Security Awareness For Dummies
- Length: 288 pages
- Edition: 1
- Language: English
- Publisher: For Dummies
- Publication Date: 2022-05-03
- ISBN-10: 1119720923
- ISBN-13: 9781119720928
- Sales Rank: #3231016 (See Top 100 Books)
Make security a priority on your team
Every organization needs a strong security program. One recent study estimated that a hacker attack occurs somewhere every 37 seconds. Since security programs are only as effective as a team’s willingness to follow their rules and protocols, it’s increasingly necessary to have not just a widely accessible gold standard of security, but also a practical plan for rolling it out and getting others on board with following it. Security Awareness For Dummies gives you the blueprint for implementing this sort of holistic and hyper-secure program in your organization.
Written by one of the world’s most influential security professionals—and an Information Systems Security Association Hall of Famer—this pragmatic and easy-to-follow book provides a framework for creating new and highly effective awareness programs from scratch, as well as steps to take to improve on existing ones. It also covers how to measure and evaluate the success of your program and highlight its value to management.
- Customize and create your own program
- Make employees aware of the importance of security
- Develop metrics for success
- Follow industry-specific sample programs
Cyberattacks aren’t going away anytime soon: get this smart, friendly guide on how to get a workgroup on board with their role in security and save your organization big money in the long run.
Title Page Copyright Page Table of Contents Introduction About This Book Foolish Assumptions Icons Used in This Book Beyond the Book Where to Go from Here Part 1 Getting to Know Security Awareness Chapter 1 Knowing How Security Awareness Programs Work Understanding the Benefits of Security Awareness Reducing losses from phishing attacks Reducing losses by reducing risk Grasping how users initiate loss Knowing How Security Awareness Programs Work Establishing and measuring goals Showing users how to “do things right” Recognizing the Role of Awareness within a Security Program Disputing the Myth of the Human Firewall Chapter 2 Starting On the Right Foot: Avoiding What Doesn’t Work Making a Case Beyond Compliance Standards Treating Compliance as a Must Motivating users to take action Working within the compliance budget Limiting the Popular Awareness Theories Applying psychology to a diverse user base Differentiating between marketing and awareness Distinguishing Social Engineering from Security Awareness Addressing Mental Models That Don’t Work Making Perfection the Stated Goal Measuring from the Start Prioritizing Program Over Product Choosing Substance Over Style Understanding the Role of Security Awareness Chapter 3 Applying the Science Behind Human Behavior and Risk Management Achieving Common Sense through Common Knowledge Borrowing Ideas from Safety Science Recognizing incidents as system failures Responding to incidents Applying Accounting Practices to Security Awareness Applying the ABCs of Awareness Benefiting from Group Psychology The ABCs of behavioral science The Fogg Behavior Model Relating B:MAP to the ABCs of awareness and behavior The Forgetting Curve Remembering That It’s All About Risk Optimizing risk The risk formula Part 2 Building a Security Awareness Program Chapter 4 Creating a Security Awareness Strategy Identifying the Components of an Awareness Program Choosing effective communications tools Picking topics based on business drivers Knowing when you’re a success Figuring Out How to Pay for It All Chapter 5 Determining Culture and Business Drivers Understanding Your Organization’s Culture Determining security culture Recognizing how culture relates to business drivers Identifying Subcultures Interviewing Stakeholders Requesting stakeholder interviews Scheduling the interviews Creating interview content Taking names Partnering with Other Departments Chapter 6 Choosing What to Tell The Users Basing Topics on Business Drivers Incorporating Personal Awareness Topics Motivating Users to Do Things “Right” Common Topics Covered in Security Awareness Programs Phishing Social engineering Texting and instant messaging security Physical security Malware Ransomware Password security Cloud security USB device security Internet of Things Travel security Wi-Fi security Mobile devices Work from home Basic computer security Insider threat Protecting children on the internet Social media security Moving security Compliance topics Chapter 7 Choosing the Best Tools for the Job Identifying Security Ambassadors Finding ambassadors Maintaining an ambassador program Knowing the Two Types of Communications Tools Reminding users to take action Requiring interaction from users Exploring Your Communications Arsenal Knowledgebase Posters Hardcopy newsletters Monitor displays Screen savers Pamphlets Desk drops Table tents Coffee cups or sleeves Stickers Mouse pads Pens and other useful giveaways Camera covers Squishy toys and other fun giveaways Active communications tools Chapter 8 Measuring Performance Knowing the Hidden Cost of Awareness Efforts Meeting Compliance Requirements Collecting Engagement Metrics Attendance metrics Likability metrics Knowledge metrics Measuring Improved Behavior Tracking the number