SlideShare a Scribd company logo

PINAR AKKAYA - The Human Dimension

Pinar AKKAYA
Pinar AKKAYA

Human Aspect of Information Security > Presentation done on 12 October, 2011 E-Crime Event, Istanbul

Technology
1 of 37
Download to read offline
> The Human dimension human aspect of information security
Guess You’ll all agree with me that….
bad information security means bad company security lost credibility
we must be sure that we protect our data, our commercial secrets, our assets and our business transactions
YOU DO EVERYTHING TO MAKE THIS HAPPEN FOR SURE
but… EMPLOYEES WORK WITH COMPANY DATA, COMPANY SYSTEMS, THEY ARE IN TOUCH WITH CLIENTS, SERVICES AND PRODUCTS. THEY NEED TO UNDERSTAND THE BASIC PRINCIPLES OF INFORMATION SECURITY.
Fact: HUMAN ERROR IS THE CAUSE OF 42% OF ALL SECURITY BREACHES ISC2 White Paper : Securing the Organizations: Creating A Partnership Between HR and Information Security
Information security is one of the biggest challenges a business faces today. 55% of 50% of companies used respondents think that their employees had over 7 different little or even no vendors to keep awareness of data their network protection issues or secure. corporate security policy. Ref: Checkpoint Technologies&The Ponemon Institute Survey 2011 >> 2,400 IT security staff across the world
When does “an employee” becomes a RISK?
Do you know what these are? 123456 Password iloveu
I mean… The gap between you guys And your average employee is HUGE
Fact: We don’t know As much as you do
Paper, pen, letter typewriter computer internet, e-mail Web 2.0, social media Virtual communities
People move… Both in real and virtual world… And they create risk! With or without knowing it
A picture… 87,5% of large businesses have a security policy in place. 67% of the companies that give a high priority to security also had a security policy. A big majority of companies take steps to raise awareness among employees. More than 50% allow staff to access their systems remotely. The proportion of businesses restricting internet access dropped by 50%. Now only fewer than 10% gave no access to the internet. Employees are increasingly being targeted by "social engineering" attacks. Businesses are becoming more concerned about what was being said about them on social networking sites. More than 80% of large companies blocked access to inappropriate websites. 86% logged and monitored staff access to the internet. Research by PWC UK , 2010
more exposure, more action, more knowhow sharing, more interaction The Return is big but the Risk is big too
your employees can fast become the weakest link in your information security
changing employee behaviour is the key to improving information security.
The big how
Offer them a clear framework EMAIL SECURITY INTERNET SECURITY DATA SECURITY ASSETS SECURITY
Do you have policies? Why?
Customize the access according to the skills and needs of the employees customize the risk But standardize your policies
The worst way to communicate a policy is Publishing it
Educate, educate, educate: have your employees build the “awareness” muscle Give people good habits
Communicate your best practices
Create an awareness culture: let it be a dialogue
Make it formal: it is serious
Make it simple, make it fun, make it participative
Make it a management issue
Be fully proactive
Tell them Personal = professional
Prohibiting Limiting Banning is not your key to success trust
answer WIIFM?
Hr & it partnership* Does hr talk about these? I am afraid not… Legal base remains unclear too…
You have to be security and policy mentor Your employees have to be security and policy literate Your company has to be security and policy fluent
get connected E-mail: pinar.akkaya.pa@gmail.com LinkedIn: http://tr.linkedin.com/in/pinarakkaya Twitter: http://twitter.com/PINARAKKAYA http://twitter.com/lifesocialmedia http://tr.linkedin.com/groups/hrleadersturkey

Recommended

Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employeesPriscila Bernardes
 
Think like a hacker for better security awareness
Think like a hacker for better security awarenessThink like a hacker for better security awareness
Think like a hacker for better security awarenessCOMSATS
 
Awareness is only the first step
Awareness is only the first stepAwareness is only the first step
Awareness is only the first stepHewlett Packard Enterprise Business Value Exchange
 
Compliance With Data Security Policies
Compliance With Data Security PoliciesCompliance With Data Security Policies
Compliance With Data Security PoliciesHongyang Wang
 
What's Yours Is Mine
What's Yours Is MineWhat's Yours Is Mine
What's Yours Is MineSymantec
 
