Valuendo 25 Things Not To Do (March 2009) Handout
description
Transcript of Valuendo 25 Things Not To Do (March 2009) Handout
1
25 tips & tricks
Marc Vael InfoSecurity 2009Valuendo March 2009
© 2009 Valuendo. All rights reserved. 1INFORMATION CLASSIFICATION = PUBLIC
25 Examples of what you should not do
March 2009
Mr. Marc VaelManaging Director
Valuendo
© 2009 Valuendo. All rights reserved. 2INFORMATION CLASSIFICATION = PUBLIC
Agenda
• Introduction• Concept• 25 Statements• Conclusion
2
25 tips & tricks
Marc Vael InfoSecurity 2009Valuendo March 2009
© 2009 Valuendo. All rights reserved. 3INFORMATION CLASSIFICATION = PUBLIC
• Marc Vael• Managing Director Valuendo (“value & do”) since July 2001• Education
– Master Applied Economics (UAntwerp)– Master Information Management (UHasselt)– Master+ Applied Economics & ICT (KUL)
• Core Services– Enterprise Risk Management– IT Governance–– Information Security ManagementInformation Security Management– Data Privacy & Protection– Business Continuity / Disaster Recovery – Crisis Management– IT Audit & Compliance
• Certifications in good standing– CISA / CISM / CISSP / ITIL Service Manager
Introduction
© 2009 Valuendo. All rights reserved. 4INFORMATION CLASSIFICATION = PUBLIC
• First : Statement
• Second : Voting on your current experience
Concept
3
25 tips & tricks
Marc Vael InfoSecurity 2009Valuendo March 2009
© 2009 Valuendo. All rights reserved. 5INFORMATION CLASSIFICATION = PUBLIC
Test : The economic crisis has no impact on the way we handle security
• Fully Agree • Do not agree • Don’t know really
© 2009 Valuendo. All rights reserved. 6INFORMATION CLASSIFICATION = PUBLIC
Lesson 1 : Security > Business needs
•Yes •Not always •No
4
25 tips & tricks
Marc Vael InfoSecurity 2009Valuendo March 2009
© 2009 Valuendo. All rights reserved. 7INFORMATION CLASSIFICATION = PUBLIC
Lesson 2 : It is the CISO who is driving security in our organisation
•Of course. •No, the real driver is someone else •I’m not sure
© 2009 Valuendo. All rights reserved. 8INFORMATION CLASSIFICATION = PUBLIC
Lesson 3 : Security budget is easy to calculate and to defend/present
•Absolutely •Difficult to calculate, but easy to defend / present •Not really
5
25 tips & tricks
Marc Vael InfoSecurity 2009Valuendo March 2009
© 2009 Valuendo. All rights reserved. 9INFORMATION CLASSIFICATION = PUBLIC
Lesson 4 : The security vision is understood by everyone
•Yes and we even have checked this
•We hope so •No
© 2009 Valuendo. All rights reserved. 10INFORMATION CLASSIFICATION = PUBLIC
Lesson 5 : Everybody understands security terminology used
•Yes we know and we even have a glossary •We hope so •No
6
25 tips & tricks
Marc Vael InfoSecurity 2009Valuendo March 2009
© 2009 Valuendo. All rights reserved. 11INFORMATION CLASSIFICATION = PUBLIC
Lesson 6 : Security and risk management are two different professions
•Yes •No •Don’t know really
© 2009 Valuendo. All rights reserved. 12INFORMATION CLASSIFICATION = PUBLIC
Lesson 7 : People recognize security incidents
•Yes and we even have tested this
•We hope so •No
7
25 tips & tricks
Marc Vael InfoSecurity 2009Valuendo March 2009
© 2009 Valuendo. All rights reserved. 13INFORMATION CLASSIFICATION = PUBLIC
Lesson 8 : People know how to classify and secure their information
•Yes and we even have tested this
•We hope so •No
© 2009 Valuendo. All rights reserved. 14INFORMATION CLASSIFICATION = PUBLIC
Lesson 9 : Security audits are essential to determine what’s wrong
•Yes •We hope so •No
8
25 tips & tricks
Marc Vael InfoSecurity 2009Valuendo March 2009
© 2009 Valuendo. All rights reserved. 15INFORMATION CLASSIFICATION = PUBLIC
Lesson 10 : Security awareness posters are the most effective tool
•Yes and we even have checked this
•We hope so •No
