SlideShare a Scribd company logo

PINAR AKKAYA - The Human Dimension

Pinar AKKAYA
Pinar AKKAYA

Human Aspect of Information Security > Presentation done on 12 October, 2011 E-Crime Event, Istanbul

Technology
1 of 37
Download to read offline
> The Human dimension human aspect of information security
Guess You’ll all agree with me that….
bad information security means bad company security lost credibility
we must be sure that we protect our data, our commercial secrets, our assets and our business transactions
YOU DO EVERYTHING TO MAKE THIS HAPPEN FOR SURE
but… EMPLOYEES WORK WITH COMPANY DATA, COMPANY SYSTEMS, THEY ARE IN TOUCH WITH CLIENTS, SERVICES AND PRODUCTS. THEY NEED TO UNDERSTAND THE BASIC PRINCIPLES OF INFORMATION SECURITY.
Fact: HUMAN ERROR IS THE CAUSE OF 42% OF ALL SECURITY BREACHES ISC2 White Paper : Securing the Organizations: Creating A Partnership Between HR and Information Security
Information security is one of the biggest challenges a business faces today. 55% of 50% of companies used respondents think that their employees had over 7 different little or even no vendors to keep awareness of data their network protection issues or secure. corporate security policy. Ref: Checkpoint Technologies&The Ponemon Institute Survey 2011 >> 2,400 IT security staff across the world
When does “an employee” becomes a RISK?
Do you know what these are? 123456 Password iloveu
I mean… The gap between you guys And your average employee is HUGE
Fact: We don’t know As much as you do
Paper, pen, letter typewriter computer internet, e-mail Web 2.0, social media Virtual communities
People move… Both in real and virtual world… And they create risk! With or without knowing it
A picture… 87,5% of large businesses have a security policy in place. 67% of the companies that give a high priority to security also had a security policy. A big majority of companies take steps to raise awareness among employees. More than 50% allow staff to access their systems remotely. The proportion of businesses restricting internet access dropped by 50%. Now only fewer than 10% gave no access to the internet. Employees are increasingly being targeted by "social engineering" attacks. Businesses are becoming more concerned about what was being said about them on social networking sites. More than 80% of large companies blocked access to inappropriate websites. 86% logged and monitored staff access to the internet. Research by PWC UK , 2010
more exposure, more action, more knowhow sharing, more interaction The Return is big but the Risk is big too
your employees can fast become the weakest link in your information security
changing employee behaviour is the key to improving information security.
The big how
Offer them a clear framework EMAIL SECURITY INTERNET SECURITY DATA SECURITY ASSETS SECURITY
Do you have policies? Why?
Customize the access according to the skills and needs of the employees customize the risk But standardize your policies
The worst way to communicate a policy is Publishing it
Educate, educate, educate: have your employees build the “awareness” muscle Give people good habits
Communicate your best practices
Create an awareness culture: let it be a dialogue
Make it formal: it is serious
Make it simple, make it fun, make it participative
Make it a management issue
Be fully proactive
Tell them Personal = professional
Prohibiting Limiting Banning is not your key to success trust
answer WIIFM?
Hr & it partnership* Does hr talk about these? I am afraid not… Legal base remains unclear too…
You have to be security and policy mentor Your employees have to be security and policy literate Your company has to be security and policy fluent
get connected E-mail: pinar.akkaya.pa@gmail.com LinkedIn: http://tr.linkedin.com/in/pinarakkaya Twitter: http://twitter.com/PINARAKKAYA http://twitter.com/lifesocialmedia http://tr.linkedin.com/groups/hrleadersturkey

Recommended

Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employeesPriscila Bernardes
 
Think like a hacker for better security awareness
Think like a hacker for better security awarenessThink like a hacker for better security awareness
Think like a hacker for better security awarenessCOMSATS
 
Awareness is only the first step
Awareness is only the first stepAwareness is only the first step
Awareness is only the first stepHewlett Packard Enterprise Business Value Exchange
 
Compliance With Data Security Policies
Compliance With Data Security PoliciesCompliance With Data Security Policies
Compliance With Data Security PoliciesHongyang Wang
 
What's Yours Is Mine
What's Yours Is MineWhat's Yours Is Mine
What's Yours Is MineSymantec
 
"Overcoming the Fear: What C-Level Execs are Afraid of When it Comes to Socia...
"Overcoming the Fear: What C-Level Execs are Afraid of When it Comes to Socia..."Overcoming the Fear: What C-Level Execs are Afraid of When it Comes to Socia...
"Overcoming the Fear: What C-Level Execs are Afraid of When it Comes to Socia...Blend Interactive
 
