Security and Privacy in a Networked World/Training: Herding cats
Allikas: KakuWiki
Mine navigeerimisribaleMine otsikasti
Intro
Awareness training - some possible topics
Generic
- We are targets
- Social Engineering
Main technologies
- Web
- Instant messaging
- Social networks
- Wi-Fi
- Mobile devices
- Cloud services
- Access control - passwords and other measures
- Data security - creation, maintenance and safe destruction
- Threats from inside
- Children online
- Damage control
Special groups to train
- IT staff - those actually in charge, including administrators, developers, support/helpdesk
- Higher management - can be especially difficult to train due to limited time resources and sometimes also mixed attitudes (reluctant to learn, feeling being 'above the law' etc). Should especially focus on social engineering, mobile/travel/cloud and data security, but also reach adequate knowledge of common applications usage (e.g. e-mail).
- Service staff (janitors, drivers, couriers etc) - a major target for social engineers, therefore the training must focus on recognizing and neutralizing SE-based attacks. However, with training these people can be valuable in countering threats due to their mobility and "low profile" image ("just a janitor - he is supposed to be there").
Environment
- Physical security - doors and locks
- Protecting home
- Travelling abroad
- BYOD and teleworking
Study and Blog
- Pick a topic above (e.g. passwords or social networks) and write a short awareness training programme for your colleagues (those who do not work may use a fictional company).