Building an Information Security Awareness Program: Defending Against Social Engineering and Technical Threats

Building an Information Security Awareness Program: Defending Against Social Engineering and Technical Threats

Bill Gardner

Language: English

Pages: 214

ISBN: 0124199674

Format: PDF / Kindle (mobi) / ePub

The best defense against the increasing threat of social engineering attacks is Security Awareness Training to warn your organization's staff of the risk and educate them on how to protect your organization's data. Social engineering is not a new tactic, but Building an Security Awareness Program is the first book that shows you how to build a successful security awareness training program from the ground up.

Building an Security Awareness Program provides you with a sound technical basis for developing a new training program. The book also tells you the best ways to garner management support for implementing the program. Author Bill Gardner is one of the founding members of the Security Awareness Training Framework. Here, he walks you through the process of developing an engaging and successful training program for your organization that will help you and your staff defend your systems, networks, mobile devices, and data.

Forewords written by Dave Kennedy and Kevin Mitnick!

  • The most practical guide to setting up a Security Awareness training program in your organization
  • Real world examples show you how cyber criminals commit their crimes, and what you can do to keep you and your data safe
  • Learn how to propose a new program to management, and what the benefits are to staff and your company
  • Find out about various types of training, the best training cycle to use, metrics for success, and methods for building an engaging and successful program

HTML5: The Missing Manual (Missing Manuals)

Photoshop Elements 13 (German Edition)

Model-Based Software Testing and Analysis with C#

Enterprise Integration Patterns: Designing, Building, and Deploying Messaging Solutions

The Tao of Computing












These pieces of personal information also provide an attacker potential attack vectors for infecting the victim's computer, more about that later. To a social engineer, LinkedIn is a shopping list for targets. The granular search options allow for filters such as current employer, previous employer, physical location, industry, and more. Want to know who works in the engineering department of your target company? No problem. With a premium LinkedIn account and a few tailored searches, you can

6 in. Positioning the disguised Proxmark3 within 6 in. of a person's ID card is fairly difficult, even in highly populated areas. To solve this problem, employees at Bishop Fox created a Long-range RFID Stealer [4]. The design utilizes a long-range RFID card reader, as shown in Figure 8.8. Figure 8.8 Commercial long-range RFID reader. The designers modified the device to include stand-alone power, data storage, and display features (Figure 8.9). Figure 8.9 Bishop Fox Long-range RFID Stealer.

Evaluations, such as quizzes, are usually completed after content delivery to assess the employee's understanding and retention of the presented material. In-Person Training In-person training, or instructor-led training, is considered a traditional approach in training techniques. Typically, this includes the use of slideshows that are custom-built for the target audience. However, it does not need to be limited to slideshows alone. Other delivery methods can be used to convey material

Sending the E-mail Tracking Results Post Assessment Follow-up Chapter 12: Bringing It All Together Abstract Create a Security Awareness Website Sample Plans Promoting Your Awareness Program Chapter 13: Measuring Effectiveness Abstract Measuring Effectiveness Measurements vs. Metrics Creating Metrics Additional Measurements Reporting Metrics Chapter 14: Stories from the Front Lines Abstract Phil Grimes Amanda Berlin Jimmy Vo Security Research at Large Information Security

but so often you feel like no one is listening to you so I didn't think much of it. I had to smile when they replied with a “test” saying they'd be happy to get that information to me but they wanted to make sure I was who I said I was so would I please tell them my son's name. I don't have a son, I have a daughter so I smiled and replied to them with the correct information and ALSO corrected another comment they had made about my boyfriend who was overseas at the time as they knew where he was

Download sample