Professional Documents
Culture Documents
Cyber Security Awareness: Ramiro Cid - @ramirocid
Cyber Security Awareness: Ramiro Cid - @ramirocid
2
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
Introduction to Cyber Security
Cybersecurity, also known as “IT security” or “Computer security” is information security applied to
computing devices such as servers, computers and mobile devices (as smartphones, tablets), etc.,
as well as computer networks such as private and public networks, including the whole Internet.
Network outages, data compromised by hackers, social attacks, computer viruses and other security
incidents could affect our lives in ways that range from inconvenient to life-threatening. As the
number of mobile users and devices, web applications and data networks increase, so do the
opportunities for exploitation.
The field covers all the processes and mechanisms by which digital equipment, information and
services are protected from unintended or unauthorized access, change or destruction, and is of
growing importance in line with the increasing reliance on computer systems of most societies
worldwide.
Governments, military, private corporations, financial institutions, hospitals and other businesses
collect, process and store a great deal of confidential information on computers and transmit that
data across their networks (using also external suppliers and customers networks too) to send their
data to other computers.
With the growing volume and sophistication of cyber attacks, ongoing attention is required to protect
sensitive business and personal information, as well as
• Common sense (the less common of the senses) is something we have to use (in addition of Best
Practices about IT Security off course) but not always people use it properly.
• There are different countermeasures in relation of the asset to protect against different
vulnerabilities which could affect it. Depends on the case you must use one or other.
• Companies which want to have a correct IT Security Awareness need to develop a plan to do the
rollout of trainning about this awareness.
• People is often the weak link in the chain in IT Security. The best technical security efforts will fail if
their company has a weak security culture.
There are different ways to get it, now I will explain a way to do it:
1. C-Level support
Awareness programs that obtain C-level support are more successful. Top Management has to give
the support to this process. This support inevitably leads to more freedom, larger budgets and
support from other departments.
Successful awareness programs found a way to involve other departments, such as legal,
compliance, human resources, marketing, privacy and physical security.
3. Creativity
Creativity is a must. While a large budget helps, companies with a small security awareness budget
have still been able to establish successful programs. Creativity and enthusiasm can make up for a
small budget.
4. Metrics
5. Department of how
Awareness efforts that focus on how to accomplish actions are more successful than those that
focus on telling people that they should not be doing things.
6. 90-day plans
Most security awareness programs follow a one-year plan. Those plans also attempt to cover one
topic a month. This is ineffective, as it does not reinforce knowledge, and does not allow for
feedback or to account for ongoing events.
The most successful programs are not only creative; they rely on many forms of awareness
materials. While there is a potential place for learning management system training modules, too
many programs rely on them completely as an awareness program.
“IT Security Review: Privacy, Protection, Access Control, Assurance and System Security”
URL: http://www.sersc.org/journals/IJMUE/vol2_no2_2007/2.pdf
Many thanks !
Ramiro Cid
CISM, CGEIT, ISO 27001 LA, ISO 22301 LA, ITIL
ramiro@ramirocid.com http://www.linkedin.com/in/ramirocid
http://ramirocid.com http://es.slideshare.net/ramirocid
@ramirocid http://www.youtube.com/user/cidramiro