18
Security Education and Awareness Group - SIG Kelley Archer, CISSR MN-ISSA, SEAG Facilitator, Distinguished Fellow, ISSA Ethics Committee, Director Information Security, AIMIA Inc.
| Date post: | 23-Dec-2015 |
| Category: |
Documents |
| Upload: | hollie-hunter |
| View: | 218 times |
| Download: | 3 times |
Security Education and Awareness Group - SIGSecurity Education and Awareness Group - SIG
Kelley Archer, CISSR MN-ISSA, SEAG Facilitator, Distinguished Fellow, ISSA Ethics Committee, Director Information Security, AIMIA Inc.
Kelley Archer, CISSR MN-ISSA, SEAG Facilitator, Distinguished Fellow, ISSA Ethics Committee, Director Information Security, AIMIA Inc.
• The SEAG has been successful during this last year and is growing in
participants as well as improved content.
• For 2015 and beyond what can SEAG provide that will help in developing
and/or maintaining an Information Security, Education, Training, Awareness
Program. – How can this be done with minimal staff and dollars while being a requirement for
almost every audit?
• The Security Awareness Group site is a repository for sharing knowledge,
experience, methodologies regarding IT Security Education, Awareness and
Training Programs. To join this group please login to your account, go to the
group site and click the join here link.
• The SEAG has been successful during this last year and is growing in
participants as well as improved content.
• For 2015 and beyond what can SEAG provide that will help in developing
and/or maintaining an Information Security, Education, Training, Awareness
Program. – How can this be done with minimal staff and dollars while being a requirement for
almost every audit?
• The Security Awareness Group site is a repository for sharing knowledge,
experience, methodologies regarding IT Security Education, Awareness and
Training Programs. To join this group please login to your account, go to the
group site and click the join here link.
2
AgendaAgenda• SEAG web site: http://
www.issa.org/members/group.aspx?id=106836
• VISION – Establish the ISSA Security Education Awareness Group site as a repository for sharing knowledge, experience, methodologies regarding IT Security Education, Awareness and Training Programs.
• Develop tools that can be shared and used by all ISSA members, in order to develop and implement IT Security Education and Awareness Programs for their respective organizations.
• To join this group, log into your ISSA account and then click on the "join group" button located at the center/top of the page. Group members will help build the content on the site, collaborate on educational programs and received special notification on meeting and other activities
• SEAG web site: http://www.issa.org/members/group.aspx?id=106836
• VISION – Establish the ISSA Security Education Awareness Group site as a repository for sharing knowledge, experience, methodologies regarding IT Security Education, Awareness and Training Programs.
• Develop tools that can be shared and used by all ISSA members, in order to develop and implement IT Security Education and Awareness Programs for their respective organizations.
• To join this group, log into your ISSA account and then click on the "join group" button located at the center/top of the page. Group members will help build the content on the site, collaborate on educational programs and received special notification on meeting and other activities
3
Forums on web siteForums on web site
• Group Meetings
• Training Ideas
• Training and Course Vendors
• Informational sites/articles
• Posters
• Screen Savers
• Games
• Trinket ideas and vendors
• Group Meetings
• Training Ideas
• Training and Course Vendors
• Informational sites/articles
• Posters
• Screen Savers
• Games
• Trinket ideas and vendors
4
Group MeetingsGroup Meetings
• SEAG Group next meeting is Wednesday, Nov. 5. 8-9:30 am CST in person or via live webinar
• Location of meetings is Health Partners in Bloomington, MN
• Next meeting speaker scheduled is Marc Schandal, BCBS MN
• 2015 Group to meet quarterly
• SEAG Group next meeting is Wednesday, Nov. 5. 8-9:30 am CST in person or via live webinar
• Location of meetings is Health Partners in Bloomington, MN
• Next meeting speaker scheduled is Marc Schandal, BCBS MN
• 2015 Group to meet quarterly
5
Training IdeasTraining Ideas
• LMS– Expensive but easier to manage ‘all in one’ package– Webinars– Kiosks– Contests
• Poster• Security Jeopardy• Other
– FAQ’s handouts– Brown Bag lunch and learn
• LMS– Expensive but easier to manage ‘all in one’ package– Webinars– Kiosks– Contests
• Poster• Security Jeopardy• Other
– FAQ’s handouts– Brown Bag lunch and learn
6
Training and Course VendorsTraining and Course Vendors
• US Security Awareness
• Wombat
• Mediapro
• Trustwave
• NSI/National Security Institute
• eLearningCorner
• Terranova
• US Security Awareness
• Wombat
• Mediapro
• Trustwave
• NSI/National Security Institute
• eLearningCorner
• Terranova
7
Informational Sites/ArticlesInformational Sites/Articles
• M.E. Thomson – INFOSEC Awareness educating your users
• Establishing a successful security awareness program
• Five dimensions of INFOSEC Awareness
• And more…..
