Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
From awareness to culture:Building an effective security program
Chester WisniewskiPrincipal Research Scientist
October 2016
Who am I?
2
The problem
Which is easier to circumvent?
4
The keys to social engineering
5
I’m here to help
6
Criminal tactics
We’re good at detecting this
8
Not so good at this
9
Not so good at this
10
High definition phishing
11
Open Source Intelligence
12
Education only goes so far
13
What to do about it
The number is 3.
15
People
Creating a security culture
17
The great phish debate
18
Use the force
19
Source: Verizon Data Breach Investigation Report 2016
AlwaysClick
SuspiciousReport to IT
Process
Assess risk
21
Focus where it matters most
22
Continuous improvement
23
Tools
Continuous improvement
25
Compatible → cooperating
26
Here to help
27
https://www.sophos.com/free-tools.aspx