SlideShare una empresa de Scribd logo

The challenge of security awareness

Descargar como PPTX, PDF
Jisc
Jisc

A presentation at the Jisc security conference 2019 by Garry Scobie, deputy CISO, University of Edinburgh.

Tecnología
1 de 41
The challenge of security awareness Garry Scobie, deputy CISO, The University of Edinburgh
Who am I? • Garry Scobie • Deputy CISO • The University of Edinburgh 2 The challenge of security awareness
Agenda • Identifying the challenges to overcome when introducing a security awareness program • An overview of real-life attacks on the organisation; making the abstract, concrete, helping to shape our thinking on awareness training • Suggested solutions using the current awareness program at The University of Edinburgh as an example 3 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY-ND
Security breaches commonplace • Compromises resulting in loss of data are announced almost weekly • Huge numbers of accounts are up for sale • It’s commonplace 4 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY-SA
Why bother? • Users may rightly ask why bother with security? • Some believe it doesn’t apply to them • “I’m going to be hacked anyway” • “I’ve nothing important to lose” • “Mandatory security training? But I’m a …” • “We have clever people. They won’t be phished” 5 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY-NC-ND
A challenging environment • I see a lot of good practice • Others, however… • “Do I have to ask suppliers about their security?” • “Are there any loopholes in GDPR that I can use to get around it?” • “Can we just not bother?” 6 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY-SA-NC
How do we make people aware? • We can spend a fortune on technical controls • We can write policies and procedures • But if someone is phished… • How do we educate in such an environment? • What are the challenges? 7 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY
Challenge 1 - complexity 8 The challenge of security awareness • The environment is complex • Connecting everybody with everything • Educating a non-security professional about IoT? Too big, too difficult, not interested • Who reads terms and conditions, and understands what it actually does? This Photo by Unknown Author is licensed under CC BY-NC
Challenge 2 - overload • The sheer volume of data, messages, things for people to click on and access • How is our message going to stand out, let alone get through? 9 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY-NC-ND
Challenge 3 - diversity and accessibility 10 The challenge of security awareness • Everyone is important in helping all of us to be more secure. Fostering awareness cannot lose sight of this • The message must appeal and be understood by all. Be wary of jargon • Is the awareness training you provide accessible and achievable by all your users? • Different audiences – message may have to be modified. Tech v non-tech This Photo by Unknown Author is licensed under CC BY-SA-NC
Challenge 4 - justifying budgets 11 The challenge of security awareness • Security awareness must add value • Not just be a drain on resources • Competing against all other priorities This Photo by Unknown Author is licensed under CC BY-NC-ND
Challenge 5 - it’s not a tick box 12 The challenge of security awareness • Security awareness is not a one-off • Whatever you do has to be ongoing • It’s a continual process of revisiting, revising and reinforcing This Photo by Unknown Author is licensed under CC BY-SA
Challenge 6 – a vast subject 13 The challenge of security awareness • InfoSec remit covers a huge area of policy, tech and guidance • A common support call is “I’ve found this piece of software. Is it okay to use from an InfoSec perspective?” This Photo by Unknown Author is licensed under CC BY
Challenge 7 – image 14 The challenge of security awareness • The image of Information Security needs to change • Pictures of hoodies with dark glasses in basements is dated and turns people off • InfoSec needs to be approachable • Demystify This Photo by Unknown Author is licensed under CC BY
Challenge 8 - measuring effectiveness 15 The challenge of security awareness • How do you know if your message is getting across? • Are you making a difference? • How can you tell? This Photo by Unknown Author is licensed under CC BY-NC
Challenge 9 – cultural change 16 The challenge of security awareness • Ensure security awareness is embedded and becomes the norm for the organisation • Rapid turnover of staff and students is a challenge • Long serving staff • Not just being aware, but understanding This Photo by Unknown Author is licensed under CC BY
The University of Edinburgh • An internationally-acclaimed seat of learning • Reputation for research and as a pioneer of discoveries and scientific breakthroughs • A major employer and a major player in the City Deal Initiative 17 The challenge of security awareness
The university is a target • Data theft – PII of staff and students • Financial gain – handling of student fees; large employer; contracts with third parties; Research grants; City Deal • Espionage – centres for research hold valuable intellectual property – you name it, it’s probably being researched • These are highlighted in our awareness program 18 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY
Top cyber threats • Lack of awareness • Phishing • Malware/Ransomware • These are linked together • Helps to shape our thinking on awareness training • Relate advice to incidents helps to make it real 19 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY
Phishing • There are deliveries everyday and emails informing users of them • Phishing is typically Ransomware or grab of credentials • Don’t pay. Restore from backups • No reading of email and browsing the web while logged in with a privileged account • Evidence suggests top targets for phishing attempts are research/medical 20 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY-NC
Spear and whale phishing • Academics concerned over phishing attacks which they spotted, but how did they get that personal data about them? • Academic on-line profile is full of useful data • Biography, teaching and PhD Supervision, research, projects, publications • Social engineering using social media • We can’t hide away. Just be aware of what you put out and be on guard whenever someone new approaches you 21 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY
Conferences • Register for a ‘conference’ and then email is returned stating there is a problem with the web site handling the registration process • The email contains an attachment, which is not malware. User asked to fill in their details • “We can arrange a discount via local hotels, so fill in this form with your personal details including passport number and credit card” • Also spoofing of genuine conference and claim delegate hasn’t paid 22 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY
Other phishing attacks • Disk full alerts, email account upgrade or suspended, doing a routine maintenance and you need to provide your credentials • IT services would never do this • Phone scams on increase • Texts • Watering hole sites/fake domains • Fake pages linked to library systems 23 The challenge of security awareness
Fraud • Spear Phishing - targeting key personnel for urgent payments • Mandate fraud – change of supplier bank details using fake website to spoof bank details. Receive payment to fake supplier bank account • Spoofed invoices • All the above prevented due to internal controls • Students giving money to “money advisers.” Lottery scam. Accommodation scams 24 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY-SA
Bitcoin miners • System compromises due to lack of or delay in patching • Bitcoin miner code searches for other computers on the network and attempts to compromise • Failure to patch can impact on everyone 25 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY
Freedom of information • Legal requirement for public sector • We have developed an understanding of what we can say in respect of security • You don’t want to map out your tech • We are often asked how many cyber attacks have we had? • We have also been asked how many of the University’s properties are haunted? 26 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY
Physical security • The University is very old. Has a sprawling mix of buildings. We are proud of our estate and encourage openness • Physical thefts do occur • Clean desk policy • Wear lanyard, be prepared to challenge 27 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY-NC-ND
Cyber security cultural assessment • Seven focus groups across a range of schools and business units • The themes of Empowerment, Awareness, Values, Behaviours, Adherence, Accountability, Responsibility, and Cultural Norms were discussed • Helped to benchmark and reinforce the direction we were taking • Staff want the information to enable them to do the right thing 28 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY
Focus groups - actions • Communications – security working group • InfoSec champions network – with training • Review on-line training and target awareness • Refresh of guidance • Multi-channel communication campaign (use student interns) • Raise empowerment • Accountability 29 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY-NC
The way forward • Users are our best defence • Foster an environment that encourages people to speak up, point out, challenge • A no blame culture • Consensus on what is important and aligned to the business • Assess the risks and partner with the business in language everyone understands • Partnership working 30 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY-SA
The way forward • We provide policy and procedures around the need to handle University data securely • We also stress the need for users to handle their own personal data in the same way • Foster awareness by highlighting the data they hold on family and friends • Identity theft is real 31 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY-ND
The way forward • Don’t be afraid to try different things and fail • Buy-in from top – invite your senior team along • GDPR champions network - Use those who do get it to help others get on-board • InfoSec champions network • Make it fun - don’t turn your users off • Enthusiasm can’t be faked. Enjoy your subject 32 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY-NC-ND
The way forward • Look for quick wins. What can users do to make them more secure? • Automatic updates • Think before you click • AV on mobiles • We pitch the training at every opportunity 33 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY
The university of Edinburgh • Teamed up with the digital skills program • Security awareness week • Fraud awareness week • New staff welcome sessions • Creative learning festival – Medieval castles – Victorian fan language 34 The challenge of security awareness
University awareness sessions • The Internet survival guide • Fraud, phishing and social engineering • Why is InfoSec important to me and you? • Practical encryption for staff and students • Mobile phone security • Ransomware • Introduction to the InfoSec team • Choosing software from an InfoSec view • Hacking, cybercrime and the movies 35 The challenge of security awareness
MOOC • Massive Open Online Courses • Digital footprint initiative • Three week online course which includes developing an effective online presence, managing your privacy, creating opportunities for networking, balancing and managing professional and personal presences (e-professionalism) 36 The challenge of security awareness
The university of Edinburgh • Mandatory on-line training • Embedding security in projects - Question sets for procurement • Top tip flyers • Active on social media • Student interns – feedback on what we are doing 37 The challenge of security awareness
The university of Edinburgh • Focus groups • Phishing simulation • Merchandise and branding • Developing podcasts 38 The challenge of security awareness
KPI’s • Increase in take up of training • Increase in calls for advice and support • Increased reports of phishing emails • Engagement at project initiation • Requests for vulnerability scans and penetration tests • Invitations to visit schools and colleges • One school now starting their own internal security awareness program • College requests for additional awareness sessions 39 The challenge of security awareness
The challenge of security awareness 40 The challenge of security awareness
customerservices@jisc.ac.uk jisc.ac.uk Garry Scobie Deputy CISO The University of Edinburgh Thankyou

