Home Page Icon
Home Page
Table of Contents for
Cover image
Close
Cover image
by Valerie Thomas, Bill Gardner
Building an Information Security Awareness Program
Cover image
Title page
Table of Contents
Copyright
Dedications
Forewords
Preface
About the Authors
Acknowledgments
Chapter 1: What Is a Security Awareness Program?
Abstract
Introduction
Policy Development
Policy Enforcement
Cost Savings
Production Increases
Management Buy-In
Chapter 2: Threat
Abstract
The Motivations of Online Attackers
Money
Industrial Espionage/Trade Secrets
Hacktivism
Cyber War
Bragging Rights
Chapter 3: Cost of a Data Breach
Abstract
Ponemon Institute
HIPAA
The Payment Card Industry Data Security Standard (PCI DSS)
State Breach Notification Laws
Chapter 4: Most Attacks Are Targeted
Abstract
Targeted Attacks
Recent Targeted Attacks
Targeted Attacks Against Law Firms
Operation Shady RAT
Operation Aurora
Night Dragon
Watering Hole Attacks
Common Attack Vectors: Common Results
Chapter 5: Who Is Responsible for Security?
Abstract
Information Technology (IT) Staff
The Security Team
The Receptionist
The CEO
Accounting
The Mailroom/Copy Center
The Runner/Courier
Everyone Is Responsible For Security
Chapter 6: Why Current Programs Don't Work
Abstract
The Lecture is Dead as a Teaching Tool
Chapter 7: Social Engineering
Abstract
What is Social Engineering?
Who are Social Engineers?
Why Does It Work?
How Does It Work?
Information Gathering
Attack Planning and Execution
The Social Engineering Defensive Framework (SEDF)
Where Can I Learn More About Social Engineering?
Chapter 8: Physical Security
Abstract
What is Physical Security?
Physical Security Layers
Threats to Physical Security
Why Physical Security is Important to an Awareness Program
How Physical Attacks Work
Minimizing the Risk of Physical Attacks
Chapter 9: Types of Training
Abstract
Training Types
Formal Training
Informal Training
Chapter 10: The Training Cycle
Abstract
The Training Cycle
New Hire
Quarterly
Biannual
Continual
Point of Failure
Targeted Training
Sample Training Cycles
Adjusting Your Training Cycle
Chapter 11: Creating Simulated Phishing Attacks
Abstract
Simulated Phishing Attacks
Understanding the Human Element
Methodology
Open-Source Tool, Commercial Tool, or Vendor Performed?
Before You Begin
Determine Attack Objective
Select Recipients
Select a Type of Phishing Attack
Composing the E-mail
Creating the Landing Page
Sending the E-mail
Tracking Results
Post Assessment Follow-up
Chapter 12: Bringing It All Together
Abstract
Create a Security Awareness Website
Sample Plans
Promoting Your Awareness Program
Chapter 13: Measuring Effectiveness
Abstract
Measuring Effectiveness
Measurements vs. Metrics
Creating Metrics
Additional Measurements
Reporting Metrics
Chapter 14: Stories from the Front Lines
Abstract
Phil Grimes
Amanda Berlin
Jimmy Vo
Security Research at Large Information Security Company
Harry Regan
Tess Schrodinger
Security Analyst at a Network Security Company
Ernie Hayden
Appendices
Appendix A: Government Resources
Appendix B: Security Awareness Tips
Appendix C: Sample Policies
Appendix D: Commercial Security Awareness Training Resources
Appendix E: Other Web Resources and Links
Security Awareness Posters
Appendix F: Technical Tools That Can Be Used to Test Security Awareness Programs
Appendix G: The Security Awareness Training Framework
Appendix H: Building A Security Awareness Training Program Outline
Appendix I: State Security Breach Notification Laws
Appendix J: West Virginia State Breach Notification Laws, W.V. Code §§ 46A-2A-101 et seq
Appendix K: HIPAA Breach Notification Rule
Notification by a Business Associate
Federal Trade Commission (FTC) Health Breach Notification Rule
Appendix L: Complying with the FTC Health Breach Notification Rule
Who's Covered by the Health Breach Notification Rule
You're Not a Vendor of Personal Health Records If You're Covered by HIPAA
Third-Party Service Provider
What Triggers the Notification Requirement
What to do If a Breach Occurs
Who You Must Notify and When You Must Notify Them
How to Notify People
What Information to Include
Answers to Questions About the Health Breach Notification Rule
We’re an HIPAA Business Associate, But We Also Offer Personal Health Record Services to the Public. Which Rule Applies to Us?
What’s The Penalty for Violating the FTC Health Breach Notification Rule?
Law Enforcement Officials Have Asked us to Delay Notifying People About the Breach. Whatshould we Do?
Where Can I Learn More ABout the FTC Health Breach Notification Rule? Visit www.ftc.gov/healthbreach.
Your Opportunity to Comment
Appendix L: Information Security Conferences
Appendix M: Recorded Presentations on How to Build an Information Security Awareness Program
Appendix N: Articles on How to Build an Information Security Awareness Program
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Title page
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset