Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben

2017 | Buch

Challenges Faced by Organizations Kapitel lesen Erstes Kapitel lesen

Advanced Persistent Training

Take Your Security Awareness Program to the Next Level

verfasst von: Jordan Schroeder

Verlag: Apress

Enthalten in: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Einloggen, um Zugang zu erhalten
insite
SUCHEN

Über dieses Buch

Gain greater compliance with corporate training by addressing the heart of the very awareness vs. compliance problem: people are human. People have incredible strengths and incredible weaknesses, and as a Information Security professional, you need to recognize and devise training strategies that take advantage of both. This concise book introduces two such strategies, which combined, can take a security awareness program to the next level of effectiveness, retention, compliance, and maturity.
Security policies and procedures are often times inconvenient, technically complex, and hard to understand. Advanced Persistent Training provides numerous tips from a wide range of disciplines to handle these especially difficult situations.

Many information security professionals are required by regulation or policy to provide security awareness training within the companies they work for, but many believe that the resulting low compliance with training does not outweigh the costs of delivering that training. There are also many who believe that this training is crucial, if only it could be more effective.
What you will learn:Present awareness materials all year-round in a way that people will really listen.
Implement a "behavior-first" approach to teaching security awareness.
Adopt to gamification the right way, even for people who hate games.
Use tips from security awareness leaders addressing the same problems you face.

Who is this book for
Security awareness professionals or IT Security professionals who are tasked with teaching security awareness within their organization.

Inhaltsverzeichnis

Frontmatter
Chapter 1. Challenges Faced by Organizations
Abstract
Security awareness programs are wonderful: managers wonder why users fail password audits, awareness trainers wonder why they have to constantly remind people not to reuse their passwords for different accounts, and users wonder why they have to sit through yet another presentation telling them to craft unique passwords for each account. The information in a typical security awareness program is often well-known, yet organizations still have to deal with the very real risks that result from people not following or understanding the awareness material.
Jordan Schroeder
Chapter 2. Active Feedback
Abstract
There are popular information security catchphrases that attempt to make a comparison between patching systems and patching people (or even patching stupidity). While it is certainly possible to implement strategies, systems, and techniques that can result in sudden changes to people’s habits, it is tempting to take the concept too far and see people as systems that can be “fixed” once and for all. But, people do not work that way. Patching software rewrites the underlying code of a system so that the system consistently behaves in a certain way. Getting people to want to change their habits, on the other hand, is a subtle process that works over time, and it is not an exact science.
Jordan Schroeder
Chapter 3. Behavioral Modification
Abstract
Just like gamification, the term behavioral modification can get negative reactions. It can be associated with animal training, and it can be associated with B. F. Skinner (the father of behaviorism), who has the unfortunate and unfounded reputation for having raised his daughter in a so-called Skinner box to perform conditioning experiments. This is entirely untrue, but the urban legend remains. It is also difficult to use the term behavioral modification with the people you want to train. Phrases using some variation of “change your behavior” have connotations related to parenting, so it is usually best to avoid those phrases altogether. Something like “changing your habits” is a much easier phrase to use, with fewer negative connotations. However, in this chapter, I will use the term behavior so that the wording aligns with the various sources being cited.
Jordan Schroeder
Chapter 4. Persistent Training
Abstract
Persistent training is a process where you train and test users with an ongoing process of simulations and supplemental training material. Simulated phishing, social engineering tests, and requests made through the ticketing system to do something against policy are all forms of tests that can be used for the purposes of persistent training. The goal, of course, is not to see whether users will fail the test but rather to present an opportunity to exercise the users’ training and to follow up with supplemental training if users fail.
Jordan Schroeder
Chapter 5. Metrics and Measures
Abstract
Every security initiative, including awareness programs, should be collecting metrics so that the effect of the program can be understood and the impacts of changes to the program can be tracked. Unlike measuring technical controls, measuring the effects of a security awareness program can be tricky, and as a result, few trainers track the long-term effectiveness of their awareness programs (Ponemon-SATrends-2014). According to a 2014 Ponemon study, the most common methods organizations use to track training impact is to measure the user’s knowledge right after training or to run user satisfaction surveys. While these metrics can be useful and easy to collect and measure over time, there are many other metrics that could also be considered. Unfortunately, not all metrics can be objectively measured, and the leaders of each organization need to determine which metrics will be informative for them in their unique situation. This makes defining and collecting metrics a mix of art and science. Despite the subjective nature of the problem, there are methods of gathering useful metrics that your organization can use to track the ongoing effectiveness of your security awareness program.
Jordan Schroeder
Chapter 6. Pro Tips
Abstract
The workforce demographics in the West are rapidly changing, and those changes will impact how security personnel and awareness trainers need to communicate with users.
Jordan Schroeder
Chapter 7. Security Culture
Abstract
Up to this point, we have been looking at the best ways to support individuals in learning how to secure themselves and their organizations using proven education techniques applied at scale. But how does a security awareness professional tackle the challenge of changing how the organization values security awareness? What happens when the organization is happy to learn and do what you teach them, but only at a bare minimum? How do you get the people in your organization to actually care about security?
Jordan Schroeder
Chapter 8. Take Your Program to the Next Level
Abstract
Security awareness programs can be wonderfully challenging, but the benefits of a truly effective awareness program are worth every bit of effort. Security awareness programs do not need to be 100 percent effective, and they never will be, because each incident involves a fallible human making a choice in the moment. Our jobs as trainers are to equip each person for that moment of decision and to support them afterward, regardless of the outcome. Doing this, we can reach new levels of effectiveness, retention, compliance, and maturity for our security awareness programs.
Jordan Schroeder
Backmatter
Metadaten
Titel
Advanced Persistent Training
verfasst von
Jordan Schroeder
Copyright-Jahr
2017
Verlag
Apress
Electronic ISBN
978-1-4842-2835-7
Print ISBN
978-1-4842-2834-0
DOI
https://doi.org/10.1007/978-1-4842-2835-7