Information security awareness (sept 2012) bis handout
7 likesā¢1,793 views
This document discusses common challenges with information security from the perspective of various executives and IT professionals. It highlights issues such as lack of management support and understanding of security, non-compliance with security policies, insufficient resources and budget for security programs, and people being the weakest link for attacks. The document also emphasizes the importance of education, governance, risk management, project management, performance measurement, and regular reviews to effectively manage information security risks.
Information security awareness (sept 2012) bis handout
- 1. Information Security (un)awareness Marc Vael International Vice-President
- 2. āMy management just does not āgetā information security!ā Anonymous CISO of a large financial institution
- 3. āI am overwhelmed with all the passwords I have to remember. I just write them down & leave them with my executive assistant.ā Anonymous manager working in an insurance company
- 4. āManagement has authorized acquisition of security monitoring tools, but they did not give me any budget for people to do this monitoring.ā Anonymous CISO of a multinational service organisation
- 5. āSure, I support information security, but my people need to work and make money.ā Anonymous CEO of a retailer
- 6. āOur information security department keeps getting more tools, but I do not think we are any more secure.ā Anonymous CRO of a large financial institution
- 7. āSecurity policy is one thing. Reality is another.ā Anonymous COO from a consulting company
- 8. āAll that information security people do is say āNo!ā. They should learn how we really work. Angry manager of a governmental agency
- 16. Cyberwarfare is "the fifth domain of warfareā
- 17. Impact of an attack on the business
- 21. People are the weakest link. You can have the best technology, firewalls, intrusion-detection systems, biometric devices - and somebody can call an unsuspecting employee. That's all she wrote, baby. They got everything. Kevin Mitnick, ex hacker, IT security consultant.
- 24. Business Model for Information Security
- 31. Risk always exists! (whether or not it is detected / recognised by the organisation).
- 33. EDUCATION!
- 38. Corporate governance : ERM = COSO Support from Board of Directors & Executive Management
- 44. Review / Audit
- 46. Your security solution is as strong ā¦ ā¦ as its weakest link
- 52. For more informationā¦ Marc Vael International Vice-President Chairman of the Knowledge Board ISACA http://www.isaca.org/ [email protected] http://www.linkedin.com/in/marcvael @marcvael