"Overcoming the Fear: What C-Level Execs are Afraid of When it Comes to Socia...
"Overcoming the Fear: What C-Level Execs are Afraid of When it Comes to Socia..."Overcoming the Fear: What C-Level Execs are Afraid of When it Comes to Socia...
"Overcoming the Fear: What C-Level Execs are Afraid of When it Comes to Socia...Blend Interactive
 
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud Whitepaper: Offboarding Inefficiencies and Security ThreatsBetterCloud
 
Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.uNIX Jim
 

Recommended

Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employeesPriscila Bernardes
 
Think like a hacker for better security awareness
Think like a hacker for better security awarenessThink like a hacker for better security awareness
Think like a hacker for better security awarenessCOMSATS
 
Awareness is only the first step
Awareness is only the first stepAwareness is only the first step
Awareness is only the first stepHewlett Packard Enterprise Business Value Exchange
 
Compliance With Data Security Policies
Compliance With Data Security PoliciesCompliance With Data Security Policies
Compliance With Data Security PoliciesHongyang Wang
 
What's Yours Is Mine
What's Yours Is MineWhat's Yours Is Mine
What's Yours Is MineSymantec
 
"Overcoming the Fear: What C-Level Execs are Afraid of When it Comes to Socia...
"Overcoming the Fear: What C-Level Execs are Afraid of When it Comes to Socia..."Overcoming the Fear: What C-Level Execs are Afraid of When it Comes to Socia...
"Overcoming the Fear: What C-Level Execs are Afraid of When it Comes to Socia...Blend Interactive
 
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud Whitepaper: Offboarding Inefficiencies and Security ThreatsBetterCloud
 
Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.uNIX Jim
 
1. Augmenting Work with AI and Driving Adoption of Collaboration
1. Augmenting Work with AI and Driving Adoption of Collaboration1. Augmenting Work with AI and Driving Adoption of Collaboration
1. Augmenting Work with AI and Driving Adoption of CollaborationAlan Hamilton
 
Cyber liability and cyber security
Cyber liability and cyber securityCyber liability and cyber security
Cyber liability and cyber securityHelen Carpenter
 
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?EMC
 
Allow is the New Block
Allow is the New BlockAllow is the New Block
Allow is the New BlockSean Dickson
 
Edelman Privacy Risk Index 2012
Edelman Privacy Risk Index 2012Edelman Privacy Risk Index 2012
Edelman Privacy Risk Index 2012Edelman.ergo GmbH
 
Cybersecurity Actions for CEOs
Cybersecurity Actions for CEOsCybersecurity Actions for CEOs
Cybersecurity Actions for CEOsPECB
 
Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessSafeNet
 
True Drivers of MDM webinar
True Drivers of MDM webinarTrue Drivers of MDM webinar
True Drivers of MDM webinarKalido
 
Cloud security and cloud adoption public
Cloud security and cloud adoption publicCloud security and cloud adoption public
Cloud security and cloud adoption publicJohn Mathon
 
Nexus It Group Resume Writing
Nexus It Group Resume WritingNexus It Group Resume Writing
Nexus It Group Resume Writingtlinde
 
What people Analytics can't capture
What people Analytics can't capture What people Analytics can't capture
What people Analytics can't capture FaisalAhmed312
 
All clear id_whitepaper__not_all_breaches_are_created_equal
All clear id_whitepaper__not_all_breaches_are_created_equalAll clear id_whitepaper__not_all_breaches_are_created_equal
All clear id_whitepaper__not_all_breaches_are_created_equalNicholas Cramer
 
Leveraging Human Factors for Effective Security Training, for ISSA Webinar Ma...
Leveraging Human Factors for Effective Security Training, for ISSA Webinar Ma...Leveraging Human Factors for Effective Security Training, for ISSA Webinar Ma...
Leveraging Human Factors for Effective Security Training, for ISSA Webinar Ma...Jason Hong
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
 
Get Employees Invested In CyberSecurity
Get Employees Invested In CyberSecurity Get Employees Invested In CyberSecurity
Get Employees Invested In CyberSecurity Scott Maurice
 
Business Objects Security
Business Objects SecurityBusiness Objects Security
Business Objects SecuritySebastien Goiffon
 
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...GFI Software
 
Security Analytics for Certified Fraud Examiners
Security Analytics for Certified Fraud ExaminersSecurity Analytics for Certified Fraud Examiners
Security Analytics for Certified Fraud ExaminersThe Lorenzi Group
 