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud Whitepaper: Offboarding Inefficiencies and Security ThreatsBetterCloud
 
Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.uNIX Jim
 

Recommended

Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employeesPriscila Bernardes
 
Think like a hacker for better security awareness
Think like a hacker for better security awarenessThink like a hacker for better security awareness
Think like a hacker for better security awarenessCOMSATS
 
Awareness is only the first step
Awareness is only the first stepAwareness is only the first step
Awareness is only the first stepHewlett Packard Enterprise Business Value Exchange
 
Compliance With Data Security Policies
Compliance With Data Security PoliciesCompliance With Data Security Policies
Compliance With Data Security PoliciesHongyang Wang
 
What's Yours Is Mine
What's Yours Is MineWhat's Yours Is Mine
What's Yours Is MineSymantec
 
"Overcoming the Fear: What C-Level Execs are Afraid of When it Comes to Socia...
"Overcoming the Fear: What C-Level Execs are Afraid of When it Comes to Socia..."Overcoming the Fear: What C-Level Execs are Afraid of When it Comes to Socia...
"Overcoming the Fear: What C-Level Execs are Afraid of When it Comes to Socia...Blend Interactive
 
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats BetterCloud Whitepaper: Offboarding Inefficiencies and Security Threats
BetterCloud Whitepaper: Offboarding Inefficiencies and Security ThreatsBetterCloud
 
Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.uNIX Jim
 
1. Augmenting Work with AI and Driving Adoption of Collaboration
1. Augmenting Work with AI and Driving Adoption of Collaboration1. Augmenting Work with AI and Driving Adoption of Collaboration
1. Augmenting Work with AI and Driving Adoption of CollaborationAlan Hamilton
 
Cyber liability and cyber security
Cyber liability and cyber securityCyber liability and cyber security
Cyber liability and cyber securityHelen Carpenter
 
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?EMC
 
Allow is the New Block
Allow is the New BlockAllow is the New Block
Allow is the New BlockSean Dickson
 
Edelman Privacy Risk Index 2012
Edelman Privacy Risk Index 2012Edelman Privacy Risk Index 2012
Edelman Privacy Risk Index 2012Edelman.ergo GmbH
 
Cybersecurity Actions for CEOs
Cybersecurity Actions for CEOsCybersecurity Actions for CEOs
Cybersecurity Actions for CEOsPECB
 
Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessSafeNet
 
True Drivers of MDM webinar
True Drivers of MDM webinarTrue Drivers of MDM webinar
True Drivers of MDM webinarKalido
 
Cloud security and cloud adoption public
Cloud security and cloud adoption publicCloud security and cloud adoption public
Cloud security and cloud adoption publicJohn Mathon
 
Nexus It Group Resume Writing
Nexus It Group Resume WritingNexus It Group Resume Writing
Nexus It Group Resume Writingtlinde
 
What people Analytics can't capture
What people Analytics can't capture What people Analytics can't capture
What people Analytics can't capture FaisalAhmed312
 
All clear id_whitepaper__not_all_breaches_are_created_equal
All clear id_whitepaper__not_all_breaches_are_created_equalAll clear id_whitepaper__not_all_breaches_are_created_equal
All clear id_whitepaper__not_all_breaches_are_created_equalNicholas Cramer
 
Leveraging Human Factors for Effective Security Training, for ISSA Webinar Ma...
Leveraging Human Factors for Effective Security Training, for ISSA Webinar Ma...Leveraging Human Factors for Effective Security Training, for ISSA Webinar Ma...
Leveraging Human Factors for Effective Security Training, for ISSA Webinar Ma...Jason Hong
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
 
Get Employees Invested In CyberSecurity
Get Employees Invested In CyberSecurity Get Employees Invested In CyberSecurity
Get Employees Invested In CyberSecurity Scott Maurice
 
Business Objects Security
Business Objects SecurityBusiness Objects Security
Business Objects SecuritySebastien Goiffon
 
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...GFI Software
 
Security Analytics for Certified Fraud Examiners
Security Analytics for Certified Fraud ExaminersSecurity Analytics for Certified Fraud Examiners
Security Analytics for Certified Fraud ExaminersThe Lorenzi Group
 