• M.E. Thomson – INFOSEC Awareness educating your users
• Establishing a successful security awareness program
• Five dimensions of INFOSEC Awareness
• And more…..
8
Posters & Screen SaversPosters & Screen Savers
• CMS Illinois Dept. of Central Mg Services
• MindfulSecurity.com
• Poster Contest – 2013
• US Dept. of Commerce
• SEL
• Native Intelligence, Inc.
• Screen Saver – SnapComms – http://www.snapcomms.com/solution/employee-security-awareness
• CMS Illinois Dept. of Central Mg Services
• MindfulSecurity.com
• Poster Contest – 2013
• US Dept. of Commerce
• SEL
• Native Intelligence, Inc.
• Screen Saver – SnapComms – http://www.snapcomms.com/solution/employee-security-awareness
9
GamesGames
• Security Jeopardy – Demonstration
• Security Tic Tac Toe
• Security I’ve got a Secret
• Clue
• Security Jeopardy – Demonstration
• Security Tic Tac Toe
• Security I’ve got a Secret
• Clue
10
Trinket Ideas & VendorsTrinket Ideas & Vendors• www.primeline.com
• www.themagnetgroup.com
• www.norwood.com
• www.bulletline.com
– All for under $2.00 each • Stress ball – color globe• Anti-bacteria wipes• Touch stylus cleaner• Magic Answer Pen• Lite Tight Screwdriver set• Tissue box
• www.primeline.com
• www.themagnetgroup.com
• www.norwood.com
• www.bulletline.com
– All for under $2.00 each • Stress ball – color globe• Anti-bacteria wipes• Touch stylus cleaner• Magic Answer Pen• Lite Tight Screwdriver set• Tissue box
11
12
13
14
15
How they get your information How they get your information
16
• High Tech methods– Credit/Debit Card theft– Skimming – device under apron or at gas pumps– Pretexting – a form of social engineering– Man-in-the-Middle – intercept of communication– Phishing – Most common methods
• Pharming – tamper w/web site, redirect user• Vishing – voice phishing/robo calls• Search Engine Phishing – Too good to be true offer on web site• SMiShing – Spam text message posing as legitimate org.• Malware Based Phishing – attach a harmful program • Phishing through Spam – also known as spammer, sends offers• Spear Phishing – email phishing focused at businesses, e.g. IT
Tech support
• High Tech methods– Credit/Debit Card theft– Skimming – device under apron or at gas pumps– Pretexting – a form of social engineering– Man-in-the-Middle – intercept of communication– Phishing – Most common methods
• Pharming – tamper w/web site, redirect user• Vishing – voice phishing/robo calls• Search Engine Phishing – Too good to be true offer on web site• SMiShing – Spam text message posing as legitimate org.• Malware Based Phishing – attach a harmful program • Phishing through Spam – also known as spammer, sends offers• Spear Phishing – email phishing focused at businesses, e.g. IT
Tech support
Example Phishing emailsExample Phishing emails
17
Dear Customer::
For your security, access to Online Banking has been locked because the number of attempts to sign in exceeded the number allowed. To regain access to your internet banking, Please update and select the Reset Account link. below.
We will review the activity on your account with you and upon verification, we will remove any restrictions placed on your account.
To access and activate your account, simply click the link below.
www.bankofamerica.com/onlinebanking/index.php?id=zxdj9b32wx
The entire activation should take only 5 minutes of your time. Please complete the activation by now.
Thank you for using Online Banking.Bank Of Ameria Alerts
If you no longer wish to receive these e-mails, please click on this link:www.bankofamerica.com/onlinebanking/index.php?id=deactivate
QUESTIONS?????QUESTIONS?????
18