Three tools to reduce employee apathy
Three tools to reduce employee apathyThree tools to reduce employee apathy
Three tools to reduce employee apathyStephen P. Abbey
 
Decoding Organizational DNA: Trust, Data and Unlocking Value in the Digital W...
Decoding Organizational DNA: Trust, Data and Unlocking Value in the Digital W...Decoding Organizational DNA: Trust, Data and Unlocking Value in the Digital W...
Decoding Organizational DNA: Trust, Data and Unlocking Value in the Digital W...Accenture Insurance
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook SecurityRogers Communications
 
BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docx BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docxaryan532920
 

More Related Content

What's hot

1. Augmenting Work with AI and Driving Adoption of Collaboration
1. Augmenting Work with AI and Driving Adoption of Collaboration1. Augmenting Work with AI and Driving Adoption of Collaboration
1. Augmenting Work with AI and Driving Adoption of CollaborationAlan Hamilton
 
Cyber liability and cyber security
Cyber liability and cyber securityCyber liability and cyber security
Cyber liability and cyber securityHelen Carpenter
 
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?EMC
 
Allow is the New Block
Allow is the New BlockAllow is the New Block
Allow is the New BlockSean Dickson
 
Edelman Privacy Risk Index 2012
Edelman Privacy Risk Index 2012Edelman Privacy Risk Index 2012
Edelman Privacy Risk Index 2012Edelman.ergo GmbH
 
Cybersecurity Actions for CEOs
Cybersecurity Actions for CEOsCybersecurity Actions for CEOs
Cybersecurity Actions for CEOsPECB
 
Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessSafeNet
 
True Drivers of MDM webinar
True Drivers of MDM webinarTrue Drivers of MDM webinar
True Drivers of MDM webinarKalido
 
Cloud security and cloud adoption public
Cloud security and cloud adoption publicCloud security and cloud adoption public
Cloud security and cloud adoption publicJohn Mathon
 
Nexus It Group Resume Writing
Nexus It Group Resume WritingNexus It Group Resume Writing
Nexus It Group Resume Writingtlinde
 
What people Analytics can't capture
What people Analytics can't capture What people Analytics can't capture
What people Analytics can't capture FaisalAhmed312
 
All clear id_whitepaper__not_all_breaches_are_created_equal
All clear id_whitepaper__not_all_breaches_are_created_equalAll clear id_whitepaper__not_all_breaches_are_created_equal
All clear id_whitepaper__not_all_breaches_are_created_equalNicholas Cramer
 
Leveraging Human Factors for Effective Security Training, for ISSA Webinar Ma...
Leveraging Human Factors for Effective Security Training, for ISSA Webinar Ma...Leveraging Human Factors for Effective Security Training, for ISSA Webinar Ma...
Leveraging Human Factors for Effective Security Training, for ISSA Webinar Ma...Jason Hong
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
 
Get Employees Invested In CyberSecurity
Get Employees Invested In CyberSecurity Get Employees Invested In CyberSecurity
Get Employees Invested In CyberSecurity Scott Maurice
 
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...GFI Software
 
Security Analytics for Certified Fraud Examiners
Security Analytics for Certified Fraud ExaminersSecurity Analytics for Certified Fraud Examiners
Security Analytics for Certified Fraud ExaminersThe Lorenzi Group
 

What's hot (18)

1. Augmenting Work with AI and Driving Adoption of Collaboration
1. Augmenting Work with AI and Driving Adoption of Collaboration1. Augmenting Work with AI and Driving Adoption of Collaboration
1. Augmenting Work with AI and Driving Adoption of Collaboration
 
Cyber liability and cyber security
Cyber liability and cyber securityCyber liability and cyber security
Cyber liability and cyber security
 
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
 
Allow is the New Block
Allow is the New BlockAllow is the New Block
Allow is the New Block
 
Edelman Privacy Risk Index 2012
Edelman Privacy Risk Index 2012Edelman Privacy Risk Index 2012
Edelman Privacy Risk Index 2012
 
Cybersecurity Actions for CEOs
Cybersecurity Actions for CEOsCybersecurity Actions for CEOs
Cybersecurity Actions for CEOs
 
Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling Business
 
True Drivers of MDM webinar
True Drivers of MDM webinarTrue Drivers of MDM webinar
True Drivers of MDM webinar
 
Cloud security and cloud adoption public
Cloud security and cloud adoption publicCloud security and cloud adoption public
Cloud security and cloud adoption public
 
