The best defense against the increasing threat of social engineering attacks is Security Awareness Training to warn your organization's staff of the risk and educate them on how to protect your organization's data. Social engineering is not a new tactic, but Building an Security Awareness Program is the first book that shows you how to build a successful security awareness training program from the ground up.
Building an Security Awareness Program provides you with a sound technical basis for developing a new training program. The book also tells you the best ways to garner management support for implementing the program. Author Bill Gardner is one of the founding members of the Security Awareness Training Framework. Here, he walks you through the process of developing an engaging and successful training program for your organization that will help you and your staff defend your systems, networks, mobile devices, and data.
Forewords written by Dave Kennedy and Kevin Mitnick!
- The most practical guide to setting up a Security Awareness training program in your organization
- Real world examples show you how cyber criminals commit their crimes, and what you can do to keep you and your data safe
- Learn how to propose a new program to management, and what the benefits are to staff and your company
- Find out about various types of training, the best training cycle to use, metrics for success, and methods for building an engaging and successful program
Table of contents
- Cover image
- Title page
- Table of Contents
- About the Authors
- Chapter 1: What Is a Security Awareness Program?
- Chapter 2: Threat
- Chapter 3: Cost of a Data Breach
- Chapter 4: Most Attacks Are Targeted
- Chapter 5: Who Is Responsible for Security?
- Chapter 6: Why Current Programs Don't Work
- Chapter 7: Social Engineering
- Chapter 8: Physical Security
- Chapter 9: Types of Training
- Chapter 10: The Training Cycle
Chapter 11: Creating Simulated Phishing Attacks
- Simulated Phishing Attacks
- Understanding the Human Element
- Open-Source Tool, Commercial Tool, or Vendor Performed?
- Before You Begin
- Determine Attack Objective
- Select Recipients
- Select a Type of Phishing Attack
- Composing the E-mail
- Creating the Landing Page
- Sending the E-mail
- Tracking Results
- Post Assessment Follow-up
- Chapter 12: Bringing It All Together
- Chapter 13: Measuring Effectiveness
- Chapter 14: Stories from the Front Lines
- Appendix A: Government Resources
- Appendix B: Security Awareness Tips
- Appendix C: Sample Policies
- Appendix D: Commercial Security Awareness Training Resources
- Appendix E: Other Web Resources and Links
- Security Awareness Posters
- Appendix F: Technical Tools That Can Be Used to Test Security Awareness Programs
- Appendix G: The Security Awareness Training Framework
- Appendix H: Building A Security Awareness Training Program Outline
- Appendix I: State Security Breach Notification Laws
- Appendix J: West Virginia State Breach Notification Laws, W.V. Code §§ 46A-2A-101 et seq
- Appendix K: HIPAA Breach Notification Rule
- Notification by a Business Associate
- Federal Trade Commission (FTC) Health Breach Notification Rule
- Appendix L: Complying with the FTC Health Breach Notification Rule
- Who's Covered by the Health Breach Notification Rule
- You're Not a Vendor of Personal Health Records If You're Covered by HIPAA
- Third-Party Service Provider
- What Triggers the Notification Requirement
- What to do If a Breach Occurs
- Who You Must Notify and When You Must Notify Them
- How to Notify People
- What Information to Include
- Answers to Questions About the Health Breach Notification Rule
- We’re an HIPAA Business Associate, But We Also Offer Personal Health Record Services to the Public. Which Rule Applies to Us?
- What’s The Penalty for Violating the FTC Health Breach Notification Rule?
- Law Enforcement Officials Have Asked us to Delay Notifying People About the Breach. Whatshould we Do?
- Where Can I Learn More ABout the FTC Health Breach Notification Rule? Visit www.ftc.gov/healthbreach.
- Your Opportunity to Comment
- Appendix L: Information Security Conferences
- Appendix M: Recorded Presentations on How to Build an Information Security Awareness Program
- Appendix N: Articles on How to Build an Information Security Awareness Program
- Title: Building an Information Security Awareness Program
- Release date: August 2014
- Publisher(s): Syngress
- ISBN: 9780124199811
You might also like
Head First Design Patterns, 2nd Edition
You know you don’t want to reinvent the wheel, so you look to design patterns—the lessons …
Ethical Hacking and Penetration Testing Guide
Requiring no prior hacking experience, Ethical Hacking and Penetration Testing Guide supplies a complete introduction to …
Transformational Security Awareness
Expert guidance on the art and science of driving secure behaviors Transformational Security Awareness empowers security …
Building Microservices, 2nd Edition
Distributed systems have become more fine-grained as organizations shift from code-heavy monolithic applications to smaller, self-contained …