Recomendados

The importance of authenticity in cyber security training and education
The importance of authenticity in cyber security training and educationThe importance of authenticity in cyber security training and education
The importance of authenticity in cyber security training and educationJisc
 
How children's fingerprints on the web could mean the end of PII Authenticati...
How children's fingerprints on the web could mean the end of PII Authenticati...How children's fingerprints on the web could mean the end of PII Authenticati...
How children's fingerprints on the web could mean the end of PII Authenticati...Jisc
 
Online abuse and safeguarding in higher education
Online abuse and safeguarding in higher educationOnline abuse and safeguarding in higher education
Online abuse and safeguarding in higher educationJisc
 
Runshaw College and the journey towards ISO 27001
Runshaw College and the journey towards ISO 27001Runshaw College and the journey towards ISO 27001
Runshaw College and the journey towards ISO 27001Jisc
 
The Cyber Security Training Gap: Rotarian Reach
The Cyber Security Training Gap: Rotarian ReachThe Cyber Security Training Gap: Rotarian Reach
The Cyber Security Training Gap: Rotarian ReachRotary International
 
How We Will Fail in Privacy and Ethics for the Emerging Internet of Things
How We Will Fail in Privacy and Ethics for the Emerging Internet of ThingsHow We Will Fail in Privacy and Ethics for the Emerging Internet of Things
How We Will Fail in Privacy and Ethics for the Emerging Internet of ThingsJason Hong
 
Security and Privacy Challenges for IoT
Security and Privacy Challenges for IoTSecurity and Privacy Challenges for IoT
Security and Privacy Challenges for IoTJason Hong
 
Engage! Creating a Meaningful Security Awareness Program
Engage! Creating a Meaningful Security Awareness ProgramEngage! Creating a Meaningful Security Awareness Program
Engage! Creating a Meaningful Security Awareness ProgramBen Woelk, CISSP, CPTC
 

Recomendados

The importance of authenticity in cyber security training and education
The importance of authenticity in cyber security training and educationThe importance of authenticity in cyber security training and education
The importance of authenticity in cyber security training and educationJisc
 
How children's fingerprints on the web could mean the end of PII Authenticati...
How children's fingerprints on the web could mean the end of PII Authenticati...How children's fingerprints on the web could mean the end of PII Authenticati...
How children's fingerprints on the web could mean the end of PII Authenticati...Jisc
 
Online abuse and safeguarding in higher education
Online abuse and safeguarding in higher educationOnline abuse and safeguarding in higher education
Online abuse and safeguarding in higher educationJisc
 
Runshaw College and the journey towards ISO 27001
Runshaw College and the journey towards ISO 27001Runshaw College and the journey towards ISO 27001
Runshaw College and the journey towards ISO 27001Jisc
 
The Cyber Security Training Gap: Rotarian Reach
The Cyber Security Training Gap: Rotarian ReachThe Cyber Security Training Gap: Rotarian Reach
The Cyber Security Training Gap: Rotarian ReachRotary International
 
How We Will Fail in Privacy and Ethics for the Emerging Internet of Things
How We Will Fail in Privacy and Ethics for the Emerging Internet of ThingsHow We Will Fail in Privacy and Ethics for the Emerging Internet of Things
How We Will Fail in Privacy and Ethics for the Emerging Internet of ThingsJason Hong
 