Nexus It Group Resume Writing
Nexus It Group Resume WritingNexus It Group Resume Writing
Nexus It Group Resume Writing
 
What people Analytics can't capture
What people Analytics can't capture What people Analytics can't capture
What people Analytics can't capture
 
All clear id_whitepaper__not_all_breaches_are_created_equal
All clear id_whitepaper__not_all_breaches_are_created_equalAll clear id_whitepaper__not_all_breaches_are_created_equal
All clear id_whitepaper__not_all_breaches_are_created_equal
 
Leveraging Human Factors for Effective Security Training, for ISSA Webinar Ma...
Leveraging Human Factors for Effective Security Training, for ISSA Webinar Ma...Leveraging Human Factors for Effective Security Training, for ISSA Webinar Ma...
Leveraging Human Factors for Effective Security Training, for ISSA Webinar Ma...
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
 
Get Employees Invested In CyberSecurity
Get Employees Invested In CyberSecurity Get Employees Invested In CyberSecurity
Get Employees Invested In CyberSecurity
 
Business Objects Security
Business Objects SecurityBusiness Objects Security
Business Objects Security
 
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
 
Security Analytics for Certified Fraud Examiners
Security Analytics for Certified Fraud ExaminersSecurity Analytics for Certified Fraud Examiners
Security Analytics for Certified Fraud Examiners
 

Similar to PINAR AKKAYA - The Human Dimension

Three tools to reduce employee apathy
Three tools to reduce employee apathyThree tools to reduce employee apathy
Three tools to reduce employee apathyStephen P. Abbey
 
Decoding Organizational DNA: Trust, Data and Unlocking Value in the Digital W...
Decoding Organizational DNA: Trust, Data and Unlocking Value in the Digital W...Decoding Organizational DNA: Trust, Data and Unlocking Value in the Digital W...
Decoding Organizational DNA: Trust, Data and Unlocking Value in the Digital W...Accenture Insurance
 
BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docx BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docxaryan532920
 
Decoding Organizational DNA
Decoding Organizational DNADecoding Organizational DNA
Decoding Organizational DNAaccenture
 
Decoding Organizational DNA
Decoding Organizational DNADecoding Organizational DNA
Decoding Organizational DNAaccenture
 
Windstream Cloud Security Checklist
Windstream Cloud Security Checklist Windstream Cloud Security Checklist
Windstream Cloud Security Checklist Ideba
 
Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.jayceewong1
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeEMC
 
What Small Business Can Do To Protect Themselves Now in Cybersecurity
What Small Business Can Do To Protect Themselves Now in CybersecurityWhat Small Business Can Do To Protect Themselves Now in Cybersecurity
What Small Business Can Do To Protect Themselves Now in CybersecurityReading Works Detroit
 
1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx
1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx
1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docxambersalomon88660
 
Edelman Privacy Risk Index Powered by Ponemon
Edelman Privacy Risk Index Powered by PonemonEdelman Privacy Risk Index Powered by Ponemon
Edelman Privacy Risk Index Powered by PonemonEdelman
 
Before you collaborate
Before you collaborateBefore you collaborate
Before you collaborateTodd Nilson
 
The 10 Secret Codes of Security
The 10 Secret Codes of SecurityThe 10 Secret Codes of Security
The 10 Secret Codes of SecurityKarina Elise
 
Top 6 things_small_businesses_q12015
Top 6 things_small_businesses_q12015Top 6 things_small_businesses_q12015
Top 6 things_small_businesses_q12015anpapathanasiou
 
Assignmnt-700 words with 3 referencesToday, there is a crisi.docx
Assignmnt-700 words with 3 referencesToday, there is a crisi.docxAssignmnt-700 words with 3 referencesToday, there is a crisi.docx
Assignmnt-700 words with 3 referencesToday, there is a crisi.docxnormanibarber20063
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network Mighty Guides, Inc.
 

