Your Challenge:
Security threats and exploits continue to be on the rise in the form of advanced persistent threats (APTs) and other unique attack types.
APTs and attackers are looking to go after the weakest link within your organization – the people.
Whether it is a lack of knowledge or a disregard for security, your end users are either the intentional or unintentional cause of security threats for your organization.
Our Advice - Critical Insight:
Even with extremely robust security controls, your end users will continue to be one of the weakest links.
To change the behaviors of your employees, make them invested in organizational security through positive reinforcement.
Our Advice - Impact and Result:
Focus on increasing employees’ knowledge within the training but actively going beyond to change their behavior by making them all security aware.
Go beyond the standard classroom style learning that is expected of training – use new teaching methods and positive reinforcement to ensure that your end users become more security aware.
Use Info-Tech’s blueprint and methodology to craft a program that will engage your audiences and employees, while ensuring to review important security-related topics.
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Build a Security Awareness and Training Program
1. Build a Security Awareness and Training Program
Your weakest link is between the keyboard and the chair.
End users are either the intentional or the unintentional cause of security threats for your organization. They are one of the largest vulnerabilities
organizations face today:
They are easily manipulated through malicious activities
They are then exploited in order to:
Steal information or data
Cause disruption or sabotage to an organization
Organizations invest huge capital into technology-based security controls while, in the meantime, end users will continue to be one of the weakest
links.
The average cost of a data breach due to human error was approximately $160 per record compromised.
Source: Ponemon Institute, 2014 Cost of a Data Breach
Of organizations, 19% found that the cost of a social engineering incident was more than $100,000. For organizations with more than 5,000
employees, this increased to 30%.
Source: Ponemon Institute, 2014 Cost of a Data Breach
Over 95% of all security incidents investigated recognized human error as a contributing error.
IBM Security Services 2014 Cyber Security Intelligence Index
Of companies, 55% indicated that they believe privileged users were the biggest internal threat to corporate data.
Source: 2015 Vormetric Insider Threat Report
There are three main areas that security needs to focus on: technology, process, people
Most organizations are aware of these three areas; however, many focus purely on the technology and process aspects.
The resources and budget spent on the people aspect of security pales in comparison to process and technology.
For any organization to succeed with their technology and process related controls, the people need to be security aware and trained.
There are three main areas that security needs to focus on: technology, process, people
Develop your security awareness and training program using an agile methodology.
For the most effective results, apply the software agile development methodology to your security awareness and training program, focusing on the
continual delivery of customized modules delivered to staff in smaller portions.
Security policies are your foundation. For any security awareness and training to be effective it must be rooted in organizational security policies.
Test your end users. Any sort of mock or simulated testing of end users’ susceptibility to exploitation can prove highly informative to your program.
Test continually. Remind your end users that security is a priority for the entire organization and should be something that is part of every employee’s
responsibilities.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12. http://www.infotech.com/research/ss/build-a-security-
awareness-and-training-program
USEOURBUILDASECURITYAWARENESSANDTRAININGPROGRAMBLUEPRINT
Best-practice Toolkit: Guided Implementations:
120 Do-It-Yourself Project Slides
Plus: 1 other template
Start this project today by calling
1-877-876-3322www.infotech.com
Onsite workshops available
Information Security Awareness and
Training Appropriateness Tool
Information Security Awareness
and Training Program Workbook
Information Security Awareness and
Training Content Development Tool
Information Security Awareness and
Training Program Roadmap Tool
Information Security Awareness
and Training Content Guide
Identify the content
Determine the appropriateness
Determine how to execute the plan
Implement the program
USEOURBUILDASECURITYAWARENESSANDTRAININGPROGRAMBLUEPRINT
Best-practice Toolkit: Guided Implementations:
120 Do-It-Yourself Project Slides
Plus: 1 other template
Start this project today by calling
1-877-876-3322www.infotech.com
Onsite workshops available
Information Security Awareness and
Training Appropriateness Tool
Information Security Awareness
and Training Program Workbook
Information Security Awareness and
Training Content Development Tool
Information Security Awareness and
Training Program Roadmap Tool
Information Security Awareness
and Training Content Guide
Identify the content
Determine the appropriateness
Determine how to execute the plan
Implement the program