Security and Privacy in a Networked World/Training: Herding cats: erinevus redaktsioonide vahel
Allikas: KakuWiki
Mine navigeerimisribaleMine otsikasti
WikiHaldur (arutelu | kaastöö) (Created page with " Intro Awareness training - some possible topics Generic * We are targets * Social Engineering Main technologies * Web * E-mail * Instant messaging * Social networks *...") |
WikiHaldur (arutelu | kaastöö) Resümee puudub |
||
32. rida: | 32. rida: | ||
Special groups to train | Special groups to train | ||
* IT staff - those actually in charge, including administrators, developers, support/helpdesk | * IT staff - those actually in charge of technology, including administrators, developers, support/helpdesk etc. While these employees tend to be more knowledgeable about IT risks, lax attitudes towards security is a common problem (Estonians may recall the case with Eesti Telefon - it was leaked to the media that their main server's admin password was "kala" (fish)...). Training should generally focus on actual examples and be clearly connected to the security policies present. | ||
* Higher management - can be especially difficult to train due to limited time resources and sometimes also mixed attitudes (reluctant to learn, feeling being 'above the law' etc). Should especially focus on social engineering, mobile/travel/cloud and data security, but also reach adequate knowledge of common applications usage (e.g. e-mail). | * Higher management - can be especially difficult to train due to their limited time resources and sometimes also mixed attitudes (reluctant to learn, feeling being 'above the law' etc). Should especially focus on social engineering, mobile/travel/cloud and data security, but also reach adequate knowledge of common applications usage (e.g. e-mail). Also, clear connections to security policies and stressing their universality (i.e. everyone must comply) may help. | ||
* Service staff (janitors, drivers, couriers etc) - a major target for social engineers, therefore the training must focus on recognizing and neutralizing SE-based attacks. However, with training these people can be valuable in countering threats due to their mobility and "low profile" image ("just a janitor - he is supposed to be there"). | * Service staff (janitors, drivers, couriers etc) - a major target for social engineers, therefore the training must focus on recognizing and neutralizing SE-based attacks. However, with training these people can be valuable in countering threats due to their mobility and "low profile" image ("just a janitor - he is supposed to be there"). | ||
39. rida: | 39. rida: | ||
* Physical security - doors and locks | * Physical security - doors and locks | ||
* BYOD and teleworking | |||
* Protecting home | * Protecting home | ||
* Travelling abroad | * Travelling abroad | ||
Redaktsioon: 4. mai 2014, kell 08:11
Intro
Awareness training - some possible topics
Generic
- We are targets
- Social Engineering
Main technologies
- Web
- Instant messaging
- Social networks
- Wi-Fi
- Mobile devices
- Cloud services
- Access control - passwords and other measures
- Data security - creation, maintenance and safe destruction
- Threats from inside
- Children online
- Damage control
Special groups to train
- IT staff - those actually in charge of technology, including administrators, developers, support/helpdesk etc. While these employees tend to be more knowledgeable about IT risks, lax attitudes towards security is a common problem (Estonians may recall the case with Eesti Telefon - it was leaked to the media that their main server's admin password was "kala" (fish)...). Training should generally focus on actual examples and be clearly connected to the security policies present.
- Higher management - can be especially difficult to train due to their limited time resources and sometimes also mixed attitudes (reluctant to learn, feeling being 'above the law' etc). Should especially focus on social engineering, mobile/travel/cloud and data security, but also reach adequate knowledge of common applications usage (e.g. e-mail). Also, clear connections to security policies and stressing their universality (i.e. everyone must comply) may help.
- Service staff (janitors, drivers, couriers etc) - a major target for social engineers, therefore the training must focus on recognizing and neutralizing SE-based attacks. However, with training these people can be valuable in countering threats due to their mobility and "low profile" image ("just a janitor - he is supposed to be there").
Environment
- Physical security - doors and locks
- BYOD and teleworking
- Protecting home
- Travelling abroad
Study and Blog
- Pick a topic above (e.g. passwords or social networks) and write a short awareness training programme for your colleagues (those who do not work may use a fictional company).