Tools of Defense #1 Flashcards
Firewall
Hardware or software designed to block unauthorized network access while permitting authorized communications.
Cloud Computing
Cloud vs. On-Prem
The practice of using remote servers on the Internet to store, manage, and process data, rather than a local server or a personal computer.
Cloud servers get all the latest software and security updates, making them less vulnerable to attack.
Example: The use of Google Apps (Gmail, docs, calendar, etc.)
Security Awareness Training (SAT)
Any training that raises the awareness of a user to potential threats, and how to avoid them.
The goal of SAT is to get users to make smarter security decisions and help their organization manage the ongoing problem of social engineering.
The user is the last line of defense in an attack by the bad guys!
Kevin Mitnick
Kevin Mitnick:
In the mid-nineties, he was known as the “World’s Most Wanted Hacker.” Today, Kevin’s positioned as “The World’s Most Famous Hacker.” Kevin is a very successful Fortune 500 security consultant, part owner and the Chief Hacking Officer of KnowBe4.
Based on his 30+ years of first-hand experience with hacking and social engineering, KnowBe4 created KMSAT, which stands for “Kevin Mitnick Security Awareness Training.”
Kevin’s main contribution to KnowBe4 is his experience!
Learning Management System (LMS)
A system for the administration, documentation, tracking, reporting, and delivery of e-learning education courses or training programs.
KMSAT (Kevin Mitnick Security Awareness Training) uses an LMS. Note: You are using an LMS right now while doing this course!
It’s called Bridge.
Return on Investment (ROI)
Measures the amount of return on an investment relative to the investors cost.
In IT security, ROl is measured as “reduction in risk.” not as a concrete financial gain.
Without proper security awareness training, a company can ex a loss of reputation, productivity, and revenue.
Sharable Content Object Reference Model (SCORM)
A technical standard that governs how online learning content and Learning Management Systems communicate with each other.
Note: Our customer access our security awareness training modules through an LMS.
Those modules all follow the SCORM standard.
The Six (6) Steps to Successful Security Awareness Training (SAT)
Step 1: Have a security policy and have each employee read and sign it
Step 2: Have all employees take mandatory SAT (online), with clear deadline and reasons why they’re taking the training.
Step 3: Make SAT part of the onboarding process
Step 4: Regularly test employees to reinforce the SAT’s application
Step 5: Have employees who fail phishing tests meet privately with a supervisor or HR. Reward employees with low failure rates.
Step 6: Send regular security hints and tips via email to all employees
7 reasons why am organization would outsource security awareness training (SAT):
- Reduce costs
- Access to talent
- Geographic reach & scalability
- Compliance
- Mitigate risk
- Business focus
- Leverage the cost of technology