HOME

TheInfoList



Click Here for Items Related To - security awareness
OR:
security awareness on:   [Wikipedia]   [Google]   [Amazon]

Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially informational, assets of that organization. Many organizations require formal security awareness training for all workers when they join the organization and periodically thereafter, usually annually.


Coverage

Topics covered in security awareness training include: *The nature of sensitive material and physical assets they may come in contact with, such as
trade secret Trade secrets are a type of intellectual property that includes formulas, practices, processes, designs, instruments, patterns, or compilations of information that have inherent economic value because they are not generally known or readily asc ...
s,
privacy Privacy (, ) is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. The domain of privacy partially overlaps with security, which can include the concepts of a ...
concerns and government
classified information Classified information is material that a government body deems to be sensitive information that must be protected. Access is restricted by law or regulation to particular groups of people with the necessary security clearance and need to know, ...
*Employee and contractor responsibilities in handling sensitive information, including review of employee
nondisclosure agreement A non-disclosure agreement (NDA) is a legal contract or part of a contract between at least two parties that outlines confidential material, knowledge, or information that the parties wish to share with one another for certain purposes, but wish ...
s *Requirements for proper handling of sensitive material in physical form, including marking, transmission, storage and destruction *Proper methods for protecting sensitive information on
computer A computer is a machine that can be programmed to Execution (computing), carry out sequences of arithmetic or logical operations (computation) automatically. Modern digital electronic computers can perform generic sets of operations known as C ...
systems, including
password policy A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. A password policy is often part of an organization's official regulations and may be taught as part o ...
and use of
two-factor authentication Multi-factor authentication (MFA; encompassing two-factor authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting ...
*Other computer security concerns, including
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
,
phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...
, social engineering, etc. *Workplace security, including building access, wearing of security badges, reporting of incidents, forbidden articles, etc. *Consequences of failure to properly protect information, including potential loss of employment, economic consequences to the firm, damage to individuals whose private records are divulged, and possible
civil Civil may refer to: *Civic virtue, or civility *Civil action, or lawsuit * Civil affairs *Civil and political rights *Civil disobedience *Civil engineering *Civil (journalism), a platform for independent journalism *Civilian, someone not a membe ...
and criminal penalties Security awareness means understanding that there is the potential for some people to deliberately or accidentally steal, damage, or misuse the data that is stored within a company's computer systems and throughout its organization. Therefore, it would be prudent to support the assets of the institution (information, physical, and personal) by trying to stop that from happening. According to the European Network and Information Security Agency, "Awareness of the risks and available safeguards is the first line of defence for the security of information systems and networks." "The focus of Security Awareness consultancy should be to achieve a long term shift in the attitude of employees towards security, whilst promoting a cultural and behavioural change within an organisation. Security policies should be viewed as key enablers for the organisation, not as a series of rules restricting the efficient working of your business."


Measuring security awareness

In a 2016 study, researchers developed a method of measuring security awareness.{{cite journal, last1=Giboney, first1=Justin Scott, last2=Proudfoot, first2=Jeffrey Gainer, last3=Goel, first3=Sanjay, last4=Valacich, first4=Joseph S, title=The Security Expertise Assessment Measure (SEAM): Developing a scale for hacker expertise, journal=Computers & Security, date=2016, volume=60, pages=37–51, doi=10.1016/j.cose.2016.04.001 Specifically they measured "understanding about circumventing security protocols, disrupting the intended functions of systems or collecting valuable information, and not getting caught" (p. 38). The researchers created a method that could distinguish between experts and novices by having people organize different security scenarios into groups. Experts will organize these scenarios based on centralized security themes where novices will organize the scenarios based on superficial themes.


See also

*
Access control In the fields of physical security and information security, access control (AC) is the selective restriction of access to a place or other resource, while access management describes the process. The act of ''accessing'' may mean consuming ...
*
Physical Security Physical security describes security measures that are designed to deny unauthorized access to facilities, equipment and resources and to protect personnel and property from damage or harm (such as espionage, theft, or terrorist attacks). Physica ...
*
Security Security is protection from, or resilience against, potential harm (or other unwanted coercive change) caused by others, by restraining the freedom of others to act. Beneficiaries (technically referents) of security may be of persons and social ...
*
Security controls Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. In the field of information security, such controls protect the c ...
*
Security management Security management is the identification of an organization's assets (including people, buildings, machines, systems and information assets), followed by the development, documentation, and implementation of policies and procedures for protec ...
*
ISO/IEC 27002 ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC), titled ''Information security, cybersecurity and privacy protect ...
* Internet Security Awareness Training


References


External links


Army's Security Education, Training and Awareness Site The Security Awareness CycleComparison of Security Awareness Training Companies
Computer security Security