Information security (un)awareness by Marc Vael

•

1 recomendación•1,036 vistas

CONFENIS 2012

Marc Vael - International Vice-President of ISACA Information security (un)awareness

Tecnología Educación

Information Security (Un)Awareness

Information Security
(un)awareness

Marc Vael
International Vice-President

“My management
just does not “get”
information
security!”
Anonymous CISO of a large financial institution

Marc Vael CONFENIS
ISACA September 2012
1

Information Security (Un)Awareness

“I am overwhelmed with
all the passwords I have
to remember. I just write
them down & leave them
with my executive
assistant.”
Anonymous manager working in an insurance company

“Management has
authorized acquisition of
security monitoring tools,
but they did not give me
any budget for people to
do this monitoring.”
Anonymous CISO of a multinational service organisation

Marc Vael CONFENIS
ISACA September 2012
2

Information Security (Un)Awareness

“Sure, I support
information security,
but my people need to
work and make money.”
Anonymous CEO of a retailer

“Our information security
department keeps getting
more tools, but I do not
think we are any more
secure.”
Anonymous CRO of a large financial institution

Marc Vael CONFENIS
ISACA September 2012
3

Information Security (Un)Awareness

“Security policy is one
thing. Reality is another.”
Anonymous COO from a consulting company

“All that information
security people do is
say “No!”.
They should learn how
we really work.
Angry manager of a governmental agency

Marc Vael CONFENIS
ISACA September 2012
4

Information Security (Un)Awareness

Marc Vael CONFENIS
ISACA September 2012
5

Information Security (Un)Awareness

Marc Vael CONFENIS
ISACA September 2012
6

Information Security (Un)Awareness

Marc Vael CONFENIS
ISACA September 2012
7

Information Security (Un)Awareness

Cyberwarfare is
"the fifth domain of
warfare“

Marc Vael CONFENIS
ISACA September 2012
8

Information Security (Un)Awareness

Impact of an attack on the business

Marc Vael CONFENIS
ISACA September 2012
9

Information Security (Un)Awareness

People are the weakest link.
You can have the best technology,
firewalls, intrusion-detection systems,
biometric devices - and somebody
can call an unsuspecting employee.
That's all she wrote, baby.
They got everything.
Kevin Mitnick, ex hacker, IT security consultant.

Marc Vael CONFENIS
ISACA September 2012
10

Information Security (Un)Awareness

Business Model for Information Security

Marc Vael CONFENIS
ISACA September 2012
11

Information Security (Un)Awareness

Marc Vael CONFENIS
ISACA September 2012
12

Information Security (Un)Awareness

Marc Vael CONFENIS
ISACA September 2012
13

Information Security (Un)Awareness

Managing risks appropriately

Marc Vael CONFENIS
ISACA September 2012
14

Information Security (Un)Awareness

Risk always exists!
(whether or not it is
detected / recognised
by the organisation).

Marc Vael CONFENIS
ISACA September 2012
15

Information Security (Un)Awareness

EDUCATION!

Marc Vael CONFENIS
ISACA September 2012
16

Information Security (Un)Awareness

Marc Vael CONFENIS
ISACA September 2012
17

Information Security (Un)Awareness

Corporate governance : ERM = COSO

Support from Board of Directors &
Executive Management

Marc Vael CONFENIS
ISACA September 2012
18

Information Security (Un)Awareness

Policies & Standards

Project Management
Marc Vael CONFENIS
ISACA September 2012
19

Information Security (Un)Awareness

Providing proper funding

Providing proper resources
Marc Vael CONFENIS
ISACA September 2012
20

Information Security (Un)Awareness

Measuring performance

Review / Audit
Marc Vael CONFENIS
ISACA September 2012
21

Information Security (Un)Awareness

Your security solution
is as strong …

… as its weakest link

Marc Vael CONFENIS
ISACA September 2012
22

Information Security (Un)Awareness

Marc Vael CONFENIS
ISACA September 2012
23

Information Security (Un)Awareness

www.isaca.org/knowledgecenter

Marc Vael CONFENIS
ISACA September 2012
24

Information Security (Un)Awareness

www.isaca.org/cobit

For more information…
Marc Vael
International Vice-President
Chairman of the Knowledge Board

ISACA

http://www.isaca.org/

marc@vael.net
http://www.linkedin.com/in/marcvael
@marcvael

Marc Vael CONFENIS
ISACA September 2012
25

Más contenido relacionado

Más de CONFENIS 2012

Understanding the role of knowledge management during the ERP implementation ...

