monthly journals and online newsletters. Security Training “Training criteria are established according to trainees’ role(s) within their organizations, and are measured by their on-the-job performance. This emphasis on roles and results, rather than on fixed content, gives the Training Requirements flexibility, adaptability, and longevity… Organizations cannot protect the integrity, confidentiality, and availability of information in today’s highly networked system environment without ensuring that each person involved understand their roles and responsibilities and is adequately trained to perform them” Security Awareness Most effective security method Keeps information security at the forefront of user’s minds on a daily basis Serves to instill a sense of responsibility and purpose in employees Reminds users of the procedures to be followed Designed to modify any employee behavior that endangers the security of sensitive information Security Awareness The Ten Commandments of Security Awareness * Information security is a people issue * Speak their language so they can understand * They must see it to learn it * Define at least one key learning objective * Keep things light and add some humor * Don’t overload the users * Help users understand their roles * Take advantage of in-house communication * Make the awareness program formal * Provide good information early and be timely Security Awareness Many security awareness components are available at low cost, or virtually no cost at all Awareness components can include: * Videos * Posters and banners * Computer-based training * Newsletters * Brochures and flyers * Trinkets (coffee cups, pens and pencils, T-shirts) * Bulletin boards Security Awareness Security Awareness Conclusion * Education, Training, and Awareness Programs are essential components to keeping an organization’s information assets secure, and also is important for the longevity of the organization too. Any questions??