What Healthcare Security in 2016 Can Tell Us About How to Train Better for 2017

By Tahshina Mohsin
Security awareness training in healthcare holds significance from many perspectives. Not only is it important to comply with healthcare regulations, it also plays a role in driving a team approach to healthcare security to include workplace ethics, risky behavior and potential beneficial outcomes that result from being security-aware.
» Read more

Building a Security Policy Framework for a Large, Multi-national Company

By Leslie VanCura

Information Security is not just technology. It is a process, a policy, and a culture. Our organization had spent millions of dollars on technology to keep the “bad guys” out, but we had spent little time building the foundations of our Information Security Program. We did not have relevant, current policies or a culture of security awareness among our managers or end users. The technology was not able to prevent end users from disabling it or doing unintentional damage by opening strange email attachments or telling someone their password. This paper will discuss how we created a Security Awareness Program to address this problem. The program covers policy development, an awareness campaign, and compliance monitoring.
» Read more

Crowdsourcing Cybersecurity: How to Raise Security Awareness Through Crowdsourcing

By Daniel Dimov

Public involvement in the investigation of the Boston Marathon bombing and Collaboration Community – an initiative providing U.S. citizens with the ability to post ideas concerning the country’s security issues – are only two examples of crowdsourcing initiatives that incentivize citizen involvement in security issues. The use of crowdsourcing platforms is becoming a trend in solving public security issues and raising security awareness. For example, crowdsourcing platforms are widely utilized for reporting cybersecurity vulnerabilities and threats, such as web browser security, bugs, or phishing attacks. In the ongoing battle with such threats, raising information security awareness may become a crucial weapon. This article will discuss four popular crowdsourcing-based methods that may help raise information security awareness.
» Read more

SecurityIQ Update Adds Healthcare-Specific Modules, Custom Course Notifications

By Megan Sawle

The latest SecurityIQ update includes nine new security awareness modules for healthcare professionals, and custom course notifications to help you increase program completion rates. Read on for complete release details. 9 New Security Awareness Modules for Healthcare Professionals Staying compliant with HIPAA and PPI regulations just became simpler with SecurityIQ’s new security awareness modules for healthcare professionals. Our nine new modules will help you educate your team on how to keep your patients’ sensitive data secure. New modules include: Phishing for Healthcare Professionals & Providers Safe Browsing for Healthcare Professionals & Providers Mobile Security for Healthcare Professionals

» Read more

How Security Awareness Training can Protect Small Businesses

Small businesses are progressively utilizing information technology in business processes, but aren’t doing it securely. In essence, they do not believe adversaries will target them when there several other big, profitable organizations to attack. As a result, they neglect important measures like security awareness training, which leaves their firm in the crosshairs of cyber criminals.

» Read more

Security Awareness for IT Employees

Stating that information security is everyone’s job is not something new; just try asking any person in charge of awareness efforts how many times they have done so. Even if your company has a dedicated security team, it is very important to let every employee know that they have a shared responsibility for the company’s data protection. Since information security is so closely linked to IT protection, most would assume that IT workers would be way ahead of the game, quite aware that they play a major role in data protection and would not stray from secure behavior, following security rules without questioning and helping in the early detection of security related incidents. The simple truth is that most of the time IT employees are among the biggest insider threats to security[1].

» Read more

Anti-Phishing: Factors to Consider When Planning, Developing and Implementing Phishing Awareness Training

By Randi Sherman

Security awareness training is very broad in scope, but essentially it amounts to creating a formalized environment for familiarizing and educating employees about proper procedures for protecting a company from intrusion and theft. Properly designed, it should ensure that all workers understand corporate policies and procedures for using company assets in a secure and conscientious manner. That being said, phishing is a black art. It is designed to trick otherwise conscientious employees into doing something that they would never ordinarily consider. Phishing poses a unique problem to corporate security. In many cases, employees have abrogated their responsibilities, operating under the mistaken impression that filters remove all incoming threats from e-mails. This is a notion that we need to do away with; phishing awareness education is the key.
» Read more

Developing a Security-Awareness Culture – Improving Security Decision Making

By Chris Garrett

CIOs, managers and staff are faced with ever increasing levels of complexity in managing the security of their organizations and in preventing attacks that are increasingly sophisticated. As individuals we are subjected to enormous amounts of information across broad ranges of subjects, for example, security policies, new technologies, new patches, new threats, new sources of information, the list is endless. To fulfill the function of our role in the organization whether at a strategic or tactical level we make many decisions each day in the context of this information. As the environment continues to become more dynamic the process of making good security decisions is becoming more and more challenging. The answer lies in creating security-aware cultures in our organizations. This paper proposes that creating security aware cultures is dependent on improving how individuals make security decisions. Awareness of our decision-making processes as security practitioners can help us ma…
» Read more

Non Technical Countermeasures

By Daniel Brecht

Today’s cyber scammers are quite savvy in their attempts to bypass security measures and collect information and data that should not normally be publicly exposed. Phishing, in particular, is a widely used social engineering technique that targets users by means of a bait to solicit personal information or deceive victims into performing certain actions, such as opening malicious links or attachments.
» Read more

Security Awareness Implications of the 2017 Verizon Data Breach Report

By InfoSec Resources

Each year, Verizon publishes a report that highlights data breach and incident trends from the previous year. This report offers significant insight into not just the types of threats organizations face today, but who perpetrates breaches, the tactics used and, perhaps most importantly, the reason organizations find themselves at risk in the first place. Sadly, in too many of these breaches, security awareness on the part of the affected organization was lacking, and security awareness training could have made a significant difference. While security awareness training cannot provide guaranteed protection and does not play a role in defending against things like DDoS attacks, it has been implicated in a very wide range of breaches that could have been prevented.

» Read more

1 2 3 6