of incidents Examining behavior with simulations Tracking behavior with gamification Demonstrating a Tangible Return on Investment Recognizing Intangible Benefits of Security Awareness Knowing Where You Started: Day 0 Metrics Part 3 Putting Your Security Awareness Program Into Action Chapter 9 Assembling Your Security Awareness Program Knowing Your Budget Finding additional sources for funding Allocating for your musts Limiting your discretionary budget Appreciating your team as your most valuable resource Choosing to Implement One Program or Multiple Programs Managing multiple programs Beginning with one program Gaining Support from Management Devising a Quarterly Delivery Strategy Ensuring that your message sticks Distributing topics over three months Deciding Whether to Include Phishing Simulations Planning Which Metrics to Collect and When Considering metrics versus topics Choosing three behavioral metrics Incorporating Day 0 metrics Scheduling periodic updates Biasing your metrics Branding Your Security Awareness Program Creating a theme Maintaining brand consistency Coming up with a catchphrase and logo Promoting your program with a mascot Chapter 10 Running Your Security Awareness Program Nailing the Logistics Determining sources or vendors Scheduling resources and distribution Contracting vendors Recognizing the role of general project management Getting All Required Approvals Getting the Most from Day 0 Metrics Creating Meaningful Reports Presenting reports as a graphical dashboard Adding index scores Creating an awareness index Reevaluating Your Program Reconsidering your metrics Evaluating your communications tools Measuring behavioral changes Redesigning Your Program Anything stand out? Adding subcultures Adding, deleting, and continuing metrics Adding and discontinuing communications tools Revisiting awareness topics Considering Breaking News and Incidents Chapter 11 Implementing Gamification Understanding Gamification Identifying the Four Attributes of Gamification Figuring Out Where to Gamify Awareness Examining Some Tactical Gamification Examples Phishing reporting Clean desk drops Tailgating exercises USB drop reporting Reporting security incidents Ad hoc gamification Putting Together a Gamification Program Determining reward tiers Assigning point levels Creating a theme Offering valid rewards Assigning points to behaviors Tracking users and the points they earn Promoting the Program Chapter 12 Running Phishing Simulation Campaigns Knowing Why Phishing Simulations Matter Setting Goals for Your Phishing Program Checking the box Producing easy metrics Benefiting from just-in-time training Differentiating between risky and secure users Planning a Phishing Program Identifying the players Obtaining permission and buy-in Allocating enough time for phishing simulations Choosing responsive tools Choosing a Phishing Tool Creating custom phishing tools Choosing vendor options Knowing which options are available Separating CBT and phishing vendors Matching vendor features to your needs Identifying features that can cause problems Hiring managed services Integrating machine learning Implementing a Phishing Simulation Program Integrating Active Directory Working with subcultures and geographies Choosing languages Registering phishing domains Defining program goals Collecting Day 0 metrics Running a Phishing Simulation Determining the targets Preparing the lures Determining the sophistication of the test Constructing the lures Finding lure ideas Adhering to ethical considerations Creating landing pages Addressing logistical concerns Coordinating whitelisting and working around spam filters Adding gamification Determining phishing frequency Scheduling the tests Anticipating user responses Alerting the appropriate parties Conducting a pilot test Tracking Metrics and Identifying Trends Dealing with Repeat Offenders Management Reporting Part 4 The Part of Tens Chapter 13 Ten Ways to Win Support for Your Awareness Program Finding Yourself a Champion Setting the Right Expectations Addressing Business Concerns Creating an Executive Program Starting Small and Simple Finding a Problem to Solve Establishing Credibility Highlighting Actual Incidents Being Responsive Looking for Similar Programs Chapter 14 Ten Ways to Make Friends and Influence People Garnering Active Executive Support Courting the Organization’s Influencers Supporting Another Project That Has Support Choosing Topics Important to Individuals Having Some Fun Events Don’t Promise Perfection Don’t Overdo the FUD Factor Scoring an Early Win Using Real Gamification Integrating the Organization’s Mission Statement Chapter 15 Ten Fundamental Awareness Topics Phishing Business Email Compromise Mobile Device Security Home Network and Computer Security Password Security Social Media Security Physical Security Malware and Ransomware Social Engineering It Can Happen to You Chapter 16 Ten Helpful Security Awareness Resources Security Awareness Special Interest Group CybSafe Research Library Cybersecurity Culture Guidelines RSA Conference Library You Can Stop Stupid The Work of Sydney Dekker Human Factors Knowledge Area People-Centric Security Human Security Engineering Consortium How to Run a Security Awareness Program Course Appendix Sample Questionnaire Index EULA
Donate to keep this site alive
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.