Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
www.sacfis.co.za
Information Security Awareness Raising Campaign for Financial Institutions
-----
The Centre for Information Security helps organizations to initiate, plan and implement various awareness initiatives on information/cyber security issues.
An information security awareness program is necessary to address a recognized control issue. Although the security risks caused by people can not be totally eliminated, increasing awareness of information security will spread knowledge and thus increase understanding of information security concepts and objectives. Widespread understanding will increase the extent of support and commitment from employees to the rules and motivate them to improve security improvements will both increase compliance and reduce risk, making security breaches less likely and/or less costly, in other words real bottom-line business benefits.
-----
What we propose to do
We propose an innovative communications program designed to raise awareness of information security concepts, requirements and controls amongst staff, managers and technologists within your organisation. By informing your people about information security and motivating them to comply the controls, we will establish a widespread, lasting and deep-rooted security culture that will reduce the organizations security risk and net costs.
Compared to further investment in security technology, the proposed security awareness program is a highly cost-effective means of improving information security controls and, in fact, will derive more value from previous security investments. Why, What, How of our proposed security awareness campaign. Why implement a security awareness communication campaign? Communicate corporate policy to the employees or user community and encourage compliance Mitigate the Security versus Usability equation Defend against social engineering threat components User awareness enhances the overall security profile
What do we want to accomplish by making users aware of security? Encourage safe usage habits and discourage unsafe behavior Change user perceptions of information security Inform users about how to recognize and react to potential threats Educate users about information security techniques they can use
How do we get the desired results? Build interest Educate Communicate Repeat
Retain
-----
Areas we address and tools we use for implementation in the communication campaign.
Security Areas We Cover Fraud Hoaxes ID Theft Netiquette Privacy Scams Security Spam Smishing Viruses and Infectors Application and website security Information protection Spyware Online shopping Malware Phishing Pharming Passwords Secure local networks (Wi-Fi) Personal and Banking Data Protection Safe social networking Undesirable Websites Undesirable Mail Blocking Undesirable Materials Parental Monitoring the Dependence of Card scams Instant Messaging Data Theft Insider threats Third parties Online banking users Office security Business continuity Trade secret leaking
Tools we will use Publications o Posters o Flyers o Brochures o Bookmarks o Desktop brochure o Guide books o Handout o Newsletter Awareness day/week/month Games/Quiz Videos Radio clips Online medium o Intranet o Email o Adbanner o Web portal o Screen saver
-----
PLAN
MA IN TA I N
P LO VE DE
N PO ES R
D EP LO Y
Centre for Information Security follows a clear process to plan, implement and evaluate the awareness campaign project.
ASSES S
----
Our commitment
We are Botswana based information security consulting and research company 50% owned by citizen. The mother company is South African Centre for Information Security is Based in Johannesburg South Africa.
We do develop strategic and coherent methods of transmission of information pertaining to cyber security to targeted audience in order to carry out a successful awareness campaign. We do develop a rigorous communication plan which incorporates both creativity and repetition for maximum impact. Means and tools we deploy have specific goals to reach the targeted individuals at strategic moments through diversified means. We will deploy high level expert in information security, advertising, marketing and communication to the project for optimum mix of skills and results.
The logical sequence of events as shown in diagrammatically above makes the point that raising security awareness is not an end in itself but an important a step on the way to the ultimate objective, cost reduction.
2. Request clarification or request for live presentation (20 min) about the project and ask the project team questions. 3. Recommend us to decision makers to start of the project. a. The Future is Now, and Security Measure Starts Now Because You are Under Attack Now.