Information security awareness – a case study

January 5, 2018 | Author: Anonymous | Category: Engineering & Technology, Computer Science, Information Security
Share Embed Donate


Short Description

Download Information security awareness – a case study...

Description

3rd Information Security and Cyber Defence Conference Ms. Anett MÁDI-NÁTOR National Security Authority of Hungary Head of Information Security Awareness “How information security awareness programs are able to change corporate mind-set – a case study” 2013 Balatonőszöd

Table of contents Multi-level awareness The case The study The evaluation The conclusion

Information security awareness – a case study

Multi-level awareness Priviledged users Normal users System administrators System developers Information security awareness trainers

Information security awareness – a case study

The case A regionally significant service provider More than 6000 employees More than 43 million clients More than 65 million $ revenue Decision makers Users IT experts 1 month

Information security awareness – a case study

The study Professional content of training – system hardening methods including UNIX, Windows, and network aspects Pre-session and post-session questionnaire for assessing the change of security awareness level

Analysis of answers is based on statistical methods

Information security awareness – a case study

Measuring effectiveness of training itself

Willingness to participate in further information security awareness trainings 100% 90%

Ratio of willingness

80% 70% 60% 50%

89%

100%

40% 30% 20% 10% 0% Pre-Session

Post-Session

How safe the IT system of the company is considered by experts managing it 90% 80% 70%

Ratio of experts

60%

50% 40% 30% 20% 10% 0% Pre-session

Not safe 15%

Safe 69%

Very safe 16%

Post-session

18%

82%

0%

Would you introduce new/additional security measures to protect corporate business data? 100% 90%

Ratio of experts

80% 70% 60% 50% 40% 30% Post-session

20% 10% 0%

Pre-session Yes No

Pre-session

Yes 88%

No 12%

Post-session

92%

8%

Introducing new security measures to protect data on client phones

60%

Ratio of experts

50% 40% 30% 20% Post-session 10% 0% Pre-session Yes No

Pre-session

Yes 59%

No 41%

Post-session

42%

58%

Demand for improving IT security on corporate level

80% 70%

Ratio of experts

60% 50%

40% 30% 20%

Post-session

10% 0% Pre-session Yes No

Pre-session

Yes 59%

No 41%

Post-session

73%

27%

The evaluation Commitment to professional trainings Company IT system is considered less secure than before A more structured view of security, relying on the IT Security Dept. A more concise view of system weaknesses A need for change regarding the IT security concept

Information security awareness – a case study

The conclusion Focus of experts moves to company- and corporatelevel security from securing end-user devices Growing demand for expert knowledge transfer

Information security awareness – a case study

Solution-driven information security approach in practice

3rd Information Security and Cyber Defence Conference

Thank you for your attention (and the fish)

2013 Balatonőszöd

View more...

Comments

Copyright � 2017 NANOPDF Inc.
SUPPORT NANOPDF