CONFENIS 2012

Effect of ERP implementation on the company efficiency - A Macedonian case

CONFENIS 2012

User perceptions, motivations and implications on ERP usage: An Indian Higher...

CONFENIS 2012

Enterprise Information Systems Security: A Case Study in the Banking Sector

CONFENIS 2012

[Dutch] ICT & Ryhove: een geslaagd huwelijk?

CONFENIS 2012

[Dutch] CRM en collaboration: een verstandshuwelijk of een LAT-relatie?

CONFENIS 2012

[Dutch] E-commerce en ERP

CONFENIS 2012

[Dutch] Sociale media en crisiscommunicatie

CONFENIS 2012

[Dutch] Zelf opstellen van bedrijfsprocessen - BPM & DMS: nieuwe manier van d...

CONFENIS 2012

[Dutch] ICT-INSPIRATIEDAG - CONFENIS 2012

CONFENIS 2012

[Dutch] Van Enterprise Resource Planning (ERP) voor kmo’s naar Collectief Res...

CONFENIS 2012

[Dutch] JIT 2.0. - een methode voor ondersteunen van proces-automatisatie en ...

CONFENIS 2012

[Dutch] Software is een middel, geen doel!

CONFENIS 2012

What's beyond ERP? New normal ERP? by Ludo Van den Kerckhove

CONFENIS 2012

[Dutch] Wat zijn sociale mediagebruikers, melkkoeien of onbetaalde werknemers...

CONFENIS 2012

Group preference aggregation based on ELECTRE methods for ERP system selection

CONFENIS 2012

A Multicriteria Model for Strategic Implementation of Business Process Manage...

CONFENIS 2012

Some Considerations on Contracts ERP Buyer-Seller perspective

CONFENIS 2012

A Decision Support System Based on RCM Approach to Define Maintenance Strategies

CONFENIS 2012

Evolutionary Approach for EIS Strategy Decision Making Framework and Efficien...

CONFENIS 2012

Más de CONFENIS 2012 (20)

Understanding the role of knowledge management during the ERP implementation ...

Effect of ERP implementation on the company efficiency - A Macedonian case

User perceptions, motivations and implications on ERP usage: An Indian Higher...

Enterprise Information Systems Security: A Case Study in the Banking Sector

[Dutch] ICT & Ryhove: een geslaagd huwelijk?

[Dutch] CRM en collaboration: een verstandshuwelijk of een LAT-relatie?

[Dutch] E-commerce en ERP

[Dutch] Sociale media en crisiscommunicatie

[Dutch] Zelf opstellen van bedrijfsprocessen - BPM & DMS: nieuwe manier van d...

[Dutch] ICT-INSPIRATIEDAG - CONFENIS 2012

[Dutch] Van Enterprise Resource Planning (ERP) voor kmo’s naar Collectief Res...

[Dutch] JIT 2.0. - een methode voor ondersteunen van proces-automatisatie en ...

[Dutch] Software is een middel, geen doel!

What's beyond ERP? New normal ERP? by Ludo Van den Kerckhove

[Dutch] Wat zijn sociale mediagebruikers, melkkoeien of onbetaalde werknemers...

Group preference aggregation based on ELECTRE methods for ERP system selection

A Multicriteria Model for Strategic Implementation of Business Process Manage...

Some Considerations on Contracts ERP Buyer-Seller perspective

A Decision Support System Based on RCM Approach to Define Maintenance Strategies

Evolutionary Approach for EIS Strategy Decision Making Framework and Efficien...

Último

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

apidays

Architecting Cloud Native Applications

WSO2

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

ICT role in 21st century education and its challenges

rafiqahmad00786416

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Discover the innovative features and strategic vision that keep WSO2 an industry leader. Explore the exciting 2024 roadmap of WSO2 API management, showcasing innovations, unified APIM/APK control plane, natural language API interaction, and cloud native agility. Discover how open source solutions, microservices architecture, and cloud native technologies unlock seamless API management in today's dynamic landscapes. Leave with a clear blueprint to revolutionize your API journey and achieve industry success!

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Exploring Multimodal Embeddings with Milvus

Zilliz

MINDCTI Revenue Release Quarter One 2024

MIND CTI

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

DBX First Quarter 2024 Investor Presentation

Dropbox

AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)

Samir Dash

Vector Search -An Introduction in Oracle Database 23ai.pptx

Remote DBA Services

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Whatsapp Number Escorts Call girls 8617370543 Available 24x7 Mcleodganj Call Girls Service Offer Genuine VIP Model Escorts Call Girls in Your Budget. Mcleodganj Call Girls Service Provide Real Call Girls Number. Make Your Sexual Pleasure Memorable with Our Mcleodganj Call Girls at Affordable Price. Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget.