Three tools to reduce employee apathy
Three tools to reduce employee apathyThree tools to reduce employee apathy
Three tools to reduce employee apathyStephen P. Abbey
 
Decoding Organizational DNA: Trust, Data and Unlocking Value in the Digital W...
Decoding Organizational DNA: Trust, Data and Unlocking Value in the Digital W...Decoding Organizational DNA: Trust, Data and Unlocking Value in the Digital W...
Decoding Organizational DNA: Trust, Data and Unlocking Value in the Digital W...Accenture Insurance
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook SecurityRogers Communications
 
BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docx BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docxaryan532920
 

More Related Content

What's hot

1. Augmenting Work with AI and Driving Adoption of Collaboration
1. Augmenting Work with AI and Driving Adoption of Collaboration1. Augmenting Work with AI and Driving Adoption of Collaboration
1. Augmenting Work with AI and Driving Adoption of CollaborationAlan Hamilton
 
Cyber liability and cyber security
Cyber liability and cyber securityCyber liability and cyber security
Cyber liability and cyber securityHelen Carpenter
 
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?EMC
 
Allow is the New Block
Allow is the New BlockAllow is the New Block
Allow is the New BlockSean Dickson
 
Edelman Privacy Risk Index 2012
Edelman Privacy Risk Index 2012Edelman Privacy Risk Index 2012
Edelman Privacy Risk Index 2012Edelman.ergo GmbH
 
Cybersecurity Actions for CEOs
Cybersecurity Actions for CEOsCybersecurity Actions for CEOs
Cybersecurity Actions for CEOsPECB
 
Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessSafeNet
 
True Drivers of MDM webinar
True Drivers of MDM webinarTrue Drivers of MDM webinar
True Drivers of MDM webinarKalido
 
Cloud security and cloud adoption public
Cloud security and cloud adoption publicCloud security and cloud adoption public
Cloud security and cloud adoption publicJohn Mathon
 
Nexus It Group Resume Writing
Nexus It Group Resume WritingNexus It Group Resume Writing
Nexus It Group Resume Writingtlinde
 
What people Analytics can't capture
What people Analytics can't capture What people Analytics can't capture
What people Analytics can't capture FaisalAhmed312
 
All clear id_whitepaper__not_all_breaches_are_created_equal
All clear id_whitepaper__not_all_breaches_are_created_equalAll clear id_whitepaper__not_all_breaches_are_created_equal
All clear id_whitepaper__not_all_breaches_are_created_equalNicholas Cramer
 
Leveraging Human Factors for Effective Security Training, for ISSA Webinar Ma...
Leveraging Human Factors for Effective Security Training, for ISSA Webinar Ma...Leveraging Human Factors for Effective Security Training, for ISSA Webinar Ma...
Leveraging Human Factors for Effective Security Training, for ISSA Webinar Ma...Jason Hong
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
 
Get Employees Invested In CyberSecurity
Get Employees Invested In CyberSecurity Get Employees Invested In CyberSecurity
Get Employees Invested In CyberSecurity Scott Maurice
 
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...GFI Software
 
Security Analytics for Certified Fraud Examiners
Security Analytics for Certified Fraud ExaminersSecurity Analytics for Certified Fraud Examiners
Security Analytics for Certified Fraud ExaminersThe Lorenzi Group
 

What's hot (18)

1. Augmenting Work with AI and Driving Adoption of Collaboration
1. Augmenting Work with AI and Driving Adoption of Collaboration1. Augmenting Work with AI and Driving Adoption of Collaboration
1. Augmenting Work with AI and Driving Adoption of Collaboration
 
Cyber liability and cyber security
Cyber liability and cyber securityCyber liability and cyber security
Cyber liability and cyber security
 
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
 
Allow is the New Block
Allow is the New BlockAllow is the New Block
Allow is the New Block
 
Edelman Privacy Risk Index 2012
Edelman Privacy Risk Index 2012Edelman Privacy Risk Index 2012
Edelman Privacy Risk Index 2012
 
Cybersecurity Actions for CEOs
Cybersecurity Actions for CEOsCybersecurity Actions for CEOs
Cybersecurity Actions for CEOs
 
Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling Business
 
True Drivers of MDM webinar
True Drivers of MDM webinarTrue Drivers of MDM webinar
True Drivers of MDM webinar
 
Cloud security and cloud adoption public
Cloud security and cloud adoption publicCloud security and cloud adoption public
Cloud security and cloud adoption public
 
