saahil goel information security awareness amongst top management
TRANSCRIPT
Saahil Goel | Critical IS Management Issue
Not enough awareness about information security
Communication gap between security professionals and management
Management views security as a sunk cost
Information may not be available in an understandable form
Management takes a reactive rather than proactive approach to IS Security
IS Security can save organization from Loss of customer trust Bankruptcy Lawsuits Loss of competitive advantage Breach of sensitive data
IS Security can help organization Improve processes Increase efficiency Reduce costs Improve employee/customer satisfaction Generate additional revenue
Top Management Buy In Understand cost savings Develop material which management can
understand Develop tools for measurement of IS
Security spend and return
Employee Training Internal threat- most dangerous (intentional
& un-intentional) Mandatory Internal training and certification Create culture where IS Security is part of
the DNA of organization IS Security knowledge to be made
mandatory for all departments in an organization
Make employees understand their position in the IS Security strategy of a company
Stringent Security Policies Tools are available Enforcement needs to be beefed up
Intrusion Detection Systems and Auditing IDS: specific documentation of steps, roles and
responsibilities in case of a breach Auditing
Specific Reports to be generated – failed logins, distinct logins from single machine, etc.
Increase productivity and identify trouble-makers Check how well awareness has spread Measure security breach readiness within a
company