Patch the People – Education for Customers and Employees
Tuesday, October 17, 2017
10:00 am – 12:00 pm CT
Recommended for 2.5 CE Credits
We patch outdated operating systems, vulnerable software programs, and firmware on hardware devices, but how do we patch people? Hardware and software programs generally do as they are instructed, but people do not and can easily fall victim to social engineering attacks. Education and training can be our process to patch our people. During our session, we will explore traditional ways education has been deployed and look to improve those processes with more advanced and effective methods of patching our people. We will also look at best practices for addressing similar issues with business customers and highlight common educational practices.
One major objective of this session is to highlight the need for continual educational programs for people. Historically, we have trained people for an hour, every 365 days. Now compare this to patching our IT systems, some do that monthly. A continual educational program will enable better decision making by employees, board members, and customers every day. Ensuring continual reminders and awareness to critical banking issues.
- Employee, Board, and Customer training models
- Weaknesses in compliance based approach to education
- Implementing a risk based approach
- Building an effective policy
- Key elements of improved security awareness and training programs
- Integration with social engineering test
Who Should Attend:
Information Security Officer, IT Manager, Risk Officer, Internal Auditor, and Executives looking to understand the risk around Social Engineering and how to mitigate people risk.
Chad Knutson is a Senior Information Security Consultant and serves as President of the SBS CyberSecurity out of Madison, SD. SBS is a leader in information security consulting for the financial industry in the US. SBS works with more than 900 banks around the country on information security services such as the development of Information Security Programs, Policies, and Risk Assessments, along with performing IT Audits, Penetration Tests, Vulnerability Assessment and other security services. Chad is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Certified in Risk and Information Security Controls (CRISC), and received his Bachelor of Science in Computer Information Systems and his Master of Science in Information Assurance with an emphasis in Banking and Finance Security from Dakota State University. Chad has been with SBS since 2004 and has consulted with many financial institutions during this time.