Similar to PINAR AKKAYA - The Human Dimension (20)

Three tools to reduce employee apathy
Three tools to reduce employee apathyThree tools to reduce employee apathy
Three tools to reduce employee apathy
 
Decoding Organizational DNA: Trust, Data and Unlocking Value in the Digital W...
Decoding Organizational DNA: Trust, Data and Unlocking Value in the Digital W...Decoding Organizational DNA: Trust, Data and Unlocking Value in the Digital W...
Decoding Organizational DNA: Trust, Data and Unlocking Value in the Digital W...
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook Security
 
BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docx BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docx
 
Decoding Organizational DNA
Decoding Organizational DNADecoding Organizational DNA
Decoding Organizational DNA
 
Decoding Organizational DNA
Decoding Organizational DNADecoding Organizational DNA
Decoding Organizational DNA
 
Windstream Cloud Security Checklist
Windstream Cloud Security Checklist Windstream Cloud Security Checklist
Windstream Cloud Security Checklist
 
5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams 5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams
 
Organizational Security: When People are Involved
Organizational Security: When People are InvolvedOrganizational Security: When People are Involved
Organizational Security: When People are Involved
 
Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure Age
 
What Small Business Can Do To Protect Themselves Now in Cybersecurity
What Small Business Can Do To Protect Themselves Now in CybersecurityWhat Small Business Can Do To Protect Themselves Now in Cybersecurity
What Small Business Can Do To Protect Themselves Now in Cybersecurity
 
1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx
1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx
1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx
 
Edelman Privacy Risk Index Powered by Ponemon
Edelman Privacy Risk Index Powered by PonemonEdelman Privacy Risk Index Powered by Ponemon
Edelman Privacy Risk Index Powered by Ponemon
 
Before you collaborate
Before you collaborateBefore you collaborate
Before you collaborate
 
The 10 Secret Codes of Security
The 10 Secret Codes of SecurityThe 10 Secret Codes of Security
The 10 Secret Codes of Security
 
Top 6 things_small_businesses_q12015
Top 6 things_small_businesses_q12015Top 6 things_small_businesses_q12015
Top 6 things_small_businesses_q12015
 
Assignmnt-700 words with 3 referencesToday, there is a crisi.docx
Assignmnt-700 words with 3 referencesToday, there is a crisi.docxAssignmnt-700 words with 3 referencesToday, there is a crisi.docx
Assignmnt-700 words with 3 referencesToday, there is a crisi.docx
 
Austin Bsides March 2016 Cyber Presentation
Austin Bsides March 2016 Cyber PresentationAustin Bsides March 2016 Cyber Presentation
Austin Bsides March 2016 Cyber Presentation
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network
 

More from Pinar AKKAYA

From the eyes of an expat manager
From the eyes of an expat managerFrom the eyes of an expat manager
From the eyes of an expat managerPinar AKKAYA
 
New countries new leadership Pinar Akkaya Montreal HR Congress
New countries new leadership Pinar Akkaya Montreal HR CongressNew countries new leadership Pinar Akkaya Montreal HR Congress
New countries new leadership Pinar Akkaya Montreal HR CongressPinar AKKAYA
 
Enerji Konferansı Sunum
Enerji Konferansı SunumEnerji Konferansı Sunum
Enerji Konferansı SunumPinar AKKAYA
 
Business Continuity in HR / IK Perspektifinden Is Sureklilligi
Business Continuity in HR / IK Perspektifinden Is SureklilligiBusiness Continuity in HR / IK Perspektifinden Is Sureklilligi
Business Continuity in HR / IK Perspektifinden Is SureklilligiPinar AKKAYA
 
PINAR AKKAYA - Oooops! When recruitment interviews go wrong
PINAR AKKAYA - Oooops! When recruitment interviews go wrongPINAR AKKAYA - Oooops! When recruitment interviews go wrong
PINAR AKKAYA - Oooops! When recruitment interviews go wrongPinar AKKAYA
 
PINAR AKKAYA - A Tale Of Getting Connected
PINAR AKKAYA - A Tale Of Getting ConnectedPINAR AKKAYA - A Tale Of Getting Connected
PINAR AKKAYA - A Tale Of Getting ConnectedPinar AKKAYA
 

More from Pinar AKKAYA (6)

From the eyes of an expat manager
From the eyes of an expat managerFrom the eyes of an expat manager
From the eyes of an expat manager
 
New countries new leadership Pinar Akkaya Montreal HR Congress
New countries new leadership Pinar Akkaya Montreal HR CongressNew countries new leadership Pinar Akkaya Montreal HR Congress
New countries new leadership Pinar Akkaya Montreal HR Congress
 
Enerji Konferansı Sunum
Enerji Konferansı SunumEnerji Konferansı Sunum
Enerji Konferansı Sunum
 
