Critical Success Factors for Security Awareness Programs
The Adobe Flash plugin is needed to view this content
|
Share
|
Send
|
Flag
|
Favorite
|
Views: 51
Save as PPS or open with PowerPoint Viewer
Title:Critical Success Factors for Security Awareness Programs
Description:
Technology and Business Strategy Group of 100 of the largest ... Cullen/Frost Bankers Inc. Edward Jones. Federated Investors Inc. Fidelity Investments ...
Learn more at:http://www.btind.com/documents
Total views:52
Avg rating:3.0
Write a Comment
User Comments (0)
Transcript & Presenter Notes
Title: Critical Success Factors for Security Awareness Programs
1
Critical Success Factors for Security Awareness
Programs
- John Carlson
- Senior Director
- BITS
Business Value of Creating a Security Awareness
Program
February 7 2006 McLean Virginia
2
Agenda
- A Bit about BITS
- Forces that Drive Financial Institutions
- Critical Success Factors for Financial
Institutions - Appendix BITS/Roundtable Members
3
A Bit About BITS
- Technology and Business Strategy Group of 100 of
the largest financial institutions in the US. - CEO-created and CEO and CIO driven.
- Comprised of banks securities and insurance
companies. - Non-lobbying division of The Financial Services
Roundtable. - Focuses on emerging technologies business
strategy e-commerce fraud reduction cyber
security risk management and business
continuity issues. - Works with other critical infrastructure sectors
government organizations technology providers
third-party service providers and other industry
associations to accomplish its goals.
4
BITS Mission
- The BITS Mission is to serve the financial
services industrys needs at the interface
between commerce technology and financial
services.
5
BITS Core Initiatives for 05-06
- Security and Risk Assessment
- Software Security
- IT Service Providers and Shared Assessments
- Fraud Reduction
- Industry Coordination
- Crisis Management Coordination
- Payments Strategies
6
BITS Security and Risk Assessment Working Group
(SRA) Mission
- To strengthen the security and resiliency of
financial services by - Sharing and developing best practices to secure
infrastructures products and services - Maintaining continued public- and private-sector
confidence and - Providing industry input to government agencies
and regulators on policies and regulations.
7
SRA Working Group
- 78 financial institutions and affiliate members
- Membership
- 50 banks
- 15 securities
- 15 insurance
- 10 consumer finance
- 10 affiliates
- See appendix for list of BITS Members
8
Security Concerns
- Growth of ID theft and fraud.
- Security breaches software vulnerabilities and
industry costs for patch management. - Consumer confidence in online financial
services. - Business continuity planning for terrorism events
and natural disasters - Practices of third party providers in US and
abroad. - Development deployment of new technologies
- Decline of older technologies (e.g. decline in
check altering the payments environment). - Regulatory compliance (e.g. Gramm-Leach-Bliley
Act Sarbanes-Oxley Basel I)
9
Security Context for FIs
- Economic and national security relies on the
security reliability recoverability
continuity and maintenance of information
systems. - IT security has a direct and profound impact on
the government and private sectors on the
nations critical infrastructure and on
international economies. - Security is fundamentala first priority for the
financial services industry.
10
Security Context for FIs (contd)
- Security breaches loss of data and related
incidents affect the publics perspective and run
the risk of eroding public confidence. - Arguably the financial services industry is
ahead of other sectors in its robust risk
management systems. - But FIs depend on the safety and soundness of
other critical infrastructure sectors including - Software providers
- Internet Service Providers/Telecom service
providers - Power
- Financial services is a highly regulated industry
with increasingly complex compliance standards.
11
Critical Success Factors for Security Awareness
Programs
- Consider the Corporate Culture
- Establish a program where security awareness and
training are designed to maintain an appropriate
balance between revenue risk and reputation. - Engage Senior Management Support
- Gain senior management approval and communicate
the messages and policies to the entire company.
Developing a culture of security awareness and
individual responsibility is most effective when
the messages are driven by senior management.
12
Critical Success Factors (contd)
- Enforce Policies
- Develop well-written understandable and current
policies to reflect the corporate threat and
regulatory environment. - Awareness and training programs should address
the importance of adhering to policies as well
as the potential financial and reputation impact
to the organization from security events. - Establish a Comprehensive Program
- Whether run centrally or de-centrally the
program should be staffed with experienced
individuals and properly funded to develop
maintain and track the programs effectiveness. - Understand that awareness is not training.
- Training provides employees w/ appropriate skills
knowledge. - Awareness focuses attention.
13
Critical Success Factors (contd)
- Communicate Communicate Communicate But
Target! - Develop the required messages and create a
strategy to communicate them through multiple
channels targeted at different learning styles
and levels. - Utilize multiple touch points.
