Chapter 1: What Is a Security Awareness Program?
The Motivations of Online Attackers
Industrial Espionage/Trade Secrets
Chapter 3: Cost of a Data Breach
The Payment Card Industry Data Security Standard (PCI DSS)
State Breach Notification Laws
Chapter 4: Most Attacks Are Targeted
Targeted Attacks Against Law Firms
Common Attack Vectors: Common Results
Chapter 5: Who Is Responsible for Security?
Information Technology (IT) Staff
Everyone Is Responsible For Security
Chapter 6: Why Current Programs Don't Work
The Lecture is Dead as a Teaching Tool
The Social Engineering Defensive Framework (SEDF)
Where Can I Learn More About Social Engineering?
Why Physical Security is Important to an Awareness Program
Minimizing the Risk of Physical Attacks
Chapter 10: The Training Cycle
Chapter 11: Creating Simulated Phishing Attacks
Understanding the Human Element
Open-Source Tool, Commercial Tool, or Vendor Performed?
Select a Type of Phishing Attack
Chapter 12: Bringing It All Together
Create a Security Awareness Website
Promoting Your Awareness Program
Chapter 13: Measuring Effectiveness
Chapter 14: Stories from the Front Lines
Security Research at Large Information Security Company
Appendix A: Government Resources
Appendix B: Security Awareness Tips
Appendix D: Commercial Security Awareness Training Resources
Appendix E: Other Web Resources and Links
Appendix F: Technical Tools That Can Be Used to Test Security Awareness Programs
Appendix G: The Security Awareness Training Framework
Appendix H: Building A Security Awareness Training Program Outline
Appendix I: State Security Breach Notification Laws
Appendix J: West Virginia State Breach Notification Laws, W.V. Code §§ 46A-2A-101 et seq
Appendix K: HIPAA Breach Notification Rule
Notification by a Business Associate
Federal Trade Commission (FTC) Health Breach Notification Rule
Appendix L: Complying with the FTC Health Breach Notification Rule
Who's Covered by the Health Breach Notification Rule
You're Not a Vendor of Personal Health Records If You're Covered by HIPAA
What Triggers the Notification Requirement
Who You Must Notify and When You Must Notify Them
Answers to Questions About the Health Breach Notification Rule
What’s The Penalty for Violating the FTC Health Breach Notification Rule?
Appendix L: Information Security Conferences
Appendix M: Recorded Presentations on How to Build an Information Security Awareness Program
Appendix N: Articles on How to Build an Information Security Awareness Program