cyber security awareness

ramirocid.com [email protected] Twitter: @ramirocid

Ramiro Cid | @ramirocid

Cyber Security Awareness


2

Index

1. Introduction to Cyber Security Page 3

2. Why is Cyber Security important? Page 4

3. What do I have to do to protect me from Cyber attacks? Page 5

4. How to create a IT Security Awareness Plan ? Page 7

5. Sources used and webs to expand knowledge Page 11


Introduction to Cyber Security

Cybersecurity, also known as “IT security” or “Computer security” is information security applied to

computing devices such as servers, computers and mobile devices (as smartphones, tablets), etc.,

as well as computer networks such as private and public networks, including the whole Internet.

Network outages, data compromised by hackers, social attacks, computer viruses and other security

incidents could affect our lives in ways that range from inconvenient to life-threatening. As the

number of mobile users and devices, web applications and data networks increase, so do the

opportunities for exploitation.

The field covers all the processes and mechanisms by which digital equipment, information and

services are protected from unintended or unauthorized access, change or destruction, and is of

growing importance in line with the increasing reliance on computer systems of most societies

worldwide.


Why is Cyber Security important?

Governments, military, private corporations, financial institutions, hospitals and other businesses

collect, process and store a great deal of confidential information on computers and transmit that

data across their networks (using also external suppliers and customers networks too) to send their

data to other computers.

With the growing volume and sophistication of cyber attacks, ongoing attention is required to protect

sensitive business and personal information, as well as

safeguard national security and personal data.

Nowadays, the nation's top intelligence officials

warned that cyber attacks and digital spying are the

top threat to national security, eclipsing terrorism.


What do I have to do to protect me from Cyber attacks?

• Common sense (the less common of the senses) is something we have to use (in addition of Best

Practices about IT Security off course) but not always people use it properly.

• There are different countermeasures in relation of the asset to protect against different

vulnerabilities which could affect it. Depends on the case you must use one or other.

• In a corporate environment it is a good practice split the responsibilities between IT management

and IT Security Management. Not always possible in small companies or areas.


What do I have to do to protect me from Cyber attacks?

• Companies which want to have a correct IT Security Awareness need to develop a plan to do the

rollout of trainning about this awareness.

• People is often the weak link in the chain in IT Security. The best technical security efforts will fail if

their company has a weak security culture.


How to create a IT Security Awareness Plan ?

There are different ways to get it, now I will explain a way to do it:

1. C-Level support

Awareness programs that obtain C-level support are more successful. Top Management has to give

the support to this process. This support inevitably leads to more freedom, larger budgets and

support from other departments.

2. Partnering with key departments

Successful awareness programs found a way to involve other departments, such as legal,

compliance, human resources, marketing, privacy and physical security.



3. Creativity

Creativity is a must. While a large budget helps, companies with a small security awareness budget

have still been able to establish successful programs. Creativity and enthusiasm can make up for a

small budget.

4. Metrics

One of the key factors in having a successful effort is being

able to prove that your effort is successful. The only way to

do this is to collect metrics prior to initiated new awareness efforts.



5. Department of how

Awareness efforts that focus on how to accomplish actions are more successful than those that

focus on telling people that they should not be doing things.

6. 90-day plans

Most security awareness programs follow a one-year plan. Those plans also attempt to cover one

topic a month. This is ineffective, as it does not reinforce knowledge, and does not allow for

feedback or to account for ongoing events.



7. Multimodal awareness materials

The most successful programs are not only creative; they rely on many forms of awareness

materials. While there is a potential place for learning management system training modules, too

many programs rely on them completely as an awareness program.


Sources used and webs to expand knowledge

� “What is Cyber Security?” – UMUC | URL: http://www.umuc.edu/cybersecurity/about/cybersecurity-basics.cfm

� “IT Security Review: Privacy, Protection, Access Control, Assurance and System Security”

URL: http://www.sersc.org/journals/IJMUE/vol2_no2_2007/2.pdf

� Wikipedia | URL: http://en.wikipedia.org/wiki/Computer_security

� “The 7 elements of a successful security awareness program”

URL: http://www.csoonline.com/article/2133408/network-security/the-7-elements-of-a-successful-security-awareness-program.html

� “Why you shouldn't train employees for security awareness?”

URL: http://www.csoonline.com/article/2131941/security-awareness/why-you-shouldn-t-train-employees-for-security-awareness.html

� “Ten commandments for effective security training”

URL: http://www.csoonline.com/article/2131688/security-awareness/ten-commandments-for-effective-security-training.html


Questions ?

Many thanks !Ramiro Cid

CISM, CGEIT, ISO 27001 LA, ISO 22301 LA, ITIL

[email protected]

@ramirocid

http://www.linkedin.com/in/ramirocid

http://ramirocid.com http://es.slideshare.net/ramirocid

http://www.youtube.com/user/cidramiro

cyber security awareness

Technology

security awareness plan

computer security

security management

cyber security page

weak security

physical security

cyber security important

assafeguard national