Business Continuity in HR / IK Perspektifinden Is Sureklilligi
Business Continuity in HR / IK Perspektifinden Is SureklilligiBusiness Continuity in HR / IK Perspektifinden Is Sureklilligi
Business Continuity in HR / IK Perspektifinden Is Sureklilligi
 
PINAR AKKAYA - Oooops! When recruitment interviews go wrong
PINAR AKKAYA - Oooops! When recruitment interviews go wrongPINAR AKKAYA - Oooops! When recruitment interviews go wrong
PINAR AKKAYA - Oooops! When recruitment interviews go wrong
 
PINAR AKKAYA - A Tale Of Getting Connected
PINAR AKKAYA - A Tale Of Getting ConnectedPINAR AKKAYA - A Tale Of Getting Connected
PINAR AKKAYA - A Tale Of Getting Connected
 

Recently uploaded

Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 

Recently uploaded (20)

Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 

PINAR AKKAYA - The Human Dimension

  • 1. > The Human dimension human aspect of information security
  • 2. Guess You’ll all agree with me that….
  • 3. bad information security means bad company security lost credibility
  • 4. we must be sure that we protect our data, our commercial secrets, our assets and our business transactions
  • 5. YOU DO EVERYTHING TO MAKE THIS HAPPEN FOR SURE
  • 6. but… EMPLOYEES WORK WITH COMPANY DATA, COMPANY SYSTEMS, THEY ARE IN TOUCH WITH CLIENTS, SERVICES AND PRODUCTS. THEY NEED TO UNDERSTAND THE BASIC PRINCIPLES OF INFORMATION SECURITY.
  • 7. Fact: HUMAN ERROR IS THE CAUSE OF 42% OF ALL SECURITY BREACHES ISC2 White Paper : Securing the Organizations: Creating A Partnership Between HR and Information Security
  • 8. Information security is one of the biggest challenges a business faces today. 55% of 50% of companies used respondents think that their employees had over 7 different little or even no vendors to keep awareness of data their network protection issues or secure. corporate security policy. Ref: Checkpoint Technologies&The Ponemon Institute Survey 2011 >> 2,400 IT security staff across the world
  • 9.
  • 10. When does “an employee” becomes a RISK?
  • 11. Do you know what these are? 123456 Password iloveu
  • 12. I mean… The gap between you guys And your average employee is HUGE
  • 13. Fact: We don’t know As much as you do
  • 14. Paper, pen, letter typewriter computer internet, e-mail Web 2.0, social media Virtual communities
  • 15. People move… Both in real and virtual world… And they create risk! With or without knowing it
  • 16. A picture… 87,5% of large businesses have a security policy in place. 67% of the companies that give a high priority to security also had a security policy. A big majority of companies take steps to raise awareness among employees. More than 50% allow staff to access their systems remotely. The proportion of businesses restricting internet access dropped by 50%. Now only fewer than 10% gave no access to the internet. Employees are increasingly being targeted by "social engineering" attacks. Businesses are becoming more concerned about what was being said about them on social networking sites. More than 80% of large companies blocked access to inappropriate websites. 86% logged and monitored staff access to the internet. Research by PWC UK , 2010
  • 17. more exposure, more action, more knowhow sharing, more interaction The Return is big but the Risk is big too
  • 18. your employees can fast become the weakest link in your information security
  • 19. changing employee behaviour is the key to improving information security.
  • 20. The big how
  • 21. Offer them a clear framework EMAIL SECURITY INTERNET SECURITY DATA SECURITY ASSETS SECURITY
  • 22. Do you have policies? Why?
  • 23. Customize the access according to the skills and needs of the employees customize the risk But standardize your policies
  • 24. The worst way to communicate a policy is Publishing it
  • 25. Educate, educate, educate: have your employees build the “awareness” muscle Give people good habits
  • 28. Make it formal: it is serious
  • 29. Make it simple, make it fun, make it participative
  • 31. Be fully proactive
  • 32. Tell them Personal = professional
  • 35. Hr & it partnership* Does hr talk about these? I am afraid not… Legal base remains unclear too…
  • 36. You have to be security and policy mentor Your employees have to be security and policy literate Your company has to be security and policy fluent
  • 37. get connected E-mail: pinar.akkaya.pa@gmail.com LinkedIn: http://tr.linkedin.com/in/pinarakkaya Twitter: http://twitter.com/PINARAKKAYA http://twitter.com/lifesocialmedia http://tr.linkedin.com/groups/hrleadersturkey