Index
Note: Page numbers followed by f indicate figures.
A
Awareness program, security
forensics and security
141
homemade video campaign
86–87
social engineering and nontechnical attacks
126
B
Blue Cross Blue Shield of Tennessee (BCBST)
19
Breach notification laws ,
20–23
Bronze Soldier of Tallinn
11
C
Chief Information Security Officer (CISO)
100–101
Commercial security awareness training resources
161
Computer-based training (CBT)
83
Bronze Soldier of Tallinn
11
D
Department of Health and Human Services (DHHS) ,
16
E
Embedded training
91,
139
Chinese hackers and industrial espionage
36
law firm’s computer system
36
midlevel managers, organization
37
F
FBI alerted lawfirms
26–28
Federal Trade Commission (FTC)
Health Breach notification rule
180
law enforcement officials
188
nation’s consumer protection agency
181
third-party service provider
182
G
H
Health Insurance Portability and Accountability Act (HIPAA)
“Health Care Law Blog”
18
implementation specifications
16
privacy and security rules
19
HIPAA Breach Notification Rule
unsecured protected health information and guidance
176
I
homemade video campaign
86–87
lunch and learn sessions
85–86
Information security awareness program
recorded presentations
190
Information technology (IT) staff
33,
40,
46
Instructor-led training
81–83
screen locking reminder card
42,
42f
segments and quizzes
84–85
Internet Crime Complaint Center (IC3), FBI
27–28
K
L
Layers, physical security
M
in information security awareness program
131,
136
measurements, phishing detection
120
security awareness program
N
National Cyber Security Awareness Month (NCSAM)
117
Network security company, security analyst
151–154
O
personal and financial information
real estate meeting
73–74
RFID credential stealing
74–77
P
Payment Card Industry Data Security Standard (PCI DSS) ,
19–20
network and host operating system
58
organization’s accounting department
35
spear phishing e-mail
103
stamp collecting e-mails
25
attack execution phase
78
Planning and execution, attack
spear phishing e-mail
50–51
PlayStation Network (PSN)
10
R
authorization letter
79–80
organizer and Proxmark3
74,
76f
Proxmark3 hardware
74,
75f
unauthorized entry prevention
74
S
Security awareness program
recorded presentations
190
Security awareness training framework (SATF)
communications/social media team
165
documentation/artifact team
164
purpose/project charter
162
standardized reporting metrics
167–168
taxonomy/classification team
164
Security research, information security company
135–137
Shady RAT operation
28–29
Simulated phishing assessment
high-level methodology
95–96
open-sourced software/tools
96–98
information gathering
47–49
internal phishing campaign
136
persuasion and deception
45
security awareness program
Social Engineering Defensive Framework (SEDF)
education, employees
55–57
exposure determination
53–54
technology and policy
57–61
Social-Engineer Toolkit (SET)
technical tools, security awareness programs
162
State security breach notification laws
170–171
T
defense and government contracting
26
state breach notification laws
31
Targeted training, security
91–92
quarterly security awareness
90
U
Uniform resource locator (URL)
104,
105
V
Visual learning styles
40,
41
W
Watering hole attacks
30–31
Web-based training (WBT)
83–85
Web resources and links
161
Website, security awareness
109–110
West Virginia Consumer Credit and Protection Act
computerized personal information
173–174
notification procedures
23
security breach notice requirements
174