当前位置:首页 > 报告详情

透明胜于保密.pdf

上传人: 可*** 编号:991872 2025-12-07 20页 2.80MB

1、How we built a security scorecard that drives accountability without fearTransparency over secrecy August 2025Information Security Senior Program Manager Gina AndrewsRocket team member since 2021,spearheading awareness initiatives.Human behavior focusedFormer marketing and event planner for a local

2、non-profitBig picture thinkerGame show junkieMeet the speakersTransparency over secrecy 2Director,Information SecurityJohn CarrServed Rocket since 2007,leading various InfoSec teams.Former IT&InfoSec architect,engineer,sales engineer,consultant,auditor,penetration tester,cat herderLoves people and t

3、echEats a lot of Indian and Ethiopian foodRetrocomputing dorkRCompany Lingo Transparency over secrecy Headquartered in Detroit,MIFinancial Services industry18,000 team members Serves millions of clients nationwideRecognized as a top place to work and a leader in digital transformation23 J.D.Power aw

4、ards in origination and servicing over the past 15 yearsStrong startup-style,scrappy,tech-forward culture3Who is Rocket?R4Problem&VisionTransparency over secrecy Team members were unaware of their InfoSec performanceNo standardized way to measure or improve behaviorHuman risk lacked visibility and c

5、ontextPROBLEMEmpower individuals through personalized feedbackProvide leadership visibility into behavioral trendsShift from secrecy to transparency without fearVISIONRWhat is the Security Scorecard?Transparency over secrecy The Scorecard measures the performance of each team member during InfoSec e

6、xercises to determine an individuals information security risk index.Tooling used:Cofense PhishMePower BIExcel5R6R7Team member viewTransparency over secrecy R8Team leader viewTransparency over secrecy RThe scoring modelTransparency over secrecy 9Weightedscores:Didnotclickonphishingsimulationlink:+1C

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容概括如下: - **项目背景**:Rocket公司信息安全团队面临员工对信息安全性能缺乏了解,缺乏标准化评估方法,以及人类风险缺乏可见性和上下文的问题。 - **解决方案**:开发了信息安全评分卡,用于衡量员工在信息安全练习中的表现,以确定个人信息安全风险指数。 - **工具与技术**:使用Cofense PhishMe、Power BI和Excel等工具。 - **评分模型**:包括点击钓鱼链接、报告钓鱼邮件、密码猜测等行为,并赋予相应的分数。 - **实施过程**:通过邮件、内部博客、海报等多种渠道进行宣传和推广。 - **成效**:首月有8,595次仪表板查看和5,814篇文章查看。 - **未来计划**:2025年将引入新的数据点,并升级评分系统。 关键点: - 首月仪表板查看8,595次,文章查看5,814次。 - 评分卡用于衡量信息安全风险指数。 - 使用多种渠道进行宣传和推广。 - 2025年计划引入新数据点和升级评分系统。
"打造透明度,提升安全意识?" "如何用分数卡驱动信息安全责任?" 信息安全评分卡背后的故事!"
客服
商务合作
小程序
服务号
折叠