Build a Security Awareness and Training Program Your weakest link is between the keyboard and the chair. End users are either the intentional or the unintentional cause of security threats for your organization. They are one of the largest vulnerabilities organizations face today: They are easily manipulated through malicious activities They are then exploited in order to: Steal information or data Cause disruption or sabotage to an organization Organizations invest huge capital into technology-based security controls while, in the meantime, end users will continue to be one of the weakest links. The average cost of a data breach due to human error was approximately $160 per record compromised. Source: Ponemon Institute, 2014 Cost of a Data Breach Of organizations, 19% found that the cost of a social engineering incident was more than $100,000. For organizations with more than 5,000 employees, this increased to 30%. Source: Ponemon Institute, 2014 Cost of a Data Breach Over 95% of all security incidents investigated recognized human error as a contributing error. IBM Security Services 2014 Cyber Security Intelligence Index Of companies, 55% indicated that they believe privileged users were the biggest internal threat to corporate data. Source: 2015 Vormetric Insider Threat Report There are three main areas that security needs to focus on: technology, process, people Most organizations are aware of these three areas; however, many focus purely on the technology and process aspects. The resources and budget spent on the people aspect of security pales in comparison to process and technology. For any organization to succeed with their technology and process related controls, the people need to be security aware and trained. There are three main areas that security needs to focus on: technology, process, people Develop your security awareness and training program using an agile methodology. For the most effective results, apply the software agile development methodology to your security awareness and training program, focusing on the continual delivery of customized modules delivered to staff in smaller portions. Security policies are your foundation. For any security awareness and training to be effective it must

Build a Security Awareness and Training Program

Download PPTX Report

Upload
info-tech-research-group
View
81
Download
2

Tags:

Embed Size (px)

Citation preview

Page 1: Build a Security Awareness and Training Program

Steal information or dataCause disruption or sabotage to an organization

Organizations invest huge capital into technology-based security controls while, in the meantime, end users will continue to be one of the weakest links. The average cost of a data breach due to human error was approximately $160 per record compromised.Source: Ponemon Institute, 2014 Cost of a Data Breach Of organizations, 19% found that the cost of a social engineering incident was more than $100,000. For organizations with more than 5,000 employees, this increased to 30%.Source: Ponemon Institute, 2014 Cost of a Data Breach Over 95% of all security incidents investigated recognized human error as a contributing error.IBM Security Services 2014 Cyber Security Intelligence Index Of companies, 55% indicated that they believe privileged users were the biggest internal threat to corporate data.Source: 2015 Vormetric Insider Threat ReportThere are three main areas that security needs to focus on: technology, process, peopleMost organizations are aware of these three areas; however, many focus purely on the technology and process aspects. The resources and budget spent on the people aspect of security pales in comparison to process and technology. For any organization to succeed with their technology and process related controls, the people need to be security aware and trained. There are three main areas that security needs to focus on: technology, process, peopleDevelop your security awareness and training program using an agile methodology.For the most effective results, apply the software agile development methodology to your security awareness and training program, focusing on the continual delivery of customized modules delivered to staff in smaller portions. Security policies are your foundation. For any security awareness and training to be effective it must be rooted in organizational security policies. Test your end users. Any sort of mock or simulated testing of end users’ susceptibility to exploitation can prove highly informative to your program. Test continually. Remind your end users that security is a priority for the entire organization and should be something that is part of every employee’s responsibilities.