Scribd Logo
Upload

Welcome to Scribd!

  • 6 views

    Dsa 102 Lesson 1

    Uploaded by

    shadowlord468

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd

    Dsa 102 Lesson 1

    Uploaded by

    shadowlord468
    6 views16 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    6 views16 pages

    Dsa 102 Lesson 1

    Uploaded by

    shadowlord468

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Download as pptx, pdf, or txt
    You are on page 1of 16

    SECURITY AWARENESS

    DSA 102
    LESSON 1
    INTRODUCTION TO SECURITY
    AWARENESS
    Prepared by:
    Prof. Rey-an V. Baricanosa, MSIT
    Lesson Objectives

    At the end of this lesson, you will be able to:

    1. To understand the importance of security awareness

    2. Understanding the security awareness practices

    3. Knowing the vital role of security awareness in every organizations


    SECURITY AWARENESS

    Security awareness is the knowledge and attitude members of an


    organization possess regarding the protection of the physical, and
    especially informational, assets of that organization.

    We live in a digital world, where an increasing amount of our day-


    to-day activities have migrated online. We work, communicate, conduct
    commerce, and interact online, and our reliance on cyber security has
    increased accordingly.
    SECURITY AWARENESS

    Cyber-criminals can effortlessly wreak havoc on our lives and


    businesses. Our increased use of the internet and mobile usage gives
    them even more opportunities to exploit our vulnerabilities. In the
    commercial sector alone, a successful cyber-attack can bring a company
    to its knees, causing damage that, in some cases, cannot be recovered.
    SECURITY AWARENESS

    The cost of cyber-crime averaged $11.7 million in 2017 and $13


    million in 2018, a rise of 12-percent, and an increase of 72-percent over
    the past five years, according to Accenture’s Ninth Annual Cost of
    Cybercrime Study.

    Fortunately, there are processes an organization can initiate to help


    mitigate the effects of cyber-crime, beginning with the essential first step
    of raising cyber security awareness.
    What Is Cyber Security Awareness?

    Human beings are still the weakest link in any organization’s


    digital security system. People make mistakes, forget things, or fall for
    fraudulent practices. That’s where cyber security awareness comes in.
    This involves the process of educating employees on the different cyber
    security risks and threats out there, as well as potential weak spots.
    Employees must learn the best practices and procedures for keeping
    networks and data secure and the consequences of not doing so. These
    consequences may include losing one’s job, criminal penalties, or even
    irreparable harm to the company.
    What Is Cyber Security Awareness?

    By making employees aware of the scope of the threats and what’s at


    stake if security fails, cyber security specialists can shore up this
    potential vulnerability.
    What Are the Benefits of Cyber Security
    Awareness Training?
    First and foremost, a staff well-trained in cyber security poses less of a
    risk to the overall security of an organization’s digital network.

    Fewer risks mean fewer financial losses due to cyber-crime. Therefore, a


    company that allocates funds for cyber security awareness training for
    employees should experience a return on that investment. Furthermore,
    if all employees get training in cyber security practices, there will be less
    likelihood of lapses in protection should someone leave the company. In
    other words, you’ll reduce the chances that a security breach occurs
    because a critical employee wasn’t at work that day.
    What Are the Benefits of Cyber Security
    Awareness Training?

    Finally, a company with security-aware personnel will have a better


    reputation with consumers, since most are reluctant to do business with
    an untrustworthy organization. A business that is repeatedly subject to
    security breaches will lose customers as a result of negative publicity,
    regardless of the actual impact of any particular breach.

    To create this enhanced level of security, people need to be informed of


    best practices.
    What Are Security Awareness Best Practices?

    If you read enough business-oriented articles, you’ll eventually come


    across the phrase “best practices.” It’s a nice bit of jargon, but what
    exactly does it mean? In generic terms, “best practices” is defined as
    procedures shown by experience and research to produce optimal
    results. These procedures get accepted as a standard for widespread
    adoption.
    Much of cyber security can be broken down into seven main topics:
    1. Data breaches
    2. Secure passwords
    3. Malware
    4. Privacy
    5. Safe computing
    6. Mobile protection
    7. Online scams
    The most commonly referenced security awareness best practices
    include:
    • Getting into compliance - Different cities, states, and nations have
    different rules and regulations to follow. Everyone must become
    aware of these rules because ignorance of the law is not an adequate
    defense.
    • Including everyone, even managers - It’s all or nothing. Anyone not
    participating in the new security measures constitutes a possible
    weak link. If everyone isn’t fully engaged, it’s all for nothing. This
    particular practice also assumes that all departments (e.g., HR, Legal,
    Security) must buy-in and help make it a reality
    • Establishing the basics, which include:
     Anti-phishing tactics - Employees need to be suspicious of emails
    from unrecognizable sources. Phishing scams use emails to gain
    access to systems and wreak havoc. Employees must be educated on
    things like suspicious links, attachments, and untrustworthy sources.
     Password security - There’s no excuse for having the word
    “password” as your password. They should be at least eight
    characters long, with both upper and lower case letters, numbers,
    and a minimum of one unique character. Avoid mistakes such as
    writing the password on a post-it note and attaching it to your
    computer.
     Physical security - This includes everything from physical access to
    your company’s IT department to keeping your company-issued
    mobile devices and laptops locked and within sight at all times.

     Social engineering - It’s crucial to raise everyone’s awareness of


    hazards, such as attempts

    • Clearly communicating your security awareness program - This practice


    is especially important for middle and upper management. The higher-
    ups need to be kept in the loop, apprised of the current progress, and, in
    rare instances, report if any individual or department isn’t compliant.
    • Making the training engaging and even entertaining - Company
    meetings and seminars are often dull affairs that everyone does their
    best to avoid. Keep people engaged by showing a humorous (yet topical)
    video or sharing odd and quirky security-related anecdotes. Just don’t
    overdo it.

    • Reinforcing important messages with reviews and repetition - People


    often make the mistake of thinking that if they do something once, they
    don’t have to do it again. Cyber security is an ongoing thing and should
    include occasional tests and checks, scheduled at regular intervals
    throughout the year.
    • Creating an environment of reinforcement and motivation - Promote
    constant vigilance and learning by creating a security culture that runs
    through every organizational level, down the entire chain of command.
    While it’s not necessary to continually harp on the subject with
    employees and end-users, cyber security should be a very relevant,
    everyday topic

    You might also like