Security Awareness For Dummies

MAKE SECURITY A PRIORITY ON YOUR TEAM

Every organization needs a strong security program. One recent study estimated that a hacker attack occurs somewhere every 37 seconds. Since security programs are only as effective as a team’s willingness to follow their rules and protocols, it’s increasingly necessary to have not just a widely accessible gold standard of security, but also a practical plan for rolling it out and getting others on board with following it. Security Awareness For Dummies gives you the blueprint for implementing this sort of holistic and hyper-secure program in your organization.

Written by one of the world’s most influential security professionals—and an Information Systems Security Association Hall of Famer—this pragmatic and easy-to-follow book provides a framework for creating new and highly effective awareness programs from scratch, as well as steps to take to improve on existing ones. It also covers how to measure and evaluate the success of your program and highlight its value to management.

* Customize and create your own program
* Make employees aware of the importance of security
* Develop metrics for success
* Follow industry-specific sample programs

Cyberattacks aren’t going away anytime soon: get this smart, friendly guide on how to get a workgroup on board with their role in security and save your organization big money in the long run.

Introduction 1

PART 1: GETTING TO KNOW SECURITY AWARENESS 5

Chapter 1: Knowing How Security Awareness Programs Work 7

Chapter 2: Starting On the Right Foot: Avoiding What Doesn’t Work 19

Chapter 3: Applying the Science Behind Human Behavior and Risk Management 33

PART 2: BUILDING A SECURITY AWARENESS PROGRAM 51

Chapter 4: Creating a Security Awareness Strategy 53

Chapter 5: Determining Culture and Business Drivers 61

Chapter 6: Choosing What to Tell The Users 75

Chapter 7: Choosing the Best Tools for the Job 89

Chapter 8: Measuring Performance 107

PART 3: PUTTING YOUR SECURITY AWARENESS PROGRAM INTO ACTION 119

Chapter 9: Assembling Your Security Awareness Program 121

Chapter 10: Running Your Security Awareness Program 143

Chapter 11: Implementing Gamification 165

Chapter 12: Running Phishing Simulation Campaigns 181

PART 4: THE PART OF TENS 207

Chapter 13: Ten Ways to Win Support for Your Awareness Program 209

Chapter 14: Ten Ways to Make Friends and Influence People 215

Chapter 15: Ten Fundamental Awareness Topics 221

Chapter 16: Ten Helpful Security Awareness Resources 227

Appendix: Sample Questionnaire 233

Index 253