- From new hires to lines of business to corporate
communications and the human resources department
as well as senior management everyone has an
opportunity and a responsibility to stress the
importance of security. - Recognize that each employee has a role in
protecting the organizations information assets.
- Segmenting employees based upon risk and
responsibility for their roles provides an
opportunity to focus on the policies controls
and consequences of poor information security
behavior. - Communicate the importance of controls and
security to the individuals life outside of
work. - Todays risks and threats extend beyond the
corporate environment.
14
Critical Success Factors (contd)
- Track Effectiveness and Update Your Program
- Use both qualitative and quantitative metrics to
obtain feedback to measure and benchmark the
effectiveness of your security awareness and
training program. - Make change a part of your process because the
risks are constantly changing. - Security Awareness and Training is a long-term
ongoing process.
15
For More Information
- John Carlson
- Senior Director
- Email john_at_fsround.org
- Tel (202) 289-4322
- www.BITSinfo.org
16
Appendix
- BITS/Roundtable Members
17
Roundtable/BITS Members
- ACE INA Holdings Inc.
- AEGON USA Inc.
- Affiliated Managers Group Inc.
- Allianz Life Insurance Company of North America
- Allied Capital Corporation
- The Allstate Corporation
- American Express Company
- American General Financial Services Inc. / AIG
- AmSouth Bancorporation
- Aon Corporation
- Associated Banc-Corp
- Assurant Inc.
- AXA Financial Inc.
- BancorpSouth Inc.
- BancWest Corporation
- Bank of America Corporation
- Bank of Hawaii Corporation
- The Bank of New York Company Inc.
- Barclays Capital Inc.
- BBT Corporation
- Capital One Financial Corporation
- The Charles Schwab Corporation
- The Chubb Corporation
- Citigroup Inc.
- Citizens Financial Group Inc.
18
Roundtable/BITS Members cont.
- City National Corporation
- Comerica Incorporated
- Commerce Bancshares Inc.
- Compass Bancshares Inc.
- Countrywide Financial Corporation
- Credit Suisse First Boston
- Cullen/Frost Bankers Inc.
- Edward Jones
- Federated Investors Inc.
- Fidelity Investments
- Fifth Third Bancorp
- First Commonwealth Financial Corporation
- First Horizon National Corporation
- Ford Motor Credit Company
- Fulton Financial Corporation
- General Electric Company
- Genworth Financial
- GMAC Financial Services
- Guaranty Financial Services
- Harris Bankcorp Inc.
- Hibernia Corporation
- HSBC North America Holdings Inc.
- Hudson United Bancorp
- Huntington Bancshares Incorporated
19
Roundtable/BITS Members cont.
- ING
- Jefferson-Pilot Corporation
- John Deere Credit Company
- JPMorgan Chase Co.
- KeyCorp
- LaSalle Bank Corporation
- Legg Mason Inc.
- Lincoln National Corporation
- MT Bank Corporation
- Marshall Ilsley Corporation
- MassMutual Financial Group
- MBNA Corporation
- Mellon Financial Corporation
- Mercantile Bankshares Corporation
- Merrill Lynch Co. Inc.
- MetLife Inc.
- National City Corporation
- Nationwide
- New Century Financial Corporation
- Northern Trust Corporation
- Old National Bancorp
- The PNC Financial Services Group Inc.
- Popular Inc.
- Principal Financial Group
- Providian Financial Corporation
20
Roundtable/BITS Members cont.
- Prudential Financial Inc.
- Raymond James Financial Inc.
- RBC Centura Banks Inc.
- Regions Financial Corporation
- Sky Financial Group Inc.
- Sovereign Bancorp Inc.
- State Farm Insurance Companies
- State Street Corporation
- SunTrust Banks Inc.
- Synovus
- TD Banknorth Inc.
- TIAA-CREF
- Toyota Motor Credit Corporation
- UBS
- UnionBanCal Corporation
- United Bankshares Inc.
- U.S. Bancorp
- USAA
- Wachovia Corporation
- Waddell Reed Financial Inc.
- Washington Mutual Inc.
- Wells Fargo Company
- Whitney Holding Corporation
- Zions Bancorporation
- Zurich Financial Services
21
BITS Affiliate Members
- American Bankers Association (ABA)
- Association for Payment Clearing Services
(APACS) - Canadian Bankers Association (CBA)
- Canadian Payments Association (CPA)
- Chevy Chase Bank
- The Clearing House
- Credit Union National Association (CUNA)
- The Depository Trust Clearing Corporation
(DTCC) - Independent Community Bankers of America (ICBA)
- NetBank Inc.
Recommended
More from this user
Page of
Other Related Presentations
Page of
