Cyber Security Awareness | My Assignment Tutor

Griffith University指导老师 Hui TianMod 4-2Cyber Security Awareness ImprovementSocial Engineering and Security Awareness– Learn how to measure cyber awareness– Identify key things in a well-designed cybersecurity awareness training program– Develop a cyber awareness measurement questionnaire / an AUP with BYOD and WFH in considerationObjectivesCase Study Part 2:As a security officer, you need to make a “cyber security awareness improvement plan”for “The Good Guys”. A well-designed questionnaire for measuring cyber securityawareness and a well-designed AUP are all key components in improving cybersecurity awareness efficiently and contributes to a safe cyber environment in yourcompany with the best effort from everyone.– Use a well-designed questionnaire to measure a person’s security awareness– Force Acceptable Usage Policies (AUPs)– Google “phishing” images and use in training– Some companies move away from email, use groupware like Microsoft SharePoint– Use email proxies to stop phishing attacks before reaching endpoints– Design secure systems asking for identification and authorization– Policy state: employees do not confront suspects, but escalate suspicious people to security guardSecurity Awareness ImprovementDon’t just train, create a security awareness culture changeSocial Engineering and Security Awareness• An empirically validated survey instrument to assess the information securityawareness (ISA) of employees• Establishes areas where training and ISA programs need improvementHuman Aspects of Cybersecurity Questionnaire – Design Paradigmhttp://www.sciencedirect.com/science/article/pii/S01674048173000811. Pwd management2. Email use3. Internet use4. Social media use5. Mobile devices6. Information handling7. Incident reportingAIM: Develop an Adaptive Control Framework (ACF) to provide effective methods to communicate,educate and positively influence employees to improve their security awareness & behavior.Social Engineering and Security Awareness• What is it?• How to “measure” it?Information Security (InfoSec) AwarenessWhat a computer user knows about behaving safely whenusing a computer (Knowledge)What a computer user thinks about having to behaveAppropriately (Attitude)What a computer user says they do (Behaviour)Social Engineering and Security Awareness• What is it?• How to “measure” it?Information Security AwarenessSocial Engineering and Security Awareness• Designed for relevant people in your org• Cover all 7 domains as HAIS-Q-paper• Measure from aspects of knowledge,attitude and behavior• Come with a scoring standard and thedescription about the scoring rangeHAIS-Q Behaviours (Good, Bad, Neutral)• Use same password for everything• Click on links in dodgy emails• Leave a work computer unattended• Post sensitive info. on social media websites• Not consider the negative consequence when posting on a social network site• Sending work email using secure networks only• Work on a mobile device using public Wi-Fi• Insert foreign USB into work computer• Do not report security incidents at work• ……Information Security AwarenessSocial Engineering and Security AwarenessReport requirement for Case Study• 1. Title (followed by your name and student ID)• 2. Executive Summary• 3.1 Case description• 3.2 Security Operations (Choose two out of 3 topics)– Part 1: Privacy Impact Assessment– Part 2: Design a questionnaire (2905ICT) / Design an AUP policy (7905ICT)– Part 3: Risk Management and Governance• 4. Conclusion and ReflectionSocial Engineering and Security Awareness• AUP template 1-Acme.pdf at course site• https://www.sciencedirect.com/science/article/pii/S0167404817300081Resources