© 2009 Valuendo. All rights reserved. 16INFORMATION CLASSIFICATION = PUBLIC
Lesson 11 : People remember all passwords & pin-codes
•Yes and we even have checked this
•We hope so •No
9
25 tips & tricks
Marc Vael InfoSecurity 2009Valuendo March 2009
© 2009 Valuendo. All rights reserved. 17INFORMATION CLASSIFICATION = PUBLIC
Lesson 12 : People always select a strong password
•Yes and we even enforce this
•We hope so •No
© 2009 Valuendo. All rights reserved. 18INFORMATION CLASSIFICATION = PUBLIC
Lesson 13 : People lock their PC information via screen saver
•Yes and we even have checked this
•We hope so •No
10
25 tips & tricks
Marc Vael InfoSecurity 2009Valuendo March 2009
© 2009 Valuendo. All rights reserved. 19INFORMATION CLASSIFICATION = PUBLIC
Lesson 14 : People respect clean desk policy
•Yes and we even have checked this
•We hope so •No
© 2009 Valuendo. All rights reserved. 20INFORMATION CLASSIFICATION = PUBLIC
Lesson 15 : People always use the security tools we give them
•Yes and we even have checked this
•We hope so •No
11
25 tips & tricks
Marc Vael InfoSecurity 2009Valuendo March 2009
© 2009 Valuendo. All rights reserved. 21INFORMATION CLASSIFICATION = PUBLIC
Lesson 16 : IT people give the good example of respecting security rules
•Yes and we even have checked this
•We hope so •No
© 2009 Valuendo. All rights reserved. 22INFORMATION CLASSIFICATION = PUBLIC
Lesson 17 : People only use official authorized software
•Yes and we even have tested this
•We hope so •No
12
25 tips & tricks
Marc Vael InfoSecurity 2009Valuendo March 2009
© 2009 Valuendo. All rights reserved. 23INFORMATION CLASSIFICATION = PUBLIC
Lesson 18 : Only naughty people get naughty spam mails
•Yes •No •Don’t know really
© 2009 Valuendo. All rights reserved. 24INFORMATION CLASSIFICATION = PUBLIC
Lesson 19 : Only dumb people fall for phishing scams / mails
•Yes •No •Don’t know really
13
25 tips & tricks
Marc Vael InfoSecurity 2009Valuendo March 2009
© 2009 Valuendo. All rights reserved. 25INFORMATION CLASSIFICATION = PUBLIC
Lesson 20 : People mention their backups in their OOO when unavailable
•Yes •No •Don’t know really
© 2009 Valuendo. All rights reserved. 26INFORMATION CLASSIFICATION = PUBLIC
Lesson 21 : People suggest alternative communication channels when unavailable
•Yes •No •Don’t know really
14
25 tips & tricks
Marc Vael InfoSecurity 2009Valuendo March 2009
© 2009 Valuendo. All rights reserved. 27INFORMATION CLASSIFICATION = PUBLIC
Lesson 22 : People know & respect security rules when at other companies
•Yes •No •Don’t know really
© 2009 Valuendo. All rights reserved. 28INFORMATION CLASSIFICATION = PUBLIC
Lesson 23 : People need full internet access for professional reasons
•Yes •No •Don’t know really
15
25 tips & tricks
Marc Vael InfoSecurity 2009Valuendo March 2009
© 2009 Valuendo. All rights reserved. 29INFORMATION CLASSIFICATION = PUBLIC
Lesson 24 : People know how to secure their wired & wireless network access
•Yes •No •Don’t know really
© 2009 Valuendo. All rights reserved. 30INFORMATION CLASSIFICATION = PUBLIC
Lesson 25 : Security is still better on paper than on digital format
•Yes •No •Don’t know really
16
25 tips & tricks
Marc Vael InfoSecurity 2009Valuendo March 2009
© 2009 Valuendo. All rights reserved. 31INFORMATION CLASSIFICATION = PUBLIC
Conclusion
© 2009 Valuendo. All rights reserved. 32INFORMATION CLASSIFICATION = PUBLIC
Mr. Marc Vael, Mr. Marc Vael, CISA, CISM, CISSP, ITILCISA, CISM, CISSP, ITIL
Managing DirectorManaging Director
ValuendoValuendoKriebrugstraat 33Kriebrugstraat 331760 Roosdaal1760 RoosdaalBelgiumBelgium
T: +32 5 433 61 93T: +32 5 433 61 93M: +32 473 99 30 31M: +32 473 99 30 31M: M: mvael@[email protected]: W: www.valuendo.comwww.valuendo.com
Contact information