25 tips & tricks document with security lessons
•
0 likes•261 views
The document is a presentation by Marc Vael from Valuendo titled "25 tips & tricks" for an InfoSecurity 2009 conference in March. It discusses 25 common misconceptions about information security. Vael polls the audience on their level of agreement with statements and lessons related to how security is understood, budgets are determined, policies are followed, and risks are managed within organizations. The presentation aims to challenge assumptions and encourage best practices.
Recommended
Recommended
More Related Content
Similar to 25 tips & tricks document with security lessons
Similar to 25 tips & tricks document with security lessons (20)
More from Marc Vael
More from Marc Vael (20)
Recently uploaded
Recently uploaded (20)
25 tips & tricks document with security lessons
- 1. 25 tips & tricks 25 Examples of what you should not do March 2009 Mr. Marc Vael Managing Director Valuendo © 2009 Valuendo. All rights reserved. 1 INFORMATION CLASSIFICATION = PUBLIC Agenda • Introduction • Concept • 25 Statements • Conclusion © 2009 Valuendo. All rights reserved. 2 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 1
- 2. 25 tips & tricks Introduction • Marc Vael • Managing Director Valuendo (“value & do”) since July 2001 • Education – Master Applied Economics (UAntwerp) – Master Information Management (UHasselt) – Master+ Applied Economics & ICT (KUL) • Core Services – Enterprise Risk Management – IT Governance – Information Security Management – Data Privacy & Protection – Business Continuity / Disaster Recovery – Crisis Management – IT Audit & Compliance • Certifications in good standing – CISA / CISM / CISSP / ITIL Service Manager © 2009 Valuendo. All rights reserved. 3 INFORMATION CLASSIFICATION = PUBLIC Concept • First : Statement • Second : Voting on your current experience © 2009 Valuendo. All rights reserved. 4 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 2
- 3. 25 tips & tricks Test : The economic crisis has no impact on the way we handle security • Fully Agree • Do not agree • Don’t know really © 2009 Valuendo. All rights reserved. 5 INFORMATION CLASSIFICATION = PUBLIC Lesson 1 : Security > Business needs •Yes •Not always •No © 2009 Valuendo. All rights reserved. 6 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 3
- 4. 25 tips & tricks Lesson 2 : It is the CISO who is driving security in our organisation •Of course. •No, the real driver is someone else •I’m not sure © 2009 Valuendo. All rights reserved. 7 INFORMATION CLASSIFICATION = PUBLIC Lesson 3 : Security budget is easy to calculate and to defend/present •Absolutely •Difficult to calculate, but easy to defend / present •Not really © 2009 Valuendo. All rights reserved. 8 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 4
- 5. 25 tips & tricks Lesson 4 : The security vision is understood by everyone •Yes and we even have checked this •We hope so •No © 2009 Valuendo. All rights reserved. 9 INFORMATION CLASSIFICATION = PUBLIC Lesson 5 : Everybody understands security terminology used •Yes we know and we even have a glossary •We hope so •No © 2009 Valuendo. All rights reserved. 10 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 5
- 6. 25 tips & tricks Lesson 6 : Security and risk management are two different professions •Yes •No •Don’t know really © 2009 Valuendo. All rights reserved. 11 INFORMATION CLASSIFICATION = PUBLIC Lesson 7 : People recognize security incidents •Yes and we even have tested this •We hope so •No © 2009 Valuendo. All rights reserved. 12 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 6
- 7. 25 tips & tricks Lesson 8 : People know how to classify and secure their information •Yes and we even have tested this •We hope so •No © 2009 Valuendo. All rights reserved. 13 INFORMATION CLASSIFICATION = PUBLIC Lesson 9 : Security audits are essential to determine what’s wrong •Yes •We hope so •No © 2009 Valuendo. All rights reserved. 14 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 7
- 8. 25 tips & tricks Lesson 10 : Security awareness posters are the most effective tool •Yes and we even have checked this •We hope so •No © 2009 Valuendo. All rights reserved. 15 INFORMATION CLASSIFICATION = PUBLIC Lesson 11 : People remember all passwords & pin-codes •Yes and we even have checked this •We hope so •No © 2009 Valuendo. All rights reserved. 16 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 8
- 9. 25 tips & tricks Lesson 12 : People always select a strong password •Yes and we even enforce this •We hope so •No © 2009 Valuendo. All rights reserved. 17 INFORMATION CLASSIFICATION = PUBLIC Lesson 13 : People lock their PC information via screen saver •Yes and we even have checked this •We hope so •No © 2009 Valuendo. All rights reserved. 18 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 9
- 10. 25 tips & tricks Lesson 14 : People respect clean desk policy •Yes and we even have checked this •We hope so •No © 2009 Valuendo. All rights reserved. 19 INFORMATION CLASSIFICATION = PUBLIC Lesson 15 : People always use the security tools we give them •Yes and we even have checked this •We hope so •No © 2009 Valuendo. All rights reserved. 20 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 10
- 11. 25 tips & tricks Lesson 16 : IT people give the good example of respecting security rules •Yes and we even have checked this •We hope so •No © 2009 Valuendo. All rights reserved. 21 INFORMATION CLASSIFICATION = PUBLIC Lesson 17 : People only use official authorized software •Yes and we even have tested this •We hope so •No © 2009 Valuendo. All rights reserved. 22 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 11
- 12. 25 tips & tricks Lesson 18 : Only naughty people get naughty spam mails •Yes •No •Don’t know really © 2009 Valuendo. All rights reserved. 23 INFORMATION CLASSIFICATION = PUBLIC Lesson 19 : Only dumb people fall for phishing scams / mails •Yes •No •Don’t know really © 2009 Valuendo. All rights reserved. 24 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 12
- 13. 25 tips & tricks Lesson 20 : People mention their backups in their OOO when unavailable •Yes •No •Don’t know really © 2009 Valuendo. All rights reserved. 25 INFORMATION CLASSIFICATION = PUBLIC Lesson 21 : People suggest alternative communication channels when unavailable •Yes •No •Don’t know really © 2009 Valuendo. All rights reserved. 26 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 13
- 14. 25 tips & tricks Lesson 22 : People know & respect security rules when at other companies •Yes •No •Don’t know really © 2009 Valuendo. All rights reserved. 27 INFORMATION CLASSIFICATION = PUBLIC Lesson 23 : People need full internet access for professional reasons •Yes •No •Don’t know really © 2009 Valuendo. All rights reserved. 28 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 14
- 15. 25 tips & tricks Lesson 24 : People know how to secure their wired & wireless network access •Yes •No •Don’t know really © 2009 Valuendo. All rights reserved. 29 INFORMATION CLASSIFICATION = PUBLIC Lesson 25 : Security is still better on paper than on digital format •Yes •No •Don’t know really © 2009 Valuendo. All rights reserved. 30 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 15
- 16. 25 tips & tricks Conclusion © 2009 Valuendo. All rights reserved. 31 INFORMATION CLASSIFICATION = PUBLIC Contact information Mr. Marc Vael, CISA, CISM, CISSP, ITIL Managing Director Valuendo Kriebrugstraat 33 1760 Roosdaal Belgium T: +32 5 433 61 93 M: +32 473 99 30 31 M: mvael@valuendo.com mvael@valuendo.com W: www.valuendo.com © 2009 Valuendo. All rights reserved. 32 INFORMATION CLASSIFICATION = PUBLIC Marc Vael InfoSecurity 2009 Valuendo March 2009 16