Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • Valuendo - 25 Things Not To Do (March 2009) Handout

    Загружено:

    MarcVael
    12 просмотров16 страниц
    Presentation on 25 security topics what to do and what not to do

    Оригинальное название

    Valuendo_25 Things Not to Do (March 2009) Handout

    Авторское право

    © Attribution Non-Commercial (BY-NC)

    Доступные форматы

    PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    Presentation on 25 security topics what to do and what not to do

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    12 просмотров16 страниц

    Valuendo - 25 Things Not To Do (March 2009) Handout

    Загружено:

    MarcVael
    Presentation on 25 security topics what to do and what not to do

    Авторское право:

    Attribution Non-Commercial (BY-NC)
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 16

    25 tips & tricks

    25 Examples
    of what you should not do

    March 2009

    Mr. Marc Vael


    Managing Director
    Valuendo

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 1

    Agenda

    • Introduction
    • Concept
    • 25 Statements
    • Conclusion

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 2

    Marc Vael InfoSecurity 2009


    Valuendo March 2009
    1
    25 tips & tricks

    Introduction
    • Marc Vael
    • Managing Director Valuendo (“value & do”) since July 2001
    • Education
    – Master Applied Economics (UAntwerp)
    – Master Information Management (UHasselt)
    – Master+ Applied Economics & ICT (KUL)
    • Core Services
    – Enterprise Risk Management
    – IT Governance
    – Information Security Management
    – Data Privacy & Protection
    – Business Continuity / Disaster Recovery
    – Crisis Management
    – IT Audit & Compliance
    • Certifications in good standing
    – CISA / CISM / CISSP / ITIL Service Manager

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 3

    Concept

    • First :
    Statement

    • Second :
    Voting on your current experience

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 4

    Marc Vael InfoSecurity 2009


    Valuendo March 2009
    2
    25 tips & tricks

    Test : The economic crisis has no impact


    on the way we handle security

    • Fully Agree
    • Do not agree
    • Don’t know really

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 5

    Lesson 1 : Security > Business needs

    •Yes
    •Not always
    •No

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 6

    Marc Vael InfoSecurity 2009


    Valuendo March 2009
    3
    25 tips & tricks

    Lesson 2 : It is the CISO who is


    driving security in our organisation

    •Of course.
    •No, the real driver is
    someone else
    •I’m not sure

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 7

    Lesson 3 : Security budget is easy to


    calculate and to defend/present

    •Absolutely
    •Difficult to calculate,
    but easy to defend / present
    •Not really

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 8

    Marc Vael InfoSecurity 2009


    Valuendo March 2009
    4
    25 tips & tricks

    Lesson 4 : The security vision is


    understood by everyone

    •Yes and we even


    have checked this
    •We hope so
    •No

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 9

    Lesson 5 : Everybody understands


    security terminology used

    •Yes we know and


    we even have a glossary
    •We hope so
    •No

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 10

    Marc Vael InfoSecurity 2009


    Valuendo March 2009
    5
    25 tips & tricks

    Lesson 6 : Security and risk management


    are two different professions

    •Yes
    •No
    •Don’t know really

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 11

    Lesson 7 : People recognize security


    incidents

    •Yes and we even


    have tested this
    •We hope so
    •No

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 12

    Marc Vael InfoSecurity 2009


    Valuendo March 2009
    6
    25 tips & tricks

    Lesson 8 : People know how to


    classify and secure their information

    •Yes and we even


    have tested this
    •We hope so
    •No

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 13

    Lesson 9 : Security audits are


    essential to determine what’s wrong

    •Yes
    •We hope so
    •No

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 14

    Marc Vael InfoSecurity 2009


    Valuendo March 2009
    7
    25 tips & tricks

    Lesson 10 : Security awareness


    posters are the most effective tool

    •Yes and we even


    have checked this
    •We hope so
    •No

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 15

    Lesson 11 : People remember all


    passwords & pin-codes

    •Yes and we even


    have checked this
    •We hope so
    •No

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 16

    Marc Vael InfoSecurity 2009


    Valuendo March 2009
    8
    25 tips & tricks

    Lesson 12 : People always select a


    strong password

    •Yes and we
    even enforce this
    •We hope so
    •No

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 17

    Lesson 13 : People lock their PC


    information via screen saver

    •Yes and we even


    have checked this
    •We hope so
    •No

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 18

    Marc Vael InfoSecurity 2009


    Valuendo March 2009
    9
    25 tips & tricks

    Lesson 14 : People respect clean


    desk policy

    •Yes and we even


    have checked this
    •We hope so
    •No

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 19

    Lesson 15 : People always use the


    security tools we give them

    •Yes and we even


    have checked this
    •We hope so
    •No

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 20

    Marc Vael InfoSecurity 2009


    Valuendo March 2009
    10
    25 tips & tricks

    Lesson 16 : IT people give the good


    example of respecting security rules

    •Yes and we even


    have checked this
    •We hope so
    •No

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 21

    Lesson 17 : People only use official


    authorized software

    •Yes and we even


    have tested this
    •We hope so
    •No

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 22

    Marc Vael InfoSecurity 2009


    Valuendo March 2009
    11
    25 tips & tricks

    Lesson 18 : Only naughty people get


    naughty spam mails

    •Yes
    •No
    •Don’t know really

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 23

    Lesson 19 : Only dumb people fall for


    phishing scams / mails

    •Yes
    •No
    •Don’t know really

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 24

    Marc Vael InfoSecurity 2009


    Valuendo March 2009
    12
    25 tips & tricks

    Lesson 20 : People mention their


    backups in their OOO when unavailable

    •Yes
    •No
    •Don’t know really

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 25

    Lesson 21 : People suggest alternative


    communication channels when unavailable

    •Yes
    •No
    •Don’t know really

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 26

    Marc Vael InfoSecurity 2009


    Valuendo March 2009
    13
    25 tips & tricks

    Lesson 22 : People know & respect


    security rules when at other companies

    •Yes
    •No
    •Don’t know really

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 27

    Lesson 23 : People need full internet


    access for professional reasons

    •Yes
    •No
    •Don’t know really

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 28

    Marc Vael InfoSecurity 2009


    Valuendo March 2009
    14
    25 tips & tricks

    Lesson 24 : People know how to secure


    their wired & wireless network access

    •Yes
    •No
    •Don’t know really

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 29

    Lesson 25 : Security is still better on


    paper than on digital format

    •Yes
    •No
    •Don’t know really

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 30

    Marc Vael InfoSecurity 2009


    Valuendo March 2009
    15
    25 tips & tricks

    Conclusion

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 31

    Contact information
    Mr. Marc Vael, CISA, CISM, CISSP, ITIL
    Managing Director
    Valuendo
    Kriebrugstraat 33
    1760 Roosdaal
    Belgium
    T: +32 5 433 61 93
    M: +32 473 99 30 31
    M: mvael@valuendo
    mvael@valuendo.com
    .com
    W: www.valuendo.com

    © 2009 Valuendo. All rights reserved.


    INFORMATION CLASSIFICATION = PUBLIC 32

    Marc Vael InfoSecurity 2009


    Valuendo March 2009
    16

    Вам также может понравиться