Security awareness for dummies / by Ira Winkler.
By: Winkler, Ira [author]
Language: English Series: --For dummies: Publisher: Hoboken, NJ : John Wiley & Sons, Inc., [2022]Copyright date: ©2022Description: xi, 288 pages: illustrations; 24 cmContent type: text Media type: unmediated Carrier type: volumeISBN: 9781119720928Subject(s): Business enterprises -- Computer networks -- Security measures | Computer securityDDC classification: 658.4/78 LOC classification: HD30.38| Item type | Current location | Home library | Call number | Status | Date due | Barcode | Item holds |
|---|---|---|---|---|---|---|---|
BOOK
|
COLLEGE LIBRARY | COLLEGE LIBRARY SUBJECT REFERENCE | 658.478 W7294 2022 (Browse shelf) | Available | CITU-CL-54255 |
Browsing COLLEGE LIBRARY Shelves , Shelving location: SUBJECT REFERENCE Close shelf browser
|
|
|
|
|
|
|
||
| 658.477 Ul5 2023 Effective crisis communication : moving from crisis to opportunity / | 658.478 N14 2011 Web commerce security : design and development / | 658.478 W593 2017 Management of information security / | 658.478 W7294 2022 Security awareness for dummies / | 658.5/14 L567 2004 Innovation : the missing dimension / | 658.5/4 N551 2003 Methods, standards, and work design / | 658.5/62 B464 2013 Quality improvement / |
Includes index.
Introduction
About This Book
Foolish Assumptions
Icons Used in This Book
Beyond the Book
Where to Go from Here
Part 1: Getting to Know Security Awareness
Chapter 1: Knowing How Security Awareness Programs Work
Understanding the Benefits of Security Awareness
Knowing How Security Awareness Programs Work
Recognizing the Role of Awareness within a Security Program
Disputing the Myth of the Human Firewall
Chapter 2: Starting On the Right Foot: Avoiding What Doesn’t Work
Making a Case Beyond Compliance Standards
Treating Compliance as a Must
Limiting the Popular Awareness Theories
Distinguishing Social Engineering from Security Awareness
Addressing Mental Models That Don’t Work
Making Perfection the Stated Goal
Measuring from the Start
Prioritizing Program Over Product
Choosing Substance Over Style
Understanding the Role of Security Awareness
Chapter 3: Applying the Science Behind Human Behavior and Risk Management
Achieving Common Sense through Common Knowledge
Borrowing Ideas from Safety Science
Applying Accounting Practices to Security Awareness
Applying the ABCs of Awareness
Benefiting from Group Psychology
Remembering That It’s All About Risk
Part 2: Building a Security Awareness Program
Chapter 4: Creating a Security Awareness Strategy
Identifying the Components of an Awareness Program
Figuring Out How to Pay for It All
Chapter 5: Determining Culture and Business Drivers
Understanding Your Organization’s Culture
Identifying Subcultures
Interviewing Stakeholders
Partnering with Other Departments
Chapter 6: Choosing What to Tell The Users
Basing Topics on Business Drivers
Incorporating Personal Awareness Topics
Motivating Users to Do Things “Right”
Common Topics Covered in Security Awareness Programs
Chapter 7: Choosing the Best Tools for the Job
Identifying Security Ambassadors
Knowing the Two Types of Communications Tools
Exploring Your Communications Arsenal
Chapter 8: Measuring Performance
Knowing the Hidden Cost of Awareness Efforts
Meeting Compliance Requirements
Collecting Engagement Metrics
Measuring Improved Behavior
Demonstrating a Tangible Return on Investment
Recognizing Intangible Benefits of Security Awareness
Knowing Where You Started: Day 0 Metrics
Part 3: Putting Your Security Awareness Program Into Action
Chapter 9: Assembling Your Security Awareness Program
Knowing Your Budget
Choosing to Implement One Program or Multiple Programs
Gaining Support from Management
Devising a Quarterly Delivery Strategy
Deciding Whether to Include Phishing Simulations
Planning Which Metrics to Collect and When
Branding Your Security Awareness Program
Chapter 10: Running Your Security Awareness Program
Nailing the Logistics
Getting All Required Approvals
Getting the Most from Day 0 Metrics
Creating Meaningful Reports
Reevaluating Your Program
Redesigning Your Program
Considering Breaking News and Incidents
Chapter 11: Implementing Gamification
Understanding Gamification
Identifying the Four Attributes of Gamification
Figuring Out Where to Gamify Awareness
Examining Some Tactical Gamification Examples
Putting Together a Gamification Program
Promoting the Program
Chapter 12: Running Phishing Simulation Campaigns
Knowing Why Phishing Simulations Matter
Setting Goals for Your Phishing Program
Planning a Phishing Program
Choosing a Phishing Tool
Implementing a Phishing Simulation Program
Running a Phishing Simulation
Tracking Metrics and Identifying Trends
Dealing with Repeat Offenders
Management Reporting
Part 4: The Part of Tens
Chapter 13: Ten Ways to Win Support for Your Awareness Program
Finding Yourself a Champion
Setting the Right Expectations
Addressing Business Concerns
Creating an Executive Program
Starting Small and Simple
Finding a Problem to Solve
Establishing Credibility
Highlighting Actual Incidents
Being Responsive
Looking for Similar Programs
Chapter 14: Ten Ways to Make Friends and Influence People
Garnering Active Executive Support
Courting the Organization’s Influencers
Supporting Another Project That Has Support
Choosing Topics Important to Individuals
Having Some Fun Events
Don’t Promise Perfection
Don’t Overdo the FUD Factor
Scoring an Early Win
Using Real Gamification
Integrating the Organization’s Mission Statement
Chapter 15: Ten Fundamental Awareness Topics
Phishing
Business Email Compromise
Mobile Device Security
Home Network and Computer Security
Password Security
Social Media Security
Physical Security
Malware and Ransomware
Social Engineering
It Can Happen to You
Chapter 16: Ten Helpful Security Awareness Resources
Security Awareness Special Interest Group
CybSafe Research Library
Cybersecurity Culture Guidelines
RSA Conference Library
You Can Stop Stupid
The Work of Sydney Dekker
Human Factors Knowledge Area
People-Centric Security
Human Security Engineering Consortium
How to Run a Security Awareness Program Course
Appendix: Sample Questionnaire
Questions for the CISO or Similar Position
Questions for All Employees
Questions for the HR Department
Questions for the Legal Department
Questions for the Communications Department
Questions Regarding the Appropriate Person for Physical Security
Index
Make security a priority on your team Every organization needs a strong security program. One recent study estimated that a hacker attack occurs somewhere every 37 seconds. Since security programs are only as effective as a team's willingness to follow their rules and protocols, it's increasingly necessary to have not just a widely accessible gold standard of security, but also a practical plan for rolling it out and getting others on board with following it. Security Awareness For Dummies gives you the blueprint for implementing this sort of holistic and hyper-secure program in your organization. Written by one of the world's most influential security professionals--and an Information Systems Security Association Hall of Famer--this pragmatic and easy-to-follow book provides a framework for creating new and highly effective awareness programs from scratch, as well as steps to take to improve on existing ones. It also covers how to measure and evaluate the success of your program and highlight its value to management. Customize and create your own program Make employees aware of the importance of security Develop metrics for success Follow industry-specific sample programs Cyberattacks aren't going away anytime soon: get this smart, friendly guide on how to get a workgroup on board with their role in security and save your organization big money in the long run.
There are no comments for this item.