Awareness, A Never Ending Struggle

By Douglas Alred

The setting is a large federal government owned facility operated by a major contractor with quite a number of sub contractor personnel also on site. All contractors and sub contractors are required to attend computer security awareness training by their federal customer. Training rosters are signed and entered into tracking to document that yes, all personnel have received the required training. This may satisfy any government and company requirements but the real test occurs every day. Will employees follow the guidance they have been given in awareness training? Below are some example scenarios that could take place.

» Read more

Who Should Be Able to Opt Out of Security Awareness training – and How

By Ian Palmer

Brad Johnson is adamant that no one in an organization should be exempt from security awareness training. Not the CEO. Not the chief security officer. Nobody. Johnson, the vice president of SystemExperts, says that making exceptions on the security awareness training front would only open companies up to a host of problems that otherwise might have been avoided. “Who should be able to opt out of security awareness training? The simple answer is nobody,” says Johnson. “Yes, I said nobody. What about the chief security officer? Nope. What about the director of IT management? Nope. And so on, and so on. Let’s ask this same kind of question in a different context. What NFL player should be able to opt out of practice? Should an NBA player be able to opt out of warm-ups?”

» Read more

Security Awareness Training as a Revenue Generator

By Miller Henley

One of the roadblocks that IT managers often encounter when trying to implement IT security awareness training initiatives is justifying expenses associated with the program. Businesses live and die by return on investment (ROI) and rightfully so. Executives insist upon proof that any outlay of resources will have a positive impact on the bottom line. Unlike a product that is purchased and resold, an online advertising campaign where clicks may be tracked, or the addition of a new sales rep with a corresponding increase in sales, it is a little more difficult to pinpoint the exact economic benefit of IT security awareness training, but certainly doable.
» Read more

The Components of Top Security Awareness Programs

By Daniel Brecht

A good security awareness program is a great way to inform personnel on any kind of malicious activity targeting an enterprise’s use of cyberspace. It is crucial that organizations’ staff be wary of common fraud schemes, especially those targeting them rather than technical components of the infrastructure. Preparing staff to discover phishing or other types of cyber scams means providing a comprehensive system of training, policies and procedural instructions that could help recognize signs of malfeasance and report suspicious activity and not fall prey of scam artists. End-user training is one of the keys to the successful implementation of any security awareness program.

» Read more

Mobile Security Awareness Can Help Prevent ID Theft

By Ian Palmer

ID theft is definitely big business these days as cyber criminals enjoy ill-gotten gains at the expense of unsuspecting people who all too often do too little to protect themselves. But perhaps even more disconcerting than the ID theft problem is the fact that one solution – mobile security awareness – is all too often overlooked. And, to be sure, mobile security awareness can help to prevent ID theft, which occurs when someone accesses another’s personal data and then pretends to be that person to potentially apply for credit cards or loans.

» Read more

Keeping your Security Awareness Training up to Date

By InfoSec Resources

The more you perform phishing simulation training your users become more and more security-conscious and thereby more aware of the basic phishing symptoms such as spoofed domains, requests for passwords, and unsolicited requests for financial information. This is without doubt a positive byproduct of active training, but keep mind, the real-world attackers are aware that users are becoming better informed as well. A training routine is definitely a must-have, but a stale training plan is only slightly better than no plan at all.

» Read more

Designing the Perfect Security Awareness Newsletter

By John G. Laskey

Even in smaller organizations, a regular security awareness newsletter can support effective, participative security. While your organization’s editorial rules could be a creative break on a really great newsletter, the following tips can help you build up an effective one that will be welcomed by associates and be an asset to the organization’s security. It is important to encourage communications between security managers and the organization’s associates. At best, this can be used to measure the effectiveness of security issues even allowing you to make adjustments where these are merited. Newsletters should encourage discussion; always ensuring things stays inside of editorial guidelines.
» Read more

Strengthen Security with an Effective Security Awareness Program

By Tom Olzak

You’ve developed a world class security program. Your technology-based defenses are cutting edge. Your security team is well trained and ready to handle anything that comes its way. So you’re done, right? Not quite. One of the most important pieces of an effective information asset defense is missing – employee awareness.

» Read more

Security Awareness for End Users

The security of your company relies on a sound digital infrastructure and an IT team that can support it. However, as we’re about to explore below, it’s an organization’s end users that tend to make or break security efforts. This is why security awareness for your end users must become a company priority. If you don’t take this issue seriously, it’s only a matter of time before a cybercriminal is successful with an attack.

» Read more

Social Engineering Your Employees to Information Security

By Martin Manjak

This paper will examine the role and value of Information Security Awareness efforts in the organization. I will discuss the various threats (e.g., social engineering tactics) targeting employees that an InfoSec Awareness campaign is designed to counter. We will review some of the obstacles to implementing a program, offer some tools and strategies for developing effective materials, and lastly look at two case studies of Information Security Awareness campaigns at the University at Albany, SUNY. The appendices contain samples of actual materials developed using the methods discussed in the paper.
» Read more

1 2 3 4 5 28