Security Awareness Programs - ESTec Security

By: Estec Security  09-12-2011
Keywords: Information Security, Information Assets, Security Awareness


ESTec provides consultants and then offers expert lecturers and seminar-speakers with the materials needed to train and refresh personnel who deal with information assets within your company. Our experts can help to design and implement security awareness programs. Awareness programs can result in a major improvement in information security at a relatively low cost to the organization. Most employees want to maintain security, and all they need to have is a refresher course in the goals and policies of the company in regard to information access. The existence of the program also reminds employees that security is important within the organization.

Sample Case

Customer: A Large American Utility
Services: Security Awareness program development
Problem: Management felt that personnel needed to be reminded of the written policies and standards in regard to information security and wished this teaching to originate in a third party.
Solution: An ESTec consultant custom developed three training courses, one for managers, one for systems administrators, and one for users. The consultant presented the courses and also trained the trainers to give the courses to existing pwersonnel or to new personnel entering the workforce.
The initial testing of the courses received such high reviews that management rolled out the course to 20,000 users, 1,000 managers, and 400 systems administrators.
Results: After the course was complete, the rate of reported information security problems and incidents rose dramatically, while the number of successful intrusions dropped by more than half. The latter represented a saving in the hundreds of thousands per year, while the administrators reported an increased awareness of security matters.


Keywords: Information Assets, Information Security, Security Awareness

Other products and services from Estec Security

09-12-2011

Incident Response - ESTec Security

With the cooperation of the security department of the computer's company, the offender's machine was seized, and an image of the hard drive given to our investigator.A log of the event from both the attack machine and the victim machine was turned over to the FBI.


09-12-2011

ISO 17799 - ESTec Security

A risk assessment allows management to prioritize protection activities and incident handling allows the organization to evaluate how successful it has been in achieving the priorities. Over 30 countries either require ISO 27001 / ISO 17799 / BS 7799 certification for some organizations, or are considering requiring ISO 27001 / ISO 17799 / BS 7799 certification.


09-12-2011

Vulnerability Assessment - ESTec Security

ESTec has experience reviewing systems with widely ranging sensitivities, ranging from Internet Banking to e-commerce to proprietary internal systems. Using industry-standard tools, a trained auditor reviews each machine, identifying all the services offered by the computer. A vulnerability assessment reviews the configuration of a computer or group of computers to identify known vulnerabilities.


09-12-2011

Penetration Testing - ESTec Security

Customer: Major American Power and Gas UtilityServices: Penetration Test the SAP Accounting systemProblem: The utility was preparing to convert all accounting functions to SAP R/3. The penetration testing methodology used by ESTec ensures that all potential weaknesses are tested, including all currently identifiable vulnerabilities.