Nexus It Group Resume Writing
Nexus It Group Resume WritingNexus It Group Resume Writing
Nexus It Group Resume Writing
 
What people Analytics can't capture
What people Analytics can't capture What people Analytics can't capture
What people Analytics can't capture
 
All clear id_whitepaper__not_all_breaches_are_created_equal
All clear id_whitepaper__not_all_breaches_are_created_equalAll clear id_whitepaper__not_all_breaches_are_created_equal
All clear id_whitepaper__not_all_breaches_are_created_equal
 
Leveraging Human Factors for Effective Security Training, for ISSA Webinar Ma...
Leveraging Human Factors for Effective Security Training, for ISSA Webinar Ma...Leveraging Human Factors for Effective Security Training, for ISSA Webinar Ma...
Leveraging Human Factors for Effective Security Training, for ISSA Webinar Ma...
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
 
Get Employees Invested In CyberSecurity
Get Employees Invested In CyberSecurity Get Employees Invested In CyberSecurity
Get Employees Invested In CyberSecurity
 
Business Objects Security
Business Objects SecurityBusiness Objects Security
Business Objects Security
 
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
When Less is More: Why Small Companies Should Think Outside the(Red/Yellow) B...
 
Security Analytics for Certified Fraud Examiners
Security Analytics for Certified Fraud ExaminersSecurity Analytics for Certified Fraud Examiners
Security Analytics for Certified Fraud Examiners
 

Similar to PINAR AKKAYA - The Human Dimension

Three tools to reduce employee apathy
Three tools to reduce employee apathyThree tools to reduce employee apathy
Three tools to reduce employee apathyStephen P. Abbey
 
Decoding Organizational DNA: Trust, Data and Unlocking Value in the Digital W...
Decoding Organizational DNA: Trust, Data and Unlocking Value in the Digital W...Decoding Organizational DNA: Trust, Data and Unlocking Value in the Digital W...
Decoding Organizational DNA: Trust, Data and Unlocking Value in the Digital W...Accenture Insurance
 
BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docx BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docxaryan532920
 
Decoding Organizational DNA
Decoding Organizational DNADecoding Organizational DNA
Decoding Organizational DNAaccenture
 
Decoding Organizational DNA
Decoding Organizational DNADecoding Organizational DNA
Decoding Organizational DNAaccenture
 
Windstream Cloud Security Checklist
Windstream Cloud Security Checklist Windstream Cloud Security Checklist
Windstream Cloud Security Checklist Ideba
 
Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.jayceewong1
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeEMC
 
What Small Business Can Do To Protect Themselves Now in Cybersecurity
What Small Business Can Do To Protect Themselves Now in CybersecurityWhat Small Business Can Do To Protect Themselves Now in Cybersecurity
What Small Business Can Do To Protect Themselves Now in CybersecurityReading Works Detroit
 
1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx
1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx
1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docxambersalomon88660
 
Edelman Privacy Risk Index Powered by Ponemon
Edelman Privacy Risk Index Powered by PonemonEdelman Privacy Risk Index Powered by Ponemon
Edelman Privacy Risk Index Powered by PonemonEdelman
 
Before you collaborate
Before you collaborateBefore you collaborate
Before you collaborateTodd Nilson
 
The 10 Secret Codes of Security
The 10 Secret Codes of SecurityThe 10 Secret Codes of Security
The 10 Secret Codes of SecurityKarina Elise
 
Top 6 things_small_businesses_q12015
Top 6 things_small_businesses_q12015Top 6 things_small_businesses_q12015
Top 6 things_small_businesses_q12015anpapathanasiou
 
Assignmnt-700 words with 3 referencesToday, there is a crisi.docx
Assignmnt-700 words with 3 referencesToday, there is a crisi.docxAssignmnt-700 words with 3 referencesToday, there is a crisi.docx
Assignmnt-700 words with 3 referencesToday, there is a crisi.docxnormanibarber20063
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network Mighty Guides, Inc.
 

Similar to PINAR AKKAYA - The Human Dimension (20)

Three tools to reduce employee apathy
Three tools to reduce employee apathyThree tools to reduce employee apathy
Three tools to reduce employee apathy
 
Decoding Organizational DNA: Trust, Data and Unlocking Value in the Digital W...
Decoding Organizational DNA: Trust, Data and Unlocking Value in the Digital W...Decoding Organizational DNA: Trust, Data and Unlocking Value in the Digital W...
Decoding Organizational DNA: Trust, Data and Unlocking Value in the Digital W...
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook Security
 
BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docx BBA 3551, Information Systems Management 1 Course Lea.docx
BBA 3551, Information Systems Management 1 Course Lea.docx
 
Decoding Organizational DNA
Decoding Organizational DNADecoding Organizational DNA
Decoding Organizational DNA
 
Decoding Organizational DNA
Decoding Organizational DNADecoding Organizational DNA
Decoding Organizational DNA
 
Windstream Cloud Security Checklist
Windstream Cloud Security Checklist Windstream Cloud Security Checklist
Windstream Cloud Security Checklist
 
5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams 5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams
 
Organizational Security: When People are Involved
Organizational Security: When People are InvolvedOrganizational Security: When People are Involved
Organizational Security: When People are Involved
 
Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure Age
 
What Small Business Can Do To Protect Themselves Now in Cybersecurity
What Small Business Can Do To Protect Themselves Now in CybersecurityWhat Small Business Can Do To Protect Themselves Now in Cybersecurity
What Small Business Can Do To Protect Themselves Now in Cybersecurity
 
1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx
1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx
1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docx
 
Edelman Privacy Risk Index Powered by Ponemon
Edelman Privacy Risk Index Powered by PonemonEdelman Privacy Risk Index Powered by Ponemon
Edelman Privacy Risk Index Powered by Ponemon
 
Before you collaborate
Before you collaborateBefore you collaborate
Before you collaborate
 
The 10 Secret Codes of Security
The 10 Secret Codes of SecurityThe 10 Secret Codes of Security
The 10 Secret Codes of Security
 
Top 6 things_small_businesses_q12015
Top 6 things_small_businesses_q12015Top 6 things_small_businesses_q12015
Top 6 things_small_businesses_q12015
 
Assignmnt-700 words with 3 referencesToday, there is a crisi.docx
Assignmnt-700 words with 3 referencesToday, there is a crisi.docxAssignmnt-700 words with 3 referencesToday, there is a crisi.docx
Assignmnt-700 words with 3 referencesToday, there is a crisi.docx
 
Austin Bsides March 2016 Cyber Presentation
Austin Bsides March 2016 Cyber PresentationAustin Bsides March 2016 Cyber Presentation
Austin Bsides March 2016 Cyber Presentation
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network
 

More from Pinar AKKAYA

From the eyes of an expat manager
From the eyes of an expat managerFrom the eyes of an expat manager
From the eyes of an expat managerPinar AKKAYA
 
New countries new leadership Pinar Akkaya Montreal HR Congress
New countries new leadership Pinar Akkaya Montreal HR CongressNew countries new leadership Pinar Akkaya Montreal HR Congress
New countries new leadership Pinar Akkaya Montreal HR CongressPinar AKKAYA
 
Enerji Konferansı Sunum
Enerji Konferansı SunumEnerji Konferansı Sunum
Enerji Konferansı SunumPinar AKKAYA
 
Business Continuity in HR / IK Perspektifinden Is Sureklilligi
Business Continuity in HR / IK Perspektifinden Is SureklilligiBusiness Continuity in HR / IK Perspektifinden Is Sureklilligi
Business Continuity in HR / IK Perspektifinden Is SureklilligiPinar AKKAYA
 
PINAR AKKAYA - Oooops! When recruitment interviews go wrong
PINAR AKKAYA - Oooops! When recruitment interviews go wrongPINAR AKKAYA - Oooops! When recruitment interviews go wrong
PINAR AKKAYA - Oooops! When recruitment interviews go wrongPinar AKKAYA
 
PINAR AKKAYA - A Tale Of Getting Connected
PINAR AKKAYA - A Tale Of Getting ConnectedPINAR AKKAYA - A Tale Of Getting Connected
PINAR AKKAYA - A Tale Of Getting ConnectedPinar AKKAYA
 

More from Pinar AKKAYA (6)

From the eyes of an expat manager
From the eyes of an expat managerFrom the eyes of an expat manager
From the eyes of an expat manager
 
New countries new leadership Pinar Akkaya Montreal HR Congress
New countries new leadership Pinar Akkaya Montreal HR CongressNew countries new leadership Pinar Akkaya Montreal HR Congress
New countries new leadership Pinar Akkaya Montreal HR Congress
 
Enerji Konferansı Sunum
Enerji Konferansı SunumEnerji Konferansı Sunum
Enerji Konferansı Sunum
 
