IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [awareness]

26 questions
69
votes
7 answers

Which topics should a security training for non-IT persons contain?

(I am not sure, if this question fits the security.stackexchange-board, but the list of askable topics does not exclude this question imho and there are some examples) I've worked for several different companies of which some had outsourced their…
hamena314
  • 2,007
  • 1
  • 15
  • 23
22
votes
3 answers

Should corporate security training be tailored based on a users' job role?

I work in the Information Security team at my workplace. We work in the insurance and healthcare industry and work frequently with customer credit card, financial, and private health data. Today I was meeting with security management to plan for…
Anthony
  • 1,736
  • 1
  • 12
  • 22
16
votes
8 answers

How to make people report incidents?

I would like to know how you make employees report incidents. Incident reports are a key element of an ISMS. No reports = No discovery of the incident = High chance things go out of control. We have a kind of game: people can give red cards to each…
johan vd Pluijm
  • 211
  • 2
  • 10
13
votes
5 answers

End user security awareness measurement

Apart from the conventional email phishing tests, what other security Key Performance Indicators can be used to measure end user security awareness in an Organization? Looking at the SANS critical security control #9: 9.4 Validate and improve…
AdnanG
  • 707
  • 2
  • 8
  • 18
11
votes
4 answers

How can I convince my communication partner to use encryption in everyday life?

The latest developments made it very clear, how easily basically all communication channels can be wiretapped. However, I think most people still ignore this fact. Especially in business most confidential information is still sent totally…
n1000
  • 219
  • 1
  • 3
7
votes
4 answers

Why should small and medium-sized businesses care about security?

Pretext I'm not a security expert, just a web dev with an interest in "security". I've been tasked by my employer with giving an internal talk on security (specifically web application security) and why it is important for SMBs. Reflecting on my…
jgxvx
  • 307
  • 1
  • 6
6
votes
2 answers

How to explain importance of security & privacy to a layman?

Often I come across people who don't understand the importance of security or privacy. They are careless and many times they will quote some nonsense, like: 'I have nothing to hide...' etc. What is the best approach of explaining to them, why is…
Mirsad
  • 10,005
  • 8
  • 33
  • 53
6
votes
1 answer

Is online security training effective?

I'm looking at an organization that requires that all employees undergo an annual one-hour online cybersecurity training (watch a video and take a quiz, apparently built using SANS's end-user security awareness training). Is there any evidence on…
D.W.
  • 98,420
  • 30
  • 267
  • 572
6
votes
1 answer

UK or EU regulations that require Security Awareness Training

I was completing a survey of the various regulations and standards that require Privacy or Security Awareness training, and have compiled the following list from various sources: FEDERAL LAWS AND REGULATIONS HIPAA GLBA FISMA FTC Red Flags…
schroeder
  • 123,438
  • 55
  • 284
  • 319
5
votes
3 answers

What are good proof-of-concept implementations for general security awareness training?

I will be giving a presentation on "cyber security" to a school class of 16 year olds and want to show them how network security works, how important privacy is (and why it matters) and how to protect oneself online. Apart from (static) general…
John D
  • 51
  • 1
5
votes
3 answers

Ideas to build security awareness

It has been claimed that "the weakest factor in security is the humans". Unfortunately this is a weak link we cannot cut away so we have to deal with it. I need ideas to help build inherently security awareness in an organization. I had a few ideas…
Chris Dale
  • 16,119
  • 10
  • 56
  • 97
5
votes
1 answer

Is it wise to show the "e-mail has been scanned by XYZ antivirus" in e-mails footer?

It is a common practice to append the "antivirus footers" to emails, e.g.: Scanned by ClamAV or This email has been scanned by the XYZ Email Security service There is many opinions about it, some say that it allows potential attacker to choose…
boleslaw.smialy
  • 1,627
  • 2
  • 15
  • 25
4
votes
2 answers

How concerned should we be about RFID skimming?

I've heard/read several pentesting stories where the pentesters clone RFID badges. I've also seen some articles saying RFID skimming is a negligibly small problem. The RFID skimming I'm talking about is where someone walks up to you to skim your…
ChocolateOverflow
  • 3,452
  • 4
  • 17
  • 34
3
votes
1 answer

Best way to prevent phishing by turning off HTML links

phishing attacks are very common nowadays. Innocent victims click on suspicious links in emails and get infected. I know that to prevent phishing, one of the ways is to educate users on the proper usage of emails and preventive measures. However, my…
Pang Ser Lark
  • 1,929
  • 2
  • 16
  • 26
2
votes
3 answers

Security coding training best approach

To train the development team, there are various options one can take: inhouse presentation with code samples, CBTs so developers do it at their best time, instructor-led courses onsite or inhouse (expensive), using knowledge bases like…
Goli E
  • 895
  • 1
  • 11
  • 20
1
2