Security and Privacy Challenges for IoT
Security and Privacy Challenges for IoTSecurity and Privacy Challenges for IoT
Security and Privacy Challenges for IoTJason Hong
 
Engage! Creating a Meaningful Security Awareness Program
Engage! Creating a Meaningful Security Awareness ProgramEngage! Creating a Meaningful Security Awareness Program
Engage! Creating a Meaningful Security Awareness ProgramBen Woelk, CISSP, CPTC
 
Esafety in the curriculum October 2014
Esafety in the curriculum October 2014Esafety in the curriculum October 2014
Esafety in the curriculum October 2014bellla33
 
Interop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeInterop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeBen Rothke
 
Security Awareness Training for Community Colleges 2009
Security Awareness Training for Community Colleges 2009Security Awareness Training for Community Colleges 2009
Security Awareness Training for Community Colleges 2009Donald E. Hester
 
Social Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessSocial Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessCBIZ, Inc.
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingKimberly Hood
 
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAECybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE360 BSI
 
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityCarbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityMighty Guides, Inc.
 
E safety in post-16 education
E safety in post-16 educationE safety in post-16 education
E safety in post-16 educationdeborahjudah
 
eSafety policy
eSafety policyeSafety policy
eSafety policybwcelearning
 
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...360 BSI
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceSymantec
 
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYIJNSA Journal
 
NAESP Conference - July 12, 2014
NAESP Conference - July 12, 2014NAESP Conference - July 12, 2014
NAESP Conference - July 12, 2014emilyensign
 
Digital literacy and Citizenship syllabus
Digital literacy and Citizenship syllabusDigital literacy and Citizenship syllabus
Digital literacy and Citizenship syllabusInternational School of Curitiba
 
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAEIT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE360 BSI
 
The need for effective information security awareness practices.
The need for effective information security awareness practices.The need for effective information security awareness practices.
The need for effective information security awareness practices.CAS
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraIGN MANTRA
 
C3 Presentation - Oct 2015
C3 Presentation - Oct 2015C3 Presentation - Oct 2015
C3 Presentation - Oct 2015emilyensign
 
Digital Citizenship Policy Formulation with Lubuto Trust College Stakeholders
Digital Citizenship Policy Formulation with Lubuto Trust College Stakeholders Digital Citizenship Policy Formulation with Lubuto Trust College Stakeholders
Digital Citizenship Policy Formulation with Lubuto Trust College Stakeholders Jerry Sakala
 
Cybersafety
Cybersafety Cybersafety
Cybersafety Sue Noor
 
Course Tech 2013, Mark Ciampa, Helping Students Stay Secure
Course Tech 2013, Mark Ciampa, Helping Students Stay SecureCourse Tech 2013, Mark Ciampa, Helping Students Stay Secure
Course Tech 2013, Mark Ciampa, Helping Students Stay SecureCengage Learning
 
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...Kimberley Dray
 

Más contenido relacionado

La actualidad más candente

Esafety in the curriculum October 2014
Esafety in the curriculum October 2014Esafety in the curriculum October 2014
Esafety in the curriculum October 2014bellla33
 
Interop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeInterop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeBen Rothke
 
Security Awareness Training for Community Colleges 2009
Security Awareness Training for Community Colleges 2009Security Awareness Training for Community Colleges 2009
Security Awareness Training for Community Colleges 2009Donald E. Hester
 
Social Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessSocial Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessCBIZ, Inc.
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingKimberly Hood
 
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAECybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE360 BSI
 
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityCarbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityMighty Guides, Inc.
 
E safety in post-16 education
E safety in post-16 educationE safety in post-16 education
E safety in post-16 educationdeborahjudah
 
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...360 BSI
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceSymantec
 
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYIJNSA Journal
 
NAESP Conference - July 12, 2014
NAESP Conference - July 12, 2014NAESP Conference - July 12, 2014
NAESP Conference - July 12, 2014emilyensign
 
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAEIT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE360 BSI
 
The need for effective information security awareness practices.
The need for effective information security awareness practices.The need for effective information security awareness practices.
The need for effective information security awareness practices.CAS
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraIGN MANTRA
 
C3 Presentation - Oct 2015
C3 Presentation - Oct 2015C3 Presentation - Oct 2015
C3 Presentation - Oct 2015emilyensign
 
