Infotex Awareness Training Tools. m.infotex.com/tools Information Security Tools
Preview:
Citation preview
- Slide 1
- infotex Awareness Training Tools
- Slide 2
- m.infotex.com/tools Information Security Tools
- Slide 3
- infotex Social Media Slides
- Slide 4
- Quick Instructions Use this presentation as you wish, and
consider inserting it into your normal awareness training. Know
that infotex can help you design an Awareness Training Program that
mitigates a substantial amount of risk in your Information Security
Program.
- Slide 5
- Quick Instructions Be sure to compare this to your own
Acceptable Use Policy. Some of the slides represent selections that
can go both ways. For example, some banks allow users to access
social media sites, some dont.
- Slide 6
- Quick Instructions The subjects of the slides can also be used
in your periodic reminders that you should be sending on a
scheduled basis (most banks are monthly). Consider using the
subject material as posts in your own Social Media sites.
- Slide 7
- Copyright Issues Were offering these slides for your own
creative use. You do not need to credit us but we always appreciate
it when you do.
- Slide 8
- One Last Note: Find more horror stories on privacyrights.org or
m.infotex.com/horror
- Slide 9
- THE SLIDES! and now...
- Slide 10
- Insert a humorous picture of you surfing at home. (or just a
title page.)
- Slide 11
- Insert a humorous picture of you surfing in public. (or just a
title page.)
- Slide 12
- Social Media And the risks of social networking.
- Slide 13
- Social Networking Sites Facebook Facebook LinkedIn LinkedIn
Myspace Myspace Twitter Twitter YouTube YouTube Etc. Etc.
- Slide 14
- Social Media Risks The AUP Prohibits access to Social Media
sites using bank assets. The AUP Prohibits access to Social Media
sites using bank assets. You should not be checking in on Facebook,
LinkedIn, etc. from assets owned by the bank. You should not be
checking in on Facebook, LinkedIn, etc. from assets owned by the
bank.
- Slide 15
- Social Networking Sites Employees must exercise good judgment
in the use of social media sites. Employees must exercise good
judgment in the use of social media sites. Unless a good business
reason exists, employees should refrain from putting any company
information on their own networking sites. Unless a good business
reason exists, employees should refrain from putting any company
information on their own networking sites. And be VERY careful what
you post. And be VERY careful what you post.
- Slide 16
- Safe Social Networking Joan keeps in touch with a wide variety
of friends on Facebook, many of them bank customers. Occasionally a
friend will post on Joans wall, asking her about the loan rates on
mortgage loans.
- Slide 17
- Safe Social Networking Joan always says she cant discuss bank
business on Facebook, and encourages them to come into the bank.
She then notifies Mark Etting, who finds a way to meet Joans
friends.
- Slide 18
- Abuse of AUP Joe was asked about loan pricing once. He replied
that his bank always has the best prices, and to give his name when
they go talk to Joan Department. She has a crush on Joe and will
sharpen her pencil for you. And stay away from that Mark Etting
jerk.
- Slide 19
- Safe Social Networking Joe participates in a LinkedIn group
about information security policy, and has posted questions about
social networking policy and how to monitor social networking
sites. He has been careful not to mention any employee names or
frustrations he has with the problem.
- Slide 20
- Abuse of AUP Joan was really upset by a customer who came into
the bank at 4:55 p.m. and made her stay to fill out a loan
application. On her Myspace page, she put my pet peeve is customers
who come into the bank right before we close.
- Slide 21
- Social Networking Sites Posting information about bank
customers is prohibited without prior authorization from the
Information Security Officer (Name Here). Posting information about
bank customers is prohibited without prior authorization from the
Information Security Officer (Name Here).
- Slide 22
- Safe Social Networking Joan took a lot of pictures at the
recent Customer Appreciate Event. She asked her Information
Security Officer for permission to post them on the banks Facebook
page.
- Slide 23
- Abuse of AUP Perci had to handle yet another difficult customer
today. Since its against policy to access Facebook from her
workstation, she gets out her new i-phone, and tweets That Rusty
Garajki is a BIG JERK.
- Slide 24
- Social Networking Guidelines Anything about the bank that is
not information found in a typical resume should be handled very
carefully. Anything about the bank that is not information found in
a typical resume should be handled very carefully. Employees must
recognize, prior to putting any bank information on a website, that
this information will be available indefinitely and could injure
the banks reputation. Employees must recognize, prior to putting
any bank information on a website, that this information will be
available indefinitely and could injure the banks reputation.
- Slide 25
- Safe Social Networking Perci is a strong believer of
maintaining a strong network of business associates and has found
LinkedIn to be a helpful tool in this endeavor. She lists herself
as Personnel Director at the bank, but does not include bank e-mail
addresses or phone numbers in her profile.
- Slide 26
- Safe Social Networking Marks making good money at the bank but
is always open to potential opportunities. He has a detailed resume
on Monster.com, as well as one on craigslist.com. His resume is
only available to qualified job offerings.
- Slide 27
- Abuse of AUP On Marks myspace page he has the following post:
Im getting out of this place. Its no secret were going broke. Watch
me get fired for writing that. Its PUBLIC INFORMATION idiots!
- Slide 28
- Social Networking Guidelines As such, any postings which do not
exude good professional judgment may be grounds for disciplinary
action and employees may be asked to remove information from
websites whenever possible. As such, any postings which do not
exude good professional judgment may be grounds for disciplinary
action and employees may be asked to remove information from
websites whenever possible. As an employee of the bank, you agree
that what you post on the Internet is similar to what you would say
in a public meeting, and thus... As an employee of the bank, you
agree that what you post on the Internet is similar to what you
would say in a public meeting, and thus...
- Slide 29
- And thus... You agree that you may be held accountable for the
content of your postings. You agree that you may be held
accountable for the content of your postings.
- Slide 30
- Meanwhile, while at home...
- Slide 31
- Especially on social media sites, understand what youre getting
into before you actually get into it! Read Privacy Statements.
- Slide 32
- And review them regularly. Review Privacy Settings.
- Slide 33
- Slide 34
- Facebook Data Classifications Everyone Anybody can see it, they
dont have to be your friends first.
- Slide 35
- Facebook Data Classifications Everyone Friends of Friends
Anybody can see it, they dont have to be your friends first. Still
public because of 7 degrees of separation phenomenon
- Slide 36
- Facebook Data Classifications Everyone Friends of Friends
Friends Only Anybody can see it, they dont have to be your friends
first. Public Information Because of indiscriminate friending, this
can still be dangerous.
- Slide 37
- Facebook Data Classifications Everyone Friends of Friends
Friends Only Other Anybody can see it, they dont have to be your
friends first. Public Information Still dangerous Whitelisting
approach: you get to choose who sees your posts.
- Slide 38
- Data Classification at Bank Other: Whitelisting posts is about
the only post that we would consider to be confidential. Thus,
anything about the bank will be governed by the Acceptable Use
Policy. Its best to just assume that anything about the bank is
governed by the AUP.
- Slide 39
- Slide 40
- Slide 41
- Slide 42
- Slide 43
- Slide 44
- Slide 45
- Slide 46
- Slide 47
- Beware orchestrated attacks... We have made guidelines for safe
social networking available because there are a lot of personal
vulnerabilities in your use of these sites. If you DO have any
questions about this, feel free to talk to the ISO or your
supervisor individually.
- Slide 48
- ?
- Slide 49
- Are you ready for a horror story?
- Slide 50
- Slide 51
- Slide 52
- Slide 53
- ?
- Slide 54
- infotex, inc. 2011