Security Awareness Communication Calendar - SANS · Information Security Awareness Communication...

22
Information Security Awareness Communication Calendar (ISACC) Rhonda Kelly, Oshkosh Corporation August 19, 2015

Transcript of Security Awareness Communication Calendar - SANS · Information Security Awareness Communication...

Page 1: Security Awareness Communication Calendar - SANS · Information Security Awareness Communication ... Security Education and Awareness ... Brand Awareness • Culture change New Hire

Information Security Awareness Communication

Calendar (ISACC)

Rhonda Kelly, Oshkosh Corporation

August 19, 2015

Page 2: Security Awareness Communication Calendar - SANS · Information Security Awareness Communication ... Security Education and Awareness ... Brand Awareness • Culture change New Hire

Agenda

|Oshkosh Corporation Overview |OSK SEA Program |Why the need to organize |Development of a Roadmap |ISACC in Depth |Value of ISACC

Page 3: Security Awareness Communication Calendar - SANS · Information Security Awareness Communication ... Security Education and Awareness ... Brand Awareness • Culture change New Hire

Oshkosh Is Not

Page 4: Security Awareness Communication Calendar - SANS · Information Security Awareness Communication ... Security Education and Awareness ... Brand Awareness • Culture change New Hire

Security Education and Awareness (SEA)

|OSK implemented program 2014 |Newly created position |Currently functioning with 2 FTE |Marketing/Communication |Direct report to the CISO

Page 5: Security Awareness Communication Calendar - SANS · Information Security Awareness Communication ... Security Education and Awareness ... Brand Awareness • Culture change New Hire

Security Education & Awareness Charter |Program Charter |One Year Plan |2 – 3 Year Plan |5 Year Plan |Progressive program with an

changing cyber world |STAY FLEXIBLE

Page 6: Security Awareness Communication Calendar - SANS · Information Security Awareness Communication ... Security Education and Awareness ... Brand Awareness • Culture change New Hire

Our Program Goals |Organization/cultural change |Consistent communication |Global adoption |Shifting resource allocations |Increasing motivation

Page 7: Security Awareness Communication Calendar - SANS · Information Security Awareness Communication ... Security Education and Awareness ... Brand Awareness • Culture change New Hire

Does anyone feel like this with company communications?

Page 8: Security Awareness Communication Calendar - SANS · Information Security Awareness Communication ... Security Education and Awareness ... Brand Awareness • Culture change New Hire

• Program Communications • Monthly Reports • Department Relationships • Program Recognition • Invites to All Employee

Meetings

• Focus Groups • Steering Committee • Awareness Events • Weekly, Monthly and Quarterly

Communications

Security Education and Awareness (SEA)

|Program Accomplishments |Create |Educate |Initiate |Manage |Maintain

• Service Desk Efficiencies • Automation of reporting

suspicious emails • JIT training with reporting • Brand Awareness • Culture change

• New Hire Orientation • Annual Training • Role Base Training • Focus Groups • Security Awareness Month

• Internet Sites • Phish Bowl Site • Training Videos • Instructional Videos • Educational Video Series • Security Policy Guideline • Brand Awareness

Page 9: Security Awareness Communication Calendar - SANS · Information Security Awareness Communication ... Security Education and Awareness ... Brand Awareness • Culture change New Hire

How did we accomplish all that? What product am I selling – SEA program to employees

What is the price to employees (Time)

Where are we going to market the communications

How are we going to Promo (quick read/often/variety)

Security Education & Awareness

Page 10: Security Awareness Communication Calendar - SANS · Information Security Awareness Communication ... Security Education and Awareness ... Brand Awareness • Culture change New Hire

Market Communications

Page 11: Security Awareness Communication Calendar - SANS · Information Security Awareness Communication ... Security Education and Awareness ... Brand Awareness • Culture change New Hire
Page 12: Security Awareness Communication Calendar - SANS · Information Security Awareness Communication ... Security Education and Awareness ... Brand Awareness • Culture change New Hire

ISACC Roadmap Annual View

Page 13: Security Awareness Communication Calendar - SANS · Information Security Awareness Communication ... Security Education and Awareness ... Brand Awareness • Culture change New Hire

Week 1

Page 14: Security Awareness Communication Calendar - SANS · Information Security Awareness Communication ... Security Education and Awareness ... Brand Awareness • Culture change New Hire

Week 2

Page 15: Security Awareness Communication Calendar - SANS · Information Security Awareness Communication ... Security Education and Awareness ... Brand Awareness • Culture change New Hire

