Building an information security awareness program defending against social engineering and technical threats
The best defense against the increasing threat of social engineering attacks is Security Awareness Training to warn your organization''s staff of the risk and educate them on how to protect your organization''s data. Social engineering is not a new tactic, but Building an Securi...
| Otros Autores: | , |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Waltham, Massachusetts :
Elsevier
2014.
|
| Edición: | 1st ed |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009629303306719 |
Tabla de Contenidos:
- Front Cover; Building an Information Security Awareness Program: Defending Against Social Engineeringand Technical Threats; Copyright ; Dedications ; Contents ; Forewords ; Preface ; About the Authors ; Acknowledgments ; Chapter 1: What Is a Security Awareness Program? ; Introduction ; Policy Development ; Policy Enforcement ; Cost Savings ; Production Increases ; Management Buy-In ; Notes ; Chapter 2: Threat ; The Motivations of Online Attackers ; Money ; Industrial Espionage/Trade Secrets ; Hacktivism ; Cyber War ; Bragging Rights ; Notes ; Chapter 3: Cost of a Data Breach
- Ponemon Institute HIPAA; The Payment Card Industry Data Security Standard (PCI DSS) ; State Breach Notification Laws ; Notes ; Chapter 4: Most Attacks Are Targeted ; Targeted Attacks ; Recent Targeted Attacks ; Targeted Attacks Against Law Firms ; Operation Shady Rat ; Operation Aurora ; Night Dragon ; Watering Hole Attacks ; Common Attack Vectors: Common Results ; Notes ; Chapter 5: Who Is Responsible for Security? ; Information Technology (IT) Staff ; The Security Team ; The Receptionist ; The CEO; Accounting ; The Mailroom/Copy Center ; The Runner/Courier
- Everyone Is Responsible for Security Notes ; Chapter 6: Why Current Programs Don''t Work ; The Lecture Is Dead as a Teaching Tool ; The Seven Learning Styles ; Notes ; Chapter 7: Social Engineering; What Is Social Engineering? ; Who Are Social Engineers? ; Why Does It Work? ; How Does It Work? ; Information Gathering ; The Company Website ; Social Media ; Search Engines ; The Dumpster ; The Popular Lunch Spot ; Attack Planning and Execution ; Jerry the Attacker ; The Spear Phishing E-mail ; Hello, Help Desk? ; The Social Engineering Defensive Framework (SEDF) ; Determine Exposure
- Evaluate Defenses Employees ; Defenders ; Educate Employees ; Streamline Existing Technology and Policy ; Planning a Tabletop Exercise ; The Design Phase ; The Execution Phase ; The After-action Phase ; Preventative Tips ; Putting It All Together ; Where can I Learn More About Social Engineering? ; Notes ; Chapter 8: Physical Security; What Is Physical Security? ; Outer Perimeter Security ; Inner Perimeter Security ; Interior Security ; Physical Security Layers ; Deterrence ; Control ; Detection ; Identification ; Threats to Physical Security
- Why Physical Security Is Important to an Awareness Program How Physical Attacks Work ; Reconnaissance ; Off-site Reconnaissance ; Maps ; The Company Website ; Additional Sources ; On-Site Reconnaissance ; Surveillance ; Real Estate Meeting ; RFID Credential Stealing ; Attack Planning ; Attack Execution ; Minimizing the Risk of Physical Attacks ; Preparing for a Physical Assessment ; Set an Objective ; Declare Off-Limits Areas ; Schedule ; Authorization Letter ; Can''t Afford a Physical Security Assessment? ; Notes ; Chapter 9: Types of Training ; Training Types ; Formal Training
- In-Person Training
