Chapter 5 - 04 - Security Awareness Training PDF

Summary

This document details different methods of employee security awareness training. It explains the importance of training and the various aspects that should be included in these programs. It details how to conduct security awareness training, including different types of training, advantages, and various methods.

Full Transcript

Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 Module Discuss Various Regulatory Frameworks, Laws, and Acts Flow | /@ Understand Information Security “] Governance and Compliance ’ Program Learn to Design and Develop Security Policies ’ A Learn to...

Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 Module Discuss Various Regulatory Frameworks, Laws, and Acts Flow | /@ Understand Information Security “] Governance and Compliance ’ Program Learn to Design and Develop Security Policies ’ A Learn to Conduct Different Types of Security and Awareness Training L All Rights Reserved. Reproduction is Strictly Prohibited Learn to Conduct Different Types of Security and Awareness Training Employee and user training play an important part in the governance of the overall security of an organization. An untrained employee or user can pose a considerable risk to an organization. Hence, it is important to make them aware about security policies and conduct other awareness training programs to maintain organization security. This section explains the importance of conducting security awareness trainings and keys aspects to be covered in different types of training. Module 05 Page 605 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 Employee Awareness and Training O An organization need to provide formal security awareness training for its employees when they join and periodically thereafter, so employees = Know how to defend themselves and the organization against threats = Follow security policies and procedures for working with IT = Know whom to contact if they discover a security threat = (Canidentify the nature of the data based on data classification = Protect physical and informational assets of that organization | o Security awareness website Classroom style training Q Different methods to train employees are: Online training Round table discussions oo Q T e @ F@. Copyright © by EC ¢ Providing hint Providing hints * Making short films * Conducting seminars IL All Rights Reserved. Reproductionis Strictly Prohibited. Employee Awareness and Training Employees are one of the primary assets of an organization and can be part of an organization’s attack surface. The actions of an employee—such as negligence, errors, susceptibility to social engineering, or clicking spam links—can lead to an attack. An employee awareness training initiated during orientation and periodically thereafter can enhance protection. The training is typically related to the knowledge and attitudes of employees tasked with the security of physical and informational assets. Expertise to defend themselves and an organization against threats; Follow security policies and procedures for working with information technology; Know whom to contact if they discover a security threat; Should be able to identify the nature of data based on data classification; Protect the physical and informational assets of an organization when the employees come into contact with them—for example, contacting with secrets, privacy concerns, and classified information; Know how to handle critical information such as review of employee agreements; nondisclosure Know the proper methods for protecting critical information on systems with password policy and the use of two-factor authentication; Know the consequences of failing to secure information, which may result in employment loss; and An organization should provide security awareness training to employees to meet regulatory requirements if they want to comply with a certain regulatory framework. Module 05 Page 606 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 The different methods to train employees include: Classroom style training Online training Round table discussions Security awareness website Providing hints Making short films Conducting seminars Simulation employee training Hands-on training Lectures Coaching/mentoring Case studies Management specific activities Group discussions and activities Module 05 Page 607 Certified Cybersecurity Technician Copyright © by EG-Gouneil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 Employee Awareness : and v Training: Security Policy s > Security policy training teaches employees how el d to peu:form Fheir duties and to comply with the security policy - Organizations should train new employees before granting them access to the network or provide limited access until the completion of their training Advantages ® Effective implementation of a security policy © Policies are followed and not just enforced ® (1) Creates awareness on compliance issues Helps an organization enhance its network security Copyright © byY EC-Council All Rights Reserved. yrig L Reproduction is Strictly Yy Prohibited. Employee Awareness and Training: Security Policy Security policy training teaches employees how to perform their duties and to comply with the security policy. Organizations should train new employees before granting them access to the network or provide limited access until the completion of their training. Security policy training and procedures are required to ensure security and effective network management. = The security policy training program helps employees appropriately recognize and respond to security threats in real time. The training teaches employees understand the importance of data on their devices or systems. Employees adapt themselves to secure computing habits. = The security policy training makes employees aware of new vulnerabilities that can occur if they do not follow the policies. = Security policy training and awareness helps minimize security breaches in organization. Early identification of a breach decreases the cost to an organization. = Security policy awareness among users helps notify them about new security policies through published policy documentation and descriptive security documentation for users, for example. = Employees following the security potential fines or legal actions. = An effective training program will help