Building an information security awareness program : defending against social engineering and technical threats / Bill Gardner, Valerie Thomas.

Format:

Book

Author/Creator:

Gardner, Bill, author.

Thomas, Valérie, author.

Language:

English

Subjects (All):

Information storage and retrieval systems--Security measures.

Information storage and retrieval systems.

Occupational training.

Online social networks--Security measures.

Online social networks.

Safety education.

Situational awareness.

Physical Description:

1 online resource (215 p.)

Edition:

1st ed.

Place of Publication:

Waltham, Massachusetts : Elsevier, 2014.

Language Note:

English

System Details:

text file

Summary:

The best defense against the increasing threat of social engineering attacks is Security Awareness Training to warn your organization''s staff of the risk and educate them on how to protect your organization''s data. Social engineering is not a new tactic, but Building an Security Awareness Program is the first book that shows you how to build a successful security awareness training program from the ground up. Building an Security Awareness Program provides you with a sound technical basis for developing a new training program. The book also tells you the best ways to garner management sup

Contents:

Front Cover; Building an Information Security Awareness Program: Defending Against Social Engineeringand Technical Threats; Copyright ; Dedications ; Contents ; Forewords ; Preface ; About the Authors ; Acknowledgments ; Chapter 1: What Is a Security Awareness Program? ; Introduction ; Policy Development ; Policy Enforcement ; Cost Savings ; Production Increases ; Management Buy-In ; Notes ; Chapter 2: Threat ; The Motivations of Online Attackers ; Money ; Industrial Espionage/Trade Secrets ; Hacktivism ; Cyber War ; Bragging Rights ; Notes ; Chapter 3: Cost of a Data Breach

Ponemon Institute HIPAA; The Payment Card Industry Data Security Standard (PCI DSS) ; State Breach Notification Laws ; Notes ; Chapter 4: Most Attacks Are Targeted ; Targeted Attacks ; Recent Targeted Attacks ; Targeted Attacks Against Law Firms ; Operation Shady Rat ; Operation Aurora ; Night Dragon ; Watering Hole Attacks ; Common Attack Vectors: Common Results ; Notes ; Chapter 5: Who Is Responsible for Security? ; Information Technology (IT) Staff ; The Security Team ; The Receptionist ; The CEO; Accounting ; The Mailroom/Copy Center ; The Runner/Courier

Everyone Is Responsible for Security Notes ; Chapter 6: Why Current Programs Don''t Work ; The Lecture Is Dead as a Teaching Tool ; The Seven Learning Styles ; Notes ; Chapter 7: Social Engineering; What Is Social Engineering? ; Who Are Social Engineers? ; Why Does It Work? ; How Does It Work? ; Information Gathering ; The Company Website ; Social Media ; Search Engines ; The Dumpster ; The Popular Lunch Spot ; Attack Planning and Execution ; Jerry the Attacker ; The Spear Phishing E-mail ; Hello, Help Desk? ; The Social Engineering Defensive Framework (SEDF) ; Determine Exposure

Evaluate Defenses Employees ; Defenders ; Educate Employees ; Streamline Existing Technology and Policy ; Planning a Tabletop Exercise ; The Design Phase ; The Execution Phase ; The After-action Phase ; Preventative Tips ; Putting It All Together ; Where can I Learn More About Social Engineering? ; Notes ; Chapter 8: Physical Security; What Is Physical Security? ; Outer Perimeter Security ; Inner Perimeter Security ; Interior Security ; Physical Security Layers ; Deterrence ; Control ; Detection ; Identification ; Threats to Physical Security

Why Physical Security Is Important to an Awareness Program How Physical Attacks Work ; Reconnaissance ; Off-site Reconnaissance ; Maps ; The Company Website ; Additional Sources ; On-Site Reconnaissance ; Surveillance ; Real Estate Meeting ; RFID Credential Stealing ; Attack Planning ; Attack Execution ; Minimizing the Risk of Physical Attacks ; Preparing for a Physical Assessment ; Set an Objective ; Declare Off-Limits Areas ; Schedule ; Authorization Letter ; Can''t Afford a Physical Security Assessment? ; Notes ; Chapter 9: Types of Training ; Training Types ; Formal Training

In-Person Training

Notes:

Includes index.

Includes bibliographical references and index.

Description based on online resource; title from PDF title page (ebrary, viewed August 27, 2014).

ISBN:

9780124199811

012419981X

OCLC:

890704238