Section 3 - Security Awareness Work Flashcards
Who can be the recipient of Information Security Awareness Training? (Select All that Apply)
Management
Vendors
End Users
IT Staff
Management
Vendors
End Users
IT Staff
Why is it important to tailor Awareness Training to Specific Audiences (like IT, HR, etc..)?
Executives want to feel special and have their own Awareness Training.
Security Awareness does not work unless it’s tailored.
Different audiences have different risks and need to be educated on their specific risk areas and practices.
It allows GRC Analysts to justify having to spend so much time working on Security Awareness Content.
Different audiences have different risks and need to be educated on their specific risk areas and practices.
Where should a GRC Analyst find ideas for Security Awareness Content?
Current Cybersecurity News and Incidents.
Looking up Controls in NIST SP 800-53 and discussing those.
Illegally execute a Penetration Test on their own Organization and finding out where they were able to break in.
Ask executives what they think the Security Awareness Content should be about.
Current Cybersecurity News and Incidents.
What is the Primary Objective of Security Awareness Training?
To entertain End Users.
To introduce Cybersecurity Staff to the rest of the Org.
To modify user behavior in a manner that improves Cyber hygiene.
To modify user behavior to make threat actors less knowledgeable of how to attack orgs.
To modify user behavior in a manner that improves Cyber hygiene.
What is a traditional method of delivering Cybersecurity Awareness that is limited in its effectiveness?
Annual long form “PowerPoint” training to End Users.
Openly sharing at all hands meetings, the most recent Cyber incidents at the business.
Linking to a Cybersecurity documentary for End Users to consume off hours.
Sending end users to offsite weeklong training to become Cybersecurity Professionals.
Annual long form “PowerPoint” training to End Users.
What Free Tool allows you to RECORD yourself and your Screen to Make Content? (Select All that Apply)
Canva
Loom
OBS
Excel
Loom
OBS
Why is it important to have Short, Frequent Security Awareness Content?
It’s easier to make for the GRC Analyst
Recipients of Awareness will only retain a Few Key points from Training.
It helps save file size by having smaller Video and Audio Files.
Regulations require Shorter Awareness Content in Compliant Orgs.
Recipients of Awareness will only retain a Few Key points from Training.
What is a useful technique for having your Awareness Messaging resonate with End Users?
Threaten their Job if they do not understand it.
User bright, loud colors and flashing to make the content more entertaining.
Making content between 30 and 45 minutes.
Personalize the Lesson.
Personalize the Lesson.
What FREE Website can a GRC Analyst use to get Free Photography to use in Security Awareness Content?
nist. gov
simplycyber. io
pexels. com
loom. com
pexels.com
What is an effective method for communicating developed Security Awareness content to a User Population?
Stand outside the front of the office and shout at employees as they come to work.
Hack into Employees emails and send Security Awareness content to the users from their own inbox.
Send a Long form email outlining why you are doing Security Awareness, the Impact on the Org, and the Actual Content of your Messaging.
Send a Short Email to the target audience with 1 or 2 sentences teasing the awareness messaging and invite them to click the video to learn more.
Send a Short Email to the target audience with 1 or 2 sentences teasing the awareness messaging and invite them to click the video to learn more.
When creating Security Awareness Content - Who could be your Target Audience?
Executives IT HR Finance R&D Vendors ...just about anyone that interacts with your Business.
Things to remember about your Target Audience when creating Tailored Content for them?
They may not be Technical
They may not be Interested in Security like you are.
Word Choice Matters
Personalize It.
Be mindful of the Length and Time to get through the Content.
FREE Tools of the Trade?
Canva - For creating Images/Editing Images – https://www.canva.com
Loom - For Recording Audio/Video – https://www.loom.com
Pexels - Collection of Business Related Photos, great for Thumbnails and Presentations – https://www.pexels.com
OBS - For Desktop Video Recording
Streamlabs - Another option for Desktop Video Recording
Use Current Cybersecurity News/Stories to get Inspired
CISOSeries.com
https://threatpost.com