1. Information Security (Un)Awareness
Information Security
(un)awareness
Marc Vael
International Vice-President
“My management
just does not “get”
information
security!”
Anonymous CISO of a large financial institution
Marc Vael CONFENIS
ISACA September 2012
1
2. Information Security (Un)Awareness
“I am overwhelmed with
all the passwords I have
to remember. I just write
them down & leave them
with my executive
assistant.”
Anonymous manager working in an insurance company
“Management has
authorized acquisition of
security monitoring tools,
but they did not give me
any budget for people to
do this monitoring.”
Anonymous CISO of a multinational service organisation
Marc Vael CONFENIS
ISACA September 2012
2
3. Information Security (Un)Awareness
“Sure, I support
information security,
but my people need to
work and make money.”
Anonymous CEO of a retailer
“Our information security
department keeps getting
more tools, but I do not
think we are any more
secure.”
Anonymous CRO of a large financial institution
Marc Vael CONFENIS
ISACA September 2012
3
4. Information Security (Un)Awareness
“Security policy is one
thing. Reality is another.”
Anonymous COO from a consulting company
“All that information
security people do is
say “No!”.
They should learn how
we really work.
Angry manager of a governmental agency
Marc Vael CONFENIS
ISACA September 2012
4
10. Information Security (Un)Awareness
People are the weakest link.
You can have the best technology,
firewalls, intrusion-detection systems,
biometric devices - and somebody
can call an unsuspecting employee.
That's all she wrote, baby.
They got everything.
Kevin Mitnick, ex hacker, IT security consultant.
Marc Vael CONFENIS
ISACA September 2012
10
15. Information Security (Un)Awareness
Risk always exists!
(whether or not it is
detected / recognised
by the organisation).
Marc Vael CONFENIS
ISACA September 2012
15
18. Information Security (Un)Awareness
Corporate governance : ERM = COSO
Support from Board of Directors &
Executive Management
Marc Vael CONFENIS
ISACA September 2012
18
25. Information Security (Un)Awareness
www.isaca.org/cobit
For more information…
Marc Vael
International Vice-President
Chairman of the Knowledge Board
ISACA
http://www.isaca.org/
marc@vael.net
http://www.linkedin.com/in/marcvael
@marcvael
Marc Vael CONFENIS
ISACA September 2012
25