-----

www.sacfis.co.za
Information Security Awareness Raising Campaign for Financial Institutions

A proposal to carry out Information Security awareness raising campaign.

Building the Human Firewall
Information and information systems are vital to running business especially when it is critical like financial institution. From creating new products to fulfilling customer orders it requires up-to-date, accurate and reliable information to enable the business to operate effectively. Organisations have invested in information security technologies such as antivirus software and firewalls to protect key information assets. However, losses are incurred and significant information security risks pause threats as a result of the accidental or deliberate actions and inactions of employees. As cited in audit reports, periodicals, and conference presentations, it is generally understood by the IT security professional community that people are one of the weakest links in attempts to secure systems and networks. The people factor - not technology - is key to providing an adequate and appropriate level of security. If people are the key, but are also a weak link, more and better attention must be paid to this asset. A robust and enterprise wide awareness and training program is paramount to ensuring that people understand their IT security responsibilities, organizational policies, and how to properly use and protect the IT resources entrusted to them. Implementing a successful Security Awareness Program is an essential step in enhancing security within any organization. The mindset and behavior of employees is the crux of the issue in order to operate at an acceptable level of awareness the organizations employees must have certain basic knowledge to behave securely. Perhaps one of the most complex and powerful components of an information system, people, are also one of the most vulnerable. If employees are properly informed, trained, and educated on how to detect and respond to potential security incidents, they will become well-trained watchdogs continually looking out for the safety of the organization. The safety net created by information security awareness is described as a Human firewall. A cultural change must occur within an organization, starting with the CEO and continue down the line to each and every employee in order to create a culture of security.
Communication Campaign to raise information security awareness at financial institution

-----

The Centre for Information Security helps organizations to initiate, plan and implement various awareness initiatives on information/cyber security issues.

Challenges of information/IT/cyber security at work place

Delivering a consistent message about the importance of information security Convincing users to develop and maintain safer computer usage habits Motivating users to take a personal interest in information security Giving end user security awareness a higher priority within organizations Developing materials that deliver a clear message about security topics

An information security awareness program is necessary to address a recognized control issue. Although the security risks caused by people can not be totally eliminated, increasing awareness of information security will spread knowledge and thus increase understanding of information security concepts and objectives. Widespread understanding will increase the extent of support and commitment from employees to the rules and motivate them to improve security improvements will both increase compliance and reduce risk, making security breaches less likely and/or less costly, in other words real bottom-line business benefits.

Communication Campaign to raise information security awareness at financial institution

-----

What we propose to do

We propose an innovative communications program designed to raise awareness of information security concepts, requirements and controls amongst staff, managers and technologists within your organisation. By informing your people about information security and motivating them to comply the controls, we will establish a widespread, lasting and deep-rooted security culture that will reduce the organizations security risk and net costs.

Compared to further investment in security technology, the proposed security awareness program is a highly cost-effective means of improving information security controls and, in fact, will derive more value from previous security investments. Why, What, How of our proposed security awareness campaign. Why implement a security awareness communication campaign? Communicate corporate policy to the employees or user community and encourage compliance Mitigate the Security versus Usability equation Defend against social engineering threat components User awareness enhances the overall security profile

What do we want to accomplish by making users aware of security? Encourage safe usage habits and discourage unsafe behavior Change user perceptions of information security Inform users about how to recognize and react to potential threats Educate users about information security techniques they can use

How do we get the desired results? Build interest Educate Communicate Repeat

Retain

Communication Campaign to raise information security awareness at financial institution

-----

Areas we address and tools we use for implementation in the communication campaign.
Security Areas We Cover Fraud Hoaxes ID Theft Netiquette Privacy Scams Security Spam Smishing Viruses and Infectors Application and website security Information protection Spyware Online shopping Malware Phishing Pharming Passwords Secure local networks (Wi-Fi) Personal and Banking Data Protection Safe social networking Undesirable Websites Undesirable Mail Blocking Undesirable Materials Parental Monitoring the Dependence of Card scams Instant Messaging Data Theft Insider threats Third parties Online banking users Office security Business continuity Trade secret leaking

Tools we will use Publications o Posters o Flyers o Brochures o Bookmarks o Desktop brochure o Guide books o Handout o Newsletter Awareness day/week/month Games/Quiz Videos Radio clips Online medium o Intranet o Email o Adbanner o Web portal o Screen saver

Communication Campaign to raise information security awareness at financial institution

-----

We follow clear process to plan and implement this project

1. Planning Ownership Funding Roles 2. Development Campaign Materials Awareness Content Delivery Methods 3. Deployment Pilot Deployment Message Refinement Final Deployment . Assessment Pre-assessment Pilot Assessment Questionnaires 5. Response Policy Communication Refinement 6. Maintenance Business Changes Technology Changes Threat Changes

PLAN
MA IN TA I N

P LO VE DE

N PO ES R

D EP LO Y

Centre for Information Security follows a clear process to plan, implement and evaluate the awareness campaign project.

Communication Campaign to raise information security awareness at financial institution

ASSES S

----

Our commitment
We are Botswana based information security consulting and research company 50% owned by citizen. The mother company is South African Centre for Information Security is Based in Johannesburg South Africa.

We do develop strategic and coherent methods of transmission of information pertaining to cyber security to targeted audience in order to carry out a successful awareness campaign. We do develop a rigorous communication plan which incorporates both creativity and repetition for maximum impact. Means and tools we deploy have specific goals to reach the targeted individuals at strategic moments through diversified means. We will deploy high level expert in information security, advertising, marketing and communication to the project for optimum mix of skills and results.
The logical sequence of events as shown in diagrammatically above makes the point that raising security awareness is not an end in itself but an important a step on the way to the ultimate objective, cost reduction.

What you can do to start of your project

1. Contact us.
a. b. c. d. Call Neo and arrange meeting: 393 5758 Contact the project manager beza@sacfis.co.za Call the project manager 72 154528 for technical queries Visit us at Plot No. 717, Etseseng Close, Extension 2, Main Mall, Gaborone e. Ask us to come to your office

2. Request clarification or request for live presentation (20 min) about the project and ask the project team questions. 3. Recommend us to decision makers to start of the project. a. The Future is Now, and Security Measure Starts Now Because You are Under Attack Now.

Communication Campaign to raise information security awareness at financial institution