information security (un)awareness by marc vael

Marc Vael CONFENIS

ISACA September 2012

Information Security (Un)Awareness

Marc Vael International Vice-President

Information Security

(un)awareness

“My management

just does not “get”

information

security!” Anonymous CISO of a large financial institution

Marc Vael CONFENIS

“I am overwhelmed with

all the passwords I have

to remember. I just write

them down & leave them

with my executive

assistant.” Anonymous manager working in an insurance company

“Management has

authorized acquisition of

security monitoring tools,

but they did not give me

any budget for people to

do this monitoring.” Anonymous CISO of a multinational service organisation

Marc Vael CONFENIS

“Sure, I support

information security,

but my people need to

work and make money.”

Anonymous CEO of a retailer

“Our information security

department keeps getting

more tools, but I do not

think we are any more

secure.” Anonymous CRO of a large financial institution

Marc Vael CONFENIS

“Security policy is one

thing. Reality is another.”

Anonymous COO from a consulting company

“All that information security people do is

say “No!”.

They should learn how

we really work.

Angry manager of a governmental agency

Marc Vael CONFENIS

Cyberwarfare is

"the fifth domain of

warfare“

Marc Vael CONFENIS

Impact of an attack on the business

Marc Vael CONFENIS

People are the weakest link.

You can have the best technology, firewalls, intrusion-detection systems,

biometric devices - and somebody can call an unsuspecting employee.

That's all she wrote, baby. They got everything.

Kevin Mitnick, ex hacker, IT security consultant.

Marc Vael CONFENIS

Business Model for Information Security

Marc Vael CONFENIS

Managing risks appropriately

Marc Vael CONFENIS

Risk always exists! (whether or not it is

detected / recognised by the organisation).

Marc Vael CONFENIS

EDUCATION!

Marc Vael CONFENIS

Corporate governance : ERM = COSO

Support from Board of Directors & Executive Management

Marc Vael CONFENIS

Policies & Standards

Project Management

Marc Vael CONFENIS

Providing proper funding

Providing proper resources

Marc Vael CONFENIS

Measuring performance

Review / Audit

Marc Vael CONFENIS

Your security solution

is as strong …

… as its weakest link

Marc Vael CONFENIS

www.isaca.org/knowledgecenter

Marc Vael CONFENIS

www.isaca.org/cobit

Marc Vael

International Vice-President

Chairman of the Knowledge Board

http://www.isaca.org/

For more information…

marc@vael.net

http://www.linkedin.com/in/marcvael

@marcvael

information security (un)awareness by marc vael

information security

supportinformation security

security consultant

getinformation security

anonymous ciso

businessmarc vaelconfenisisaca

anonymous manager

anonymous cro

Technology

programa marc municipals 2019 - esquerra.catprograma marc...

defence r&d canada r et d pour la défense canada...

project: marc by marc jacobs diffusion line

marc b i marc p

friendship circleataxia awareness day october ... dwarfism...

marc by marc jacobs field project

department of education and training - vael final report...

marc vael chief security officer kpmg brussels june 2 nd...

el camino -...

franz marc - goethe-institut · abbildungsverzeichnis...

piano-sheets.ru - marc anthony - marc anthony (songbook)

marché du chocolat ! jeanpaul hevim 5—7jb …...marché...

supporting a balanced literacy … awareness, onset and rime...

module 1: self-awareness - marc

the impact of technology on innovative auditing · pdf...

marc by marc jacobs

visual awareness in shared workspaces presentation by marc...

leo vael - wase uitvaartplanner · 2020. 12. 30. · eddy...

quad rugby - marc mesas i marc coto

nyfw - marc by marc jacobs