Genel

What Belongs in a Security Awareness Program?

0 1

What Belongs in a Security Awareness Program? – Security is also a people problem. Security awareness is as important as technical security. As I said in my other blogs, people are the last line of security, so Security Awareness Programs are crucial. In this blog, I’m going to discuss What belongs in a Security awareness training.

1 – What’s Security Awareness Program?

Essentially, security awareness training is a way to provide an appropriate level of knowledge about cybersecurity. Nowadays, security is everybody’s responsibility.

There are three lines of defence;

  • The first line is your controls, how you implement security best practices and prevent compromises.
  • The second line is detection, how you realize attacks or attempted breaches.
  • The third line is your people, how aware your people of security and what they do to avoid being a weak link.

If the security awareness program supports providing the three lines, I can say it’s a good one. Security awareness programs are important because they reinforce that everybody is responsible for security.

2 – What Belongs in a Security Awareness Program?

There are 4 key components in the Security Awareness Program.

1 – Communication

Security should become a part of the conservation in the organization. Management teams must regularly communicate to the employees that security is important. This communication must be clear, regular, appropriate and interactive.

2 – Checklist(s)

There needs to be a checklist. The checklist will help your company stay organized when it comes to developing, maintaining and delivering a security awareness program.

Checklists should include;

  • What to do when a new hire starts and when an employee leaves.
  • How often to remind employees of security protocols.
  • What to do when an incident happens.
  • How to communicate with customers or partners when in a breach.

3 – Content

A security awareness program must have appropriate content. The content should be striking, impactive and not boring, depends on your organization structure, may include;

  • Role-based guide
  • Training programs
  • A handbook (PDF File)
  • Amusing games

4 – Controls

Security Awareness Programs should include control mechanisms such as Threat Intelligence, Incident Reporter, Phishing Simulator etc.

Controls mechanisms are the guards to prevent the car from flying off the road, ensuring that people and systems are only able to do what their roles dictate and only with the appropriate approvals.

“This post is originally published at www.keepnetlabs.com”

RSS Teknoloji Haberleri

  • Daha iyi bir Windows için PowerToys ve PC Manager
    Windows’ta günlük deneyiminizi geliştirecek araçlar mı arıyorsunuz? Microsoft PowerToys ve PC Manager, farklı ihtiyaçlara yönelik çözümler sunarak bilgisayar kullanımını daha verimli ve keyifli hale getiriyor.
  • Yine aynı sorun: iOS 18.4, iPhone pillerini "sömürüyor" mu?
    Apple'ın yeni iOS 18.4 güncellemesi indiren kullanıcılar, iPhone'larının pilinin ışık hızıyla tükendiğinden şikayet etmeye başladı. Peki ama bu pil sorunun sebebi ne? Bu sorundan etkilendiyseniz ne yapmalısınız?
  • Windows 11 kurulumunda işler değişiyor: Tek açık kapı da kapanacak mı?
    Microsoft artık Windows 11'i yüklerken internete bağlanmanız konusunda daha da ısrarcı olacak. Böylece, Microsoft hesabı olmadan Windows 11 kurup kullanma çağı da sona eriyor.
  • vivo V50 Lite İnceleme
    vivo’nun yeni orta segment telefonu V50 Lite, 4 yıl garanti verdiği 6500 mAh’lih pili, şık ve ince formu, yüksek çözünürlüklü ve yansıma yapmayan ekranıyla tüketicilerin kalbini çalmaya aday. Uygun fiyatlı olarak sürülen bu model, fiyatının üzerinde bir performans da vadediyor.
  • Samsung Galaxy Watch'larda can sıkan sorun
    Samsung’un popüler akıllı saat modelleri Galaxy Watch 7 ve Ultra, rastgele bağlantı kesintileri ve yeniden kurulum gerektiren sıfırlama sorunlarıyla kullanıcıları zor durumda bırakıyor.