Security Awareness

• Security Awareness
  • Insider Threat
  • Password Management
  • Policies and Handbooks
  • Work Environments
  • Culture of Security
  • Organizational Change Management
• Security Awareness versus Security Training
• Security Awareness Training
• Incident Response Exercises
  • Walk-Through Exercise
  • Tabletop Exercise
  • Penetration Testing Exercise
  • Simulation Exercise
  • Checklists in Incident Response

Security Awareness

Security Awareness refers to the knowledge and understanding of potential threats. The primary goal is to equip individuals with skills to recognize security threats.

• Situational Awareness
  • Being mindful of surroundings, tasks, and potential consequences of one’s actions.
• Understand common threats
  • Awareness of various cybersecurity threats such as phishing, malware, and social engineering.
  • Understanding the methods used by attackers to exploit vulnerabilities.
• Recognize potential risks
  • Identify suspicious activities or behaviors that may indicate a security threat.
  • Awareness of red flags and warning signs of potential security breaches.
• Employ best practices
  • Adherence to cybersecurity best practices.
  • Implementation of security measures to protect sensitive information and systems.

Insider Threat

Awareness of the risk posed by individuals within an organization who may intentionally or unintentionally compromise security. Factors can include:

• Personal issues
• Financial struggles
• Dissatisfaction with the job

Investigating suspected individuals:

• Check for any risky behavior
• Mental turmoil can lead to impaired judgement
• Any illicit activities like theft or selling secrets

Incongruences

• When a person’s lifestyle doesn’t fit his profile.
• Example: Person’s annual income is $80K, but owns multiple luxury cars.
• Important to not jump into conclusions, rather investigate discreetly.

Financial Pressures

• Financial pressures make individuals susceptible to bribery.
• Organization should provide financial counseling.

Password Management

Best practices for creating strong, unique passwords and securely managing credentials.

• Using password managers to store user credentials on their computers.
• Passwords built into web browsers may not be entirely secured.
• Another option third-party tools like Bitwarden, LastPass, etc.

Policies and Handbooks

Understanding and adherence to organizational policies and procedures related to cybersecurity.

• Policy
  • Systems of rules that ensures compliance with organizational standards.
  • Guides the decisions and actions of people within the organization.

• Handbooks

  • Comprehensive guide providing guidance on security practices and protocols.
  • Cover broader areas, compared to policies which are specific.

Work Environments

Considerations for different work environments, including remote and hybrid setups.

• Remote Work
  • Security measures and protocols for remote work settings.
  • Awareness of unique security challenges associated with remote work.
• Hybrid Work
  • Security considerations for environments that combine remote and in-person work.

Culture of Security

Fostering a culture within the organization that prioritizes security and promotes awareness among employees.

• Each person is a gatekeeper of the organization’s data.
• Educating personnel is the number one priority.
• Encourage employees to report suspicious activities.

Organizational Change Management

Organizational Change Management or OCM refers to the structured approach used to manage the people side of change within an organization. OCM is essential for successful change initiatives, as it helps mitigate resistance, minimize disruptions, and maximize the benefits of the change for the organization and its employees.

Key components:

• Stakeholder Engagement

  • Communicating with stakeholders at all levels of the organization.
  • Build support for the change and address concerns.

• Change Impact Assessment

  • Assessing how the change will affect different parts of the organization.
  • Including processes, roles, and individuals.

• Communication and Training

  • Developing tailored communication plans and training programs.
  • Ensure employees understand the change and have the necessary skills to adapt.

• Change Readiness

  • Assessing the organization’s readiness for change.
  • Implementing strategies to address resistance or barriers to adoption.

• Sustainment and Reinforcement

  • Establishing mechanisms to sustain the change over time.
  • Reinforce new behaviors and ways of working.

Security Awareness versus Security Training

• Security Awareness

  • Activities aim to capture the attention of individuals in an organization.
  • Makes them conscious of security issues or concerns.

• Security training is

  • Designed to build proficiency in a set of skills or actions in security subjects.
  • It helps employees develop the skills and abilities to protect the organization from threats

Security Awareness Training

Security Awareness Training communicates expectations, responsibilities, and identifies potential risks to align information security goals with the organization’s mission and vision.

• Education
  • The objective is to enhance learners’ comprehension of concepts and their application to real-world scenarios.
• Training
  • Aims at developing proficiency in specific skills, encompassing decision-making capabilities on when and how to apply these skills, ranging from low-level to complex tasks.
• Awareness
  • Engages learners by introducing them to aspects of an issue, concern, problem, or need to capture their attention.

Incident Response Exercises

To learn more about Incident Response, please see Incident Response Plan.

Walk-Through Exercise

• Reviews each step of an incident to ensure team members know what to do.
• Confirms clarity on actions and procedures.

Tabletop Exercise

• Presenting a scenario, prompting team members to discuss and plan their responses.
• Focuses on response strategies and relevant tasks.
• Least impact on system operations - does not involve actual disruption or cost-effective.

Penetration Testing Exercise

• Actually getting people on the network.
• Simulate network intrusion based on threat scenarios.
• There’s a specific goal in mind.
• Agree on methodology and rules of engagement before performing pentests.
• To learn more, please see Penetration Testing.

Simulation Exercise

• Recreates an actual incident to thoroughly test response capabilities.
• Provides a realistic scenario to assess practical incident handling.
• Sample scenarios:
  • Phishing or ransomware
  • Multi-stage attacks
  • data breaches

Checklists in Incident Response

• Essential tools for guiding and ensuring thorough incident response.
• Not a specific exercise type but a crucial component in the response process.