Week 3

Page 16: Security Awareness Communication Calendar - SANS · Information Security Awareness Communication ... Security Education and Awareness ... Brand Awareness • Culture change New Hire

Week 4

Page 17: Security Awareness Communication Calendar - SANS · Information Security Awareness Communication ... Security Education and Awareness ... Brand Awareness • Culture change New Hire

Roadmap Quarter View

Page 18: Security Awareness Communication Calendar - SANS · Information Security Awareness Communication ... Security Education and Awareness ... Brand Awareness • Culture change New Hire

Another way to Conceptualize

Page 19: Security Awareness Communication Calendar - SANS · Information Security Awareness Communication ... Security Education and Awareness ... Brand Awareness • Culture change New Hire

|Marketing |Personal organization |Risk mitigation |Goal setting |Executive & Board approval |Audit and compliance

ISSAC is an Adaptive Tool for

Page 20: Security Awareness Communication Calendar - SANS · Information Security Awareness Communication ... Security Education and Awareness ... Brand Awareness • Culture change New Hire

Key Factors when applying ISSAC |Size of your organization |Executive support |Program visibility |Current staff |Internal partnerships |Flexibility |Communications

Page 21: Security Awareness Communication Calendar - SANS · Information Security Awareness Communication ... Security Education and Awareness ... Brand Awareness • Culture change New Hire
Page 22: Security Awareness Communication Calendar - SANS · Information Security Awareness Communication ... Security Education and Awareness ... Brand Awareness • Culture change New Hire

Interactive Session


Email Security Awareness

Email Security Awareness

Awareness, Creativity, Communication

Awareness, Creativity, Communication

Computer security awareness

Computer security awareness

Cyber Security Awareness

Cyber Security Awareness

Security Awareness, Training and Education Catalog · SECURITY AWARENESS, TRAINING AND EDUCATION CATALOG 2 Security Awareness Education Every Trustwave Security Awareness Education

Security Awareness, Training and Education Catalog · SECURITY AWARENESS, TRAINING AND EDUCATION CATALOG 2 Security Awareness Education Every Trustwave Security Awareness Education

Security - Situational awareness

Security - Situational awareness

Employee security awareness communication

Employee security awareness communication

FDA Security Awareness Web Site - NIST · 2018-09-27 · FDA Security Awareness Web Site . The Security Awareness Web Site provides ongoing security awareness including useful security

FDA Security Awareness Web Site - NIST · 2018-09-27 · FDA Security Awareness Web Site . The Security Awareness Web Site provides ongoing security awareness including useful security

Informal Communication and Awareness in Virtual Teams · Informal Communication and Awareness in Virtual Teams ... why informal communication and awareness are ... communication intensive

Informal Communication and Awareness in Virtual Teams · Informal Communication and Awareness in Virtual Teams ... why informal communication and awareness are ... communication intensive

Security Awareness

Security Awareness

Information Security - Awareness

Information Security - Awareness

Security Awareness Training · Card Industry Data Security Standard (PCI DSS 12.6), require a security awareness training program in order to achieve compliance. Security Awareness

Security Awareness Training · Card Industry Data Security Standard (PCI DSS 12.6), require a security awareness training program in order to achieve compliance. Security Awareness

Use of Gamification in Security Awareness and Training ... · Use of Gamification in Security Awareness and Training Programs Eyvind Garder B Gjertsen Master of Science in Communication

Use of Gamification in Security Awareness and Training ... · Use of Gamification in Security Awareness and Training Programs Eyvind Garder B Gjertsen Master of Science in Communication

Security awareness 24 May 2015 Security awareness.

Security awareness 24 May 2015 Security awareness.

Digital Security Stakeholders Conference 2018 · •Crisis management •Coordination •Communication •Cooperation •Awareness •Alerts and Warnings •Incident Handling •Awareness

Digital Security Stakeholders Conference 2018 · •Crisis management •Coordination •Communication •Cooperation •Awareness •Alerts and Warnings •Incident Handling •Awareness

Security awareness. Илья Борисов. "Security awareness первая линия защиты".

Security awareness. Илья Борисов. "Security awareness первая линия защиты".

Inbraakpreventie & ‘Security Awareness’

Inbraakpreventie & ‘Security Awareness’

Security awareness

Security awareness

Completing Security Awareness Training · 2020-05-13 · Security Awareness Training. 3. Completing Security Awareness Training Security Awareness Training will be completed in conjunction

Completing Security Awareness Training · 2020-05-13 · Security Awareness Training. 3. Completing Security Awareness Training Security Awareness Training will be completed in conjunction

Fostering Security Awareness

Fostering Security Awareness