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Deepika Singh

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

Introduction to use of FHIR Documents in ABDM

Kumar Satyam

Information security (un)awareness by Marc Vael

1. Information Security (Un)Awareness Information Security (un)awareness Marc Vael International Vice-President “My management just does not “get” information security!” Anonymous CISO of a large financial institution Marc Vael CONFENIS ISACA September 2012 1

2. Information Security (Un)Awareness “I am overwhelmed with all the passwords I have to remember. I just write them down & leave them with my executive assistant.” Anonymous manager working in an insurance company “Management has authorized acquisition of security monitoring tools, but they did not give me any budget for people to do this monitoring.” Anonymous CISO of a multinational service organisation Marc Vael CONFENIS ISACA September 2012 2

3. Information Security (Un)Awareness “Sure, I support information security, but my people need to work and make money.” Anonymous CEO of a retailer “Our information security department keeps getting more tools, but I do not think we are any more secure.” Anonymous CRO of a large financial institution Marc Vael CONFENIS ISACA September 2012 3

4. Information Security (Un)Awareness “Security policy is one thing. Reality is another.” Anonymous COO from a consulting company “All that information security people do is say “No!”. They should learn how we really work. Angry manager of a governmental agency Marc Vael CONFENIS ISACA September 2012 4

5. Information Security (Un)Awareness Marc Vael CONFENIS ISACA September 2012 5

6. Information Security (Un)Awareness Marc Vael CONFENIS ISACA September 2012 6

7. Information Security (Un)Awareness Marc Vael CONFENIS ISACA September 2012 7

8. Information Security (Un)Awareness Cyberwarfare is "the fifth domain of warfare“ Marc Vael CONFENIS ISACA September 2012 8

9. Information Security (Un)Awareness Impact of an attack on the business Marc Vael CONFENIS ISACA September 2012 9

10. Information Security (Un)Awareness People are the weakest link. You can have the best technology, firewalls, intrusion-detection systems, biometric devices - and somebody can call an unsuspecting employee. That's all she wrote, baby. They got everything. Kevin Mitnick, ex hacker, IT security consultant. Marc Vael CONFENIS ISACA September 2012 10

11. Information Security (Un)Awareness Business Model for Information Security Marc Vael CONFENIS ISACA September 2012 11

12. Information Security (Un)Awareness Marc Vael CONFENIS ISACA September 2012 12

13. Information Security (Un)Awareness Marc Vael CONFENIS ISACA September 2012 13

14. Information Security (Un)Awareness Managing risks appropriately Marc Vael CONFENIS ISACA September 2012 14

15. Information Security (Un)Awareness Risk always exists! (whether or not it is detected / recognised by the organisation). Marc Vael CONFENIS ISACA September 2012 15

16. Information Security (Un)Awareness EDUCATION! Marc Vael CONFENIS ISACA September 2012 16

17. Information Security (Un)Awareness Marc Vael CONFENIS ISACA September 2012 17

18. Information Security (Un)Awareness Corporate governance : ERM = COSO Support from Board of Directors & Executive Management Marc Vael CONFENIS ISACA September 2012 18

19. Information Security (Un)Awareness Policies & Standards Project Management Marc Vael CONFENIS ISACA September 2012 19

20. Information Security (Un)Awareness Providing proper funding Providing proper resources Marc Vael CONFENIS ISACA September 2012 20

21. Information Security (Un)Awareness Measuring performance Review / Audit Marc Vael CONFENIS ISACA September 2012 21

22. Information Security (Un)Awareness Your security solution is as strong … … as its weakest link Marc Vael CONFENIS ISACA September 2012 22

23. Information Security (Un)Awareness Marc Vael CONFENIS ISACA September 2012 23

24. Information Security (Un)Awareness www.isaca.org/knowledgecenter Marc Vael CONFENIS ISACA September 2012 24

25. Information Security (Un)Awareness www.isaca.org/cobit For more information… Marc Vael International Vice-President Chairman of the Knowledge Board ISACA http://www.isaca.org/ marc@vael.net http://www.linkedin.com/in/marcvael @marcvael Marc Vael CONFENIS ISACA September 2012 25

Information security (un)awareness by Marc Vael

Recomendados

Recomendados

Más contenido relacionado

Más de CONFENIS 2012

Más de CONFENIS 2012 (20)

Último

Último (20)

Information security (un)awareness by Marc Vael