Business Continuity in HR / IK Perspektifinden Is Sureklilligi
Business Continuity in HR / IK Perspektifinden Is SureklilligiBusiness Continuity in HR / IK Perspektifinden Is Sureklilligi
Business Continuity in HR / IK Perspektifinden Is Sureklilligi
 
PINAR AKKAYA - Oooops! When recruitment interviews go wrong
PINAR AKKAYA - Oooops! When recruitment interviews go wrongPINAR AKKAYA - Oooops! When recruitment interviews go wrong
PINAR AKKAYA - Oooops! When recruitment interviews go wrong
 
PINAR AKKAYA - A Tale Of Getting Connected
PINAR AKKAYA - A Tale Of Getting ConnectedPINAR AKKAYA - A Tale Of Getting Connected
PINAR AKKAYA - A Tale Of Getting Connected
 

Recently uploaded

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 

Recently uploaded (20)

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 

PINAR AKKAYA - The Human Dimension

  • 1. > The Human dimension human aspect of information security
  • 2. Guess You’ll all agree with me that….
  • 3. bad information security means bad company security lost credibility
  • 4. we must be sure that we protect our data, our commercial secrets, our assets and our business transactions
  • 5. YOU DO EVERYTHING TO MAKE THIS HAPPEN FOR SURE
  • 6. but… EMPLOYEES WORK WITH COMPANY DATA, COMPANY SYSTEMS, THEY ARE IN TOUCH WITH CLIENTS, SERVICES AND PRODUCTS. THEY NEED TO UNDERSTAND THE BASIC PRINCIPLES OF INFORMATION SECURITY.
  • 7. Fact: HUMAN ERROR IS THE CAUSE OF 42% OF ALL SECURITY BREACHES ISC2 White Paper : Securing the Organizations: Creating A Partnership Between HR and Information Security
  • 8. Information security is one of the biggest challenges a business faces today. 55% of 50% of companies used respondents think that their employees had over 7 different little or even no vendors to keep awareness of data their network protection issues or secure. corporate security policy. Ref: Checkpoint Technologies&The Ponemon Institute Survey 2011 >> 2,400 IT security staff across the world
  • 9.
  • 10. When does “an employee” becomes a RISK?
  • 11. Do you know what these are? 123456 Password iloveu
  • 12. I mean… The gap between you guys And your average employee is HUGE
  • 13. Fact: We don’t know As much as you do
  • 14. Paper, pen, letter typewriter computer internet, e-mail Web 2.0, social media Virtual communities
  • 15. People move… Both in real and virtual world… And they create risk! With or without knowing it
  • 16. A picture… 87,5% of large businesses have a security policy in place. 67% of the companies that give a high priority to security also had a security policy. A big majority of companies take steps to raise awareness among employees. More than 50% allow staff to access their systems remotely. The proportion of businesses restricting internet access dropped by 50%. Now only fewer than 10% gave no access to the internet. Employees are increasingly being targeted by "social engineering" attacks. Businesses are becoming more concerned about what was being said about them on social networking sites. More than 80% of large companies blocked access to inappropriate websites. 86% logged and monitored staff access to the internet. Research by PWC UK , 2010
  • 17. more exposure, more action, more knowhow sharing, more interaction The Return is big but the Risk is big too
  • 18. your employees can fast become the weakest link in your information security
  • 19. changing employee behaviour is the key to improving information security.
  • 20. The big how
  • 21. Offer them a clear framework EMAIL SECURITY INTERNET SECURITY DATA SECURITY ASSETS SECURITY
  • 22. Do you have policies? Why?
  • 23. Customize the access according to the skills and needs of the employees customize the risk But standardize your policies
  • 24. The worst way to communicate a policy is Publishing it
  • 25. Educate, educate, educate: have your employees build the “awareness” muscle Give people good habits
  • 28. Make it formal: it is serious
  • 29. Make it simple, make it fun, make it participative
  • 31. Be fully proactive
  • 32. Tell them Personal = professional
  • 35. Hr & it partnership* Does hr talk about these? I am afraid not… Legal base remains unclear too…
  • 36. You have to be security and policy mentor Your employees have to be security and policy literate Your company has to be security and policy fluent
  • 37. get connected E-mail: pinar.akkaya.pa@gmail.com LinkedIn: http://tr.linkedin.com/in/pinarakkaya Twitter: http://twitter.com/PINARAKKAYA http://twitter.com/lifesocialmedia http://tr.linkedin.com/groups/hrleadersturkey