Digital Citizenship Policy Formulation with Lubuto Trust College Stakeholders
Digital Citizenship Policy Formulation with Lubuto Trust College Stakeholders Digital Citizenship Policy Formulation with Lubuto Trust College Stakeholders
Digital Citizenship Policy Formulation with Lubuto Trust College Stakeholders Jerry Sakala
 
Cybersafety
Cybersafety Cybersafety
Cybersafety Sue Noor
 

La actualidad más candente (20)

Esafety in the curriculum October 2014
Esafety in the curriculum October 2014Esafety in the curriculum October 2014
Esafety in the curriculum October 2014
 
Interop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothkeInterop 2011 las vegas - session se31 - rothke
Interop 2011 las vegas - session se31 - rothke
 
Security Awareness Training for Community Colleges 2009
Security Awareness Training for Community Colleges 2009Security Awareness Training for Community Colleges 2009
Security Awareness Training for Community Colleges 2009
 
Social Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessSocial Engineering Audit & Security Awareness
Social Engineering Audit & Security Awareness
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and Training
 
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAECybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
 
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityCarbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint Security
 
E safety in post-16 education
E safety in post-16 educationE safety in post-16 education
E safety in post-16 education
 
eSafety policy
eSafety policyeSafety policy
eSafety policy
 
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber Resilience
 
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
 
NAESP Conference - July 12, 2014
NAESP Conference - July 12, 2014NAESP Conference - July 12, 2014
NAESP Conference - July 12, 2014
 
Digital literacy and Citizenship syllabus
Digital literacy and Citizenship syllabusDigital literacy and Citizenship syllabus
Digital literacy and Citizenship syllabus
 
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAEIT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
 
The need for effective information security awareness practices.
The need for effective information security awareness practices.The need for effective information security awareness practices.
The need for effective information security awareness practices.
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
 
C3 Presentation - Oct 2015
C3 Presentation - Oct 2015C3 Presentation - Oct 2015
C3 Presentation - Oct 2015
 
Digital Citizenship Policy Formulation with Lubuto Trust College Stakeholders
Digital Citizenship Policy Formulation with Lubuto Trust College Stakeholders Digital Citizenship Policy Formulation with Lubuto Trust College Stakeholders
Digital Citizenship Policy Formulation with Lubuto Trust College Stakeholders
 
Cybersafety
Cybersafety Cybersafety
Cybersafety
 

Similar a The challenge of security awareness

Course Tech 2013, Mark Ciampa, Helping Students Stay Secure
Course Tech 2013, Mark Ciampa, Helping Students Stay SecureCourse Tech 2013, Mark Ciampa, Helping Students Stay Secure
Course Tech 2013, Mark Ciampa, Helping Students Stay SecureCengage Learning
 
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...Kimberley Dray
 
The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015Security Innovation
 
Cybersecurity: An FBI perspective: how cyber criminals exploit the goodness o...
Cybersecurity: An FBI perspective: how cyber criminals exploit the goodness o...Cybersecurity: An FBI perspective: how cyber criminals exploit the goodness o...
Cybersecurity: An FBI perspective: how cyber criminals exploit the goodness o...Ruth Edmonds
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk GovernanceDan Michaluk
 
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
Cyber Attacks aren't going away - including Cyber Security in your risk strategyCyber Attacks aren't going away - including Cyber Security in your risk strategy
Cyber Attacks aren't going away - including Cyber Security in your risk strategyJames Mulhern
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Cyber awareness ppt on the recorded data
Cyber awareness ppt on the recorded dataCyber awareness ppt on the recorded data
Cyber awareness ppt on the recorded dataTecnoIncentive
 
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...SurfWatch Labs
 
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...Aggregage
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022PECB
 
Cyber Ranges: A New Approach to Security
Cyber Ranges: A New Approach to SecurityCyber Ranges: A New Approach to Security
Cyber Ranges: A New Approach to SecuritySecurity Innovation
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityStephen Cobb
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest riskEvan Francen
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarEmpired
 
Digital citizenship pp
Digital citizenship ppDigital citizenship pp
Digital citizenship ppKatie Ward
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-securityStephen Cobb
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and BadTzar Umang
 

Similar a The challenge of security awareness (20)

Course Tech 2013, Mark Ciampa, Helping Students Stay Secure
Course Tech 2013, Mark Ciampa, Helping Students Stay SecureCourse Tech 2013, Mark Ciampa, Helping Students Stay Secure
Course Tech 2013, Mark Ciampa, Helping Students Stay Secure
 
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
 
The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015
 
Cybersecurity: An FBI perspective: how cyber criminals exploit the goodness o...
Cybersecurity: An FBI perspective: how cyber criminals exploit the goodness o...Cybersecurity: An FBI perspective: how cyber criminals exploit the goodness o...
Cybersecurity: An FBI perspective: how cyber criminals exploit the goodness o...
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
 
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
Cyber Attacks aren't going away - including Cyber Security in your risk strategyCyber Attacks aren't going away - including Cyber Security in your risk strategy
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
Cyber awareness ppt on the recorded data
Cyber awareness ppt on the recorded dataCyber awareness ppt on the recorded data
Cyber awareness ppt on the recorded data
 
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...
Credit Unions Caught in the Cybercrime Cross Hairs: How to Get Ahead of the C...
 
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022
 
Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2
 
Cyber Ranges: A New Approach to Security
Cyber Ranges: A New Approach to SecurityCyber Ranges: A New Approach to Security
Cyber Ranges: A New Approach to Security
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber Security
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
Digital citizenship pp
Digital citizenship ppDigital citizenship pp
Digital citizenship pp
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security Forum
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and Bad
 

Más de Jisc

Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...Jisc
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxJisc
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxJisc
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Jisc
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...Jisc
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptxJisc
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxJisc
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxJisc
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxJisc
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJisc
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxJisc
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber EssentialsJisc
 
MarkChilds.pptx
MarkChilds.pptxMarkChilds.pptx
MarkChilds.pptxJisc
 
RStrachanOct23.pptx
RStrachanOct23.pptxRStrachanOct23.pptx
RStrachanOct23.pptxJisc
 
ISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxJisc
 
FerrellWalker.pptx
FerrellWalker.pptxFerrellWalker.pptx
FerrellWalker.pptxJisc
 

Más de Jisc (20)

Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptx
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptx
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptx
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptx
 
The Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptxThe Open Access Community Framework (OACF) 2023 (1).pptx
The Open Access Community Framework (OACF) 2023 (1).pptx
 
Are we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptxAre we onboard yet University of Sussex.pptx
Are we onboard yet University of Sussex.pptx
 
JiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptxJiscOAWeek_LAIR_slides_October2023.pptx
JiscOAWeek_LAIR_slides_October2023.pptx
 
UWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptxUWP OA Week Presentation (1).pptx
UWP OA Week Presentation (1).pptx
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber Essentials
 
MarkChilds.pptx
MarkChilds.pptxMarkChilds.pptx
MarkChilds.pptx
 
RStrachanOct23.pptx
RStrachanOct23.pptxRStrachanOct23.pptx
RStrachanOct23.pptx
 
ISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptxISDX2 Oct 2023 .pptx
ISDX2 Oct 2023 .pptx
 
FerrellWalker.pptx
FerrellWalker.pptxFerrellWalker.pptx
FerrellWalker.pptx
 

Último

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Último (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

The challenge of security awareness

  • 1. The challenge of security awareness Garry Scobie, deputy CISO, The University of Edinburgh
  • 2. Who am I? • Garry Scobie • Deputy CISO • The University of Edinburgh 2 The challenge of security awareness
  • 3. Agenda • Identifying the challenges to overcome when introducing a security awareness program • An overview of real-life attacks on the organisation; making the abstract, concrete, helping to shape our thinking on awareness training • Suggested solutions using the current awareness program at The University of Edinburgh as an example 3 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY-ND
  • 4. Security breaches commonplace • Compromises resulting in loss of data are announced almost weekly • Huge numbers of accounts are up for sale • It’s commonplace 4 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY-SA
  • 5. Why bother? • Users may rightly ask why bother with security? • Some believe it doesn’t apply to them • “I’m going to be hacked anyway” • “I’ve nothing important to lose” • “Mandatory security training? But I’m a …” • “We have clever people. They won’t be phished” 5 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY-NC-ND
  • 6. A challenging environment • I see a lot of good practice • Others, however… • “Do I have to ask suppliers about their security?” • “Are there any loopholes in GDPR that I can use to get around it?” • “Can we just not bother?” 6 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY-SA-NC
  • 7. How do we make people aware? • We can spend a fortune on technical controls • We can write policies and procedures • But if someone is phished… • How do we educate in such an environment? • What are the challenges? 7 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY
  • 8. Challenge 1 - complexity 8 The challenge of security awareness • The environment is complex • Connecting everybody with everything • Educating a non-security professional about IoT? Too big, too difficult, not interested • Who reads terms and conditions, and understands what it actually does? This Photo by Unknown Author is licensed under CC BY-NC
  • 9. Challenge 2 - overload • The sheer volume of data, messages, things for people to click on and access • How is our message going to stand out, let alone get through? 9 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY-NC-ND
  • 10. Challenge 3 - diversity and accessibility 10 The challenge of security awareness • Everyone is important in helping all of us to be more secure. Fostering awareness cannot lose sight of this • The message must appeal and be understood by all. Be wary of jargon • Is the awareness training you provide accessible and achievable by all your users? • Different audiences – message may have to be modified. Tech v non-tech This Photo by Unknown Author is licensed under CC BY-SA-NC
  • 11. Challenge 4 - justifying budgets 11 The challenge of security awareness • Security awareness must add value • Not just be a drain on resources • Competing against all other priorities This Photo by Unknown Author is licensed under CC BY-NC-ND
  • 12. Challenge 5 - it’s not a tick box 12 The challenge of security awareness • Security awareness is not a one-off • Whatever you do has to be ongoing • It’s a continual process of revisiting, revising and reinforcing This Photo by Unknown Author is licensed under CC BY-SA
  • 13. Challenge 6 – a vast subject 13 The challenge of security awareness • InfoSec remit covers a huge area of policy, tech and guidance • A common support call is “I’ve found this piece of software. Is it okay to use from an InfoSec perspective?” This Photo by Unknown Author is licensed under CC BY
  • 14. Challenge 7 – image 14 The challenge of security awareness • The image of Information Security needs to change • Pictures of hoodies with dark glasses in basements is dated and turns people off • InfoSec needs to be approachable • Demystify This Photo by Unknown Author is licensed under CC BY
  • 15. Challenge 8 - measuring effectiveness 15 The challenge of security awareness • How do you know if your message is getting across? • Are you making a difference? • How can you tell? This Photo by Unknown Author is licensed under CC BY-NC
  • 16. Challenge 9 – cultural change 16 The challenge of security awareness • Ensure security awareness is embedded and becomes the norm for the organisation • Rapid turnover of staff and students is a challenge • Long serving staff • Not just being aware, but understanding This Photo by Unknown Author is licensed under CC BY
  • 17. The University of Edinburgh • An internationally-acclaimed seat of learning • Reputation for research and as a pioneer of discoveries and scientific breakthroughs • A major employer and a major player in the City Deal Initiative 17 The challenge of security awareness
  • 18. The university is a target • Data theft – PII of staff and students • Financial gain – handling of student fees; large employer; contracts with third parties; Research grants; City Deal • Espionage – centres for research hold valuable intellectual property – you name it, it’s probably being researched • These are highlighted in our awareness program 18 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY
  • 19. Top cyber threats • Lack of awareness • Phishing • Malware/Ransomware • These are linked together • Helps to shape our thinking on awareness training • Relate advice to incidents helps to make it real 19 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY
  • 20. Phishing • There are deliveries everyday and emails informing users of them • Phishing is typically Ransomware or grab of credentials • Don’t pay. Restore from backups • No reading of email and browsing the web while logged in with a privileged account • Evidence suggests top targets for phishing attempts are research/medical 20 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY-NC
  • 21. Spear and whale phishing • Academics concerned over phishing attacks which they spotted, but how did they get that personal data about them? • Academic on-line profile is full of useful data • Biography, teaching and PhD Supervision, research, projects, publications • Social engineering using social media • We can’t hide away. Just be aware of what you put out and be on guard whenever someone new approaches you 21 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY
  • 22. Conferences • Register for a ‘conference’ and then email is returned stating there is a problem with the web site handling the registration process • The email contains an attachment, which is not malware. User asked to fill in their details • “We can arrange a discount via local hotels, so fill in this form with your personal details including passport number and credit card” • Also spoofing of genuine conference and claim delegate hasn’t paid 22 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY
  • 23. Other phishing attacks • Disk full alerts, email account upgrade or suspended, doing a routine maintenance and you need to provide your credentials • IT services would never do this • Phone scams on increase • Texts • Watering hole sites/fake domains • Fake pages linked to library systems 23 The challenge of security awareness
  • 24. Fraud • Spear Phishing - targeting key personnel for urgent payments • Mandate fraud – change of supplier bank details using fake website to spoof bank details. Receive payment to fake supplier bank account • Spoofed invoices • All the above prevented due to internal controls • Students giving money to “money advisers.” Lottery scam. Accommodation scams 24 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY-SA
  • 25. Bitcoin miners • System compromises due to lack of or delay in patching • Bitcoin miner code searches for other computers on the network and attempts to compromise • Failure to patch can impact on everyone 25 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY
  • 26. Freedom of information • Legal requirement for public sector • We have developed an understanding of what we can say in respect of security • You don’t want to map out your tech • We are often asked how many cyber attacks have we had? • We have also been asked how many of the University’s properties are haunted? 26 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY
  • 27. Physical security • The University is very old. Has a sprawling mix of buildings. We are proud of our estate and encourage openness • Physical thefts do occur • Clean desk policy • Wear lanyard, be prepared to challenge 27 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY-NC-ND
  • 28. Cyber security cultural assessment • Seven focus groups across a range of schools and business units • The themes of Empowerment, Awareness, Values, Behaviours, Adherence, Accountability, Responsibility, and Cultural Norms were discussed • Helped to benchmark and reinforce the direction we were taking • Staff want the information to enable them to do the right thing 28 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY
  • 29. Focus groups - actions • Communications – security working group • InfoSec champions network – with training • Review on-line training and target awareness • Refresh of guidance • Multi-channel communication campaign (use student interns) • Raise empowerment • Accountability 29 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY-NC
  • 30. The way forward • Users are our best defence • Foster an environment that encourages people to speak up, point out, challenge • A no blame culture • Consensus on what is important and aligned to the business • Assess the risks and partner with the business in language everyone understands • Partnership working 30 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY-SA
  • 31. The way forward • We provide policy and procedures around the need to handle University data securely • We also stress the need for users to handle their own personal data in the same way • Foster awareness by highlighting the data they hold on family and friends • Identity theft is real 31 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY-ND
  • 32. The way forward • Don’t be afraid to try different things and fail • Buy-in from top – invite your senior team along • GDPR champions network - Use those who do get it to help others get on-board • InfoSec champions network • Make it fun - don’t turn your users off • Enthusiasm can’t be faked. Enjoy your subject 32 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY-NC-ND
  • 33. The way forward • Look for quick wins. What can users do to make them more secure? • Automatic updates • Think before you click • AV on mobiles • We pitch the training at every opportunity 33 The challenge of security awareness This Photo by Unknown Author is licensed under CC BY
  • 34. The university of Edinburgh • Teamed up with the digital skills program • Security awareness week • Fraud awareness week • New staff welcome sessions • Creative learning festival – Medieval castles – Victorian fan language 34 The challenge of security awareness
  • 35. University awareness sessions • The Internet survival guide • Fraud, phishing and social engineering • Why is InfoSec important to me and you? • Practical encryption for staff and students • Mobile phone security • Ransomware • Introduction to the InfoSec team • Choosing software from an InfoSec view • Hacking, cybercrime and the movies 35 The challenge of security awareness
  • 36. MOOC • Massive Open Online Courses • Digital footprint initiative • Three week online course which includes developing an effective online presence, managing your privacy, creating opportunities for networking, balancing and managing professional and personal presences (e-professionalism) 36 The challenge of security awareness
  • 37. The university of Edinburgh • Mandatory on-line training • Embedding security in projects - Question sets for procurement • Top tip flyers • Active on social media • Student interns – feedback on what we are doing 37 The challenge of security awareness
  • 38. The university of Edinburgh • Focus groups • Phishing simulation • Merchandise and branding • Developing podcasts 38 The challenge of security awareness
  • 39. KPI’s • Increase in take up of training • Increase in calls for advice and support • Increased reports of phishing emails • Engagement at project initiation • Requests for vulnerability scans and penetration tests • Invitations to visit schools and colleges • One school now starting their own internal security awareness program • College requests for additional awareness sessions 39 The challenge of security awareness
  • 40. The challenge of security awareness 40 The challenge of security awareness