The Human Firewall Creating a security aware workforce
description
Transcript of The Human Firewall Creating a security aware workforce
![Page 1: The Human Firewall Creating a security aware workforce](https://reader035.fdocuments.in/reader035/viewer/2022062321/56814299550346895daecd20/html5/thumbnails/1.jpg)
The Human FirewallCreating a security aware workforce
APPLIED INFORMATION SERVICES
Andrew BreakwellBusiness Development Director
Compliance Division
![Page 2: The Human Firewall Creating a security aware workforce](https://reader035.fdocuments.in/reader035/viewer/2022062321/56814299550346895daecd20/html5/thumbnails/2.jpg)
2Agenda
Establishing the Need
Common pitfalls
Planning
Delivery
Evaluation and Metrics
![Page 3: The Human Firewall Creating a security aware workforce](https://reader035.fdocuments.in/reader035/viewer/2022062321/56814299550346895daecd20/html5/thumbnails/3.jpg)
3Corporate overview
Governance, Risk and Compliance (GRC) specialists for more than 16 years
Focus on improving staff awareness, knowledge and understanding
Providers of: Information newsfeeds and alerts
Learning content and services
Risk management and auditing systems
Part of SAI Global, ASX quoted, c950 employees
Offices in Europe, North America and Australasia
Global client base – specialists in large scale, international deployments
4,000,000+ end users, resources in 20+ languages
![Page 4: The Human Firewall Creating a security aware workforce](https://reader035.fdocuments.in/reader035/viewer/2022062321/56814299550346895daecd20/html5/thumbnails/4.jpg)
4Establishing the Need
“Most security breaches occur at ground floor level, through employees making errors or inadvertently revealing information. It is ironic therefore that so many organizations do not have a comprehensive awareness program in place... perhaps missing the obvious and focusing upon the rather more stimulating high-tech threat instead.”
ISO 17799 News
![Page 5: The Human Firewall Creating a security aware workforce](https://reader035.fdocuments.in/reader035/viewer/2022062321/56814299550346895daecd20/html5/thumbnails/5.jpg)
5Establishing the Need
Deloitte 2007 Global Security Survey‘79 percent of participants cite the human factor as the root cause of information security failures’
CSI Computer Crime and Security Survey 2007‘The average annual loss reported in this year’s survey shot up to $350,424 from $168,000 the previous year’
ENISA: IS Awareness Initiatives – Current practice and the measurements of success 2007‘… information security is seen as a high or very high priority in four fifths of respondents.’
‘War stories’
![Page 6: The Human Firewall Creating a security aware workforce](https://reader035.fdocuments.in/reader035/viewer/2022062321/56814299550346895daecd20/html5/thumbnails/6.jpg)
6Common pitfalls
Lack of senior management support
Adopting a ‘one size fits all’ approach – mismatch between content and target audience
Not connecting the program to a Needs Assessment
Objectives and outcomes poorly defined
Training ‘fatigue’
Poor communication and planning
Developing a limited program based on specific budget target (not the one you want)
Lack of in-house expertise – not involving other experts
Assuming it’s a one-time initiative – not an ongoing process
Lack of evaluation and measurement
BORING…! Lack of engaging and relevant content
![Page 7: The Human Firewall Creating a security aware workforce](https://reader035.fdocuments.in/reader035/viewer/2022062321/56814299550346895daecd20/html5/thumbnails/7.jpg)
7Planning
Needs assessment
![Page 8: The Human Firewall Creating a security aware workforce](https://reader035.fdocuments.in/reader035/viewer/2022062321/56814299550346895daecd20/html5/thumbnails/8.jpg)
8Planning
Needs Assessment
WHO gets the training
WHAT training they get
HOW the training is delivered
WHERE the training takes place
WHEN the training takes place
Over the short, medium and long term
Aligned with corporate goals and objectives
Clear business case for all elements
Clearly defined measurement criteria - benchmarking
![Page 9: The Human Firewall Creating a security aware workforce](https://reader035.fdocuments.in/reader035/viewer/2022062321/56814299550346895daecd20/html5/thumbnails/9.jpg)
9Planning
Needs assessment
Identify audience – not a ‘one size fits all’ approach
![Page 10: The Human Firewall Creating a security aware workforce](https://reader035.fdocuments.in/reader035/viewer/2022062321/56814299550346895daecd20/html5/thumbnails/10.jpg)
10Planning
Identify audience
Full time/Part time?
New hires, trainees?
Senior management or management-role?
Specific departments or job ‘families’ (e.g. HR, IT, Security)?
Based on job or role (e.g. employees handling large amounts of data, remote workers)?
Specific technology users (e.g. employees with laptops)?
Specific location (e.g. country or region, manufacturing site, branch offices)?
PLUS customers, suppliers?
![Page 11: The Human Firewall Creating a security aware workforce](https://reader035.fdocuments.in/reader035/viewer/2022062321/56814299550346895daecd20/html5/thumbnails/11.jpg)
11Planning
Needs assessment
Identify audience – not a ‘one size fits all’ approach
Set objectives and timescales
Collaborate
Communicate and market
What’s available?
Establish the team – identify project owner
Identify resource and budget needs
Express funding needs
Assign a Program Manager
![Page 12: The Human Firewall Creating a security aware workforce](https://reader035.fdocuments.in/reader035/viewer/2022062321/56814299550346895daecd20/html5/thumbnails/12.jpg)
12Delivery
Develop course content
Core training
Senior management training
![Page 13: The Human Firewall Creating a security aware workforce](https://reader035.fdocuments.in/reader035/viewer/2022062321/56814299550346895daecd20/html5/thumbnails/13.jpg)
13Delivery
Core training – to include content for senior managers
E-learning for IT users Reduced delivery costs Reduced training time Flexibility and convenience Engaging and interactive Self-paced and non-threatening Consistent content and delivery Ease of updating Accurate measurement and control Tailored content – ‘off-the-shelf’ or bespoke
Workshops PowerPoints Handouts Trainers Notes ‘Train the Trainer’ sessions
![Page 14: The Human Firewall Creating a security aware workforce](https://reader035.fdocuments.in/reader035/viewer/2022062321/56814299550346895daecd20/html5/thumbnails/14.jpg)
14Delivery
E-learning – engaging content
![Page 15: The Human Firewall Creating a security aware workforce](https://reader035.fdocuments.in/reader035/viewer/2022062321/56814299550346895daecd20/html5/thumbnails/15.jpg)
15Delivery
Develop course content
Core training
Senior management training
New starter training
Refresher training
Specialist training
Assessment testing
![Page 16: The Human Firewall Creating a security aware workforce](https://reader035.fdocuments.in/reader035/viewer/2022062321/56814299550346895daecd20/html5/thumbnails/16.jpg)
16Delivery
Assessment testing
![Page 17: The Human Firewall Creating a security aware workforce](https://reader035.fdocuments.in/reader035/viewer/2022062321/56814299550346895daecd20/html5/thumbnails/17.jpg)
17Delivery
Develop course content
Core training
Senior management training
New starter training
Refresher training
Specialist training
Assessment testing
Ongoing awareness activity
![Page 18: The Human Firewall Creating a security aware workforce](https://reader035.fdocuments.in/reader035/viewer/2022062321/56814299550346895daecd20/html5/thumbnails/18.jpg)
18Delivery
Ongoing awareness activity
Interactive e-mailsMarketing materials
Posters Newsletters
Cartoons
Giveaways
Video ‘Moments’
![Page 19: The Human Firewall Creating a security aware workforce](https://reader035.fdocuments.in/reader035/viewer/2022062321/56814299550346895daecd20/html5/thumbnails/19.jpg)
19Delivery
Develop course content
Confirm technology requirements and test
Establish tracking and reporting criteria
Plan and communicate implementation timetable
Schedule launch and pre-launch activity
Ensure clear ownership of project
Analyse effectiveness of training using metrics
![Page 20: The Human Firewall Creating a security aware workforce](https://reader035.fdocuments.in/reader035/viewer/2022062321/56814299550346895daecd20/html5/thumbnails/20.jpg)
20Evaluation and metrics
Benchmarking prior to training
Completion rates (against previous training?) Total target audience By sector By job role
Three further levels Reaction level – measuring ‘attitudes’ i.e. through evaluation
questionnaires, structured interviews etc Immediate level – measuring users’ ‘knowledge’ i.e. through
pre- and post-training assessment tests Functional level – measuring ‘behavioural’ change i.e. through
observation of business processes and indicators, i.e. helpdesk calls, security breaches and incidents
Return on investment
![Page 21: The Human Firewall Creating a security aware workforce](https://reader035.fdocuments.in/reader035/viewer/2022062321/56814299550346895daecd20/html5/thumbnails/21.jpg)
The Human FirewallCreating a security aware workforce
APPLIED INFORMATION SERVICES
Andrew BreakwellBusiness Development Director
Compliance Division