book

Security Awareness For Dummies

by Ira Winkler

May 2022

Beginner

288 pages

7h 23m

English

For Dummies

Audiobook available

Read now

Unlock full access

Copyright
About This BookFoolish AssumptionsIcons Used in This BookBeyond the BookWhere to Go from Here
Understanding the Benefits of Security AwarenessKnowing How Security Awareness Programs WorkRecognizing the Role of Awareness within a Security ProgramDisputing the Myth of the Human Firewall
Making a Case Beyond Compliance StandardsTreating Compliance as a MustLimiting the Popular Awareness TheoriesDistinguishing Social Engineering from Security AwarenessAddressing Mental Models That Don’t WorkMaking Perfection the Stated GoalMeasuring from the StartPrioritizing Program Over ProductChoosing Substance Over StyleUnderstanding the Role of Security Awareness
Achieving Common Sense through Common KnowledgeBorrowing Ideas from Safety ScienceApplying Accounting Practices to Security AwarenessApplying the ABCs of AwarenessBenefiting from Group PsychologyRemembering That It’s All About Risk
Identifying the Components of an Awareness ProgramFiguring Out How to Pay for It All
Understanding Your Organization’s CultureIdentifying SubculturesInterviewing StakeholdersPartnering with Other Departments

Basing Topics on Business DriversIncorporating Personal Awareness TopicsMotivating Users to Do Things “Right”Common Topics Covered in Security Awareness Programs
Identifying Security AmbassadorsKnowing the Two Types of Communications ToolsExploring Your Communications Arsenal
Knowing the Hidden Cost of Awareness EffortsMeeting Compliance RequirementsCollecting Engagement MetricsMeasuring Improved BehaviorDemonstrating a Tangible Return on InvestmentRecognizing Intangible Benefits of Security AwarenessKnowing Where You Started: Day 0 Metrics
Knowing Your BudgetChoosing to Implement One Program or Multiple ProgramsGaining Support from ManagementDevising a Quarterly Delivery StrategyDeciding Whether to Include Phishing SimulationsPlanning Which Metrics to Collect and WhenBranding Your Security Awareness Program
Nailing the LogisticsGetting All Required ApprovalsGetting the Most from Day 0 MetricsCreating Meaningful ReportsReevaluating Your ProgramRedesigning Your ProgramConsidering Breaking News and Incidents
Understanding GamificationIdentifying the Four Attributes of GamificationFiguring Out Where to Gamify AwarenessExamining Some Tactical Gamification ExamplesPutting Together a Gamification ProgramPromoting the Program
Knowing Why Phishing Simulations MatterSetting Goals for Your Phishing ProgramPlanning a Phishing ProgramChoosing a Phishing ToolImplementing a Phishing Simulation ProgramRunning a Phishing SimulationTracking Metrics and Identifying TrendsDealing with Repeat OffendersManagement Reporting
Finding Yourself a ChampionSetting the Right ExpectationsAddressing Business ConcernsCreating an Executive ProgramStarting Small and SimpleFinding a Problem to SolveEstablishing CredibilityHighlighting Actual IncidentsBeing ResponsiveLooking for Similar Programs
Garnering Active Executive SupportCourting the Organization’s InfluencersSupporting Another Project That Has SupportChoosing Topics Important to IndividualsHaving Some Fun EventsDon’t Promise PerfectionDon’t Overdo the FUD FactorScoring an Early WinUsing Real GamificationIntegrating the Organization’s Mission Statement
PhishingBusiness Email CompromiseMobile Device SecurityHome Network and Computer SecurityPassword SecuritySocial Media SecurityPhysical SecurityMalware and RansomwareSocial EngineeringIt Can Happen to You
Security Awareness Special Interest GroupCybSafe Research LibraryCybersecurity Culture GuidelinesRSA Conference LibraryYou Can Stop StupidThe Work of Sydney DekkerHuman Factors Knowledge AreaPeople-Centric SecurityHuman Security Engineering ConsortiumHow to Run a Security Awareness Program Course
Questions for the CISO or Similar PositionQuestions for All EmployeesQuestions for the HR DepartmentQuestions for the Legal DepartmentQuestions for the Communications DepartmentQuestions Regarding the Appropriate Person for Physical Security

Content preview from Security Awareness For Dummies

Chapter 12

Running Phishing Simulation Campaigns

IN THIS CHAPTER

Setting goals for your campaigns

Planning the infrastructure

Putting the infrastructure in place

Configuring the simulations

Performing the actual tests

Dealing with those who can’t stop clicking

Reporting your results

This chapter cover the basics of running a phishing simulation. A phishing simulation (frequently referred to as an assessment, a test, or a campaign) isn’t a mandatory part of a security awareness program, but it is extremely common and is standard for just about all enterprise awareness programs. A phishing simulation is a legitimate component of any awareness program because a phishing attack is the most common type of cybersecurity attack used to target users.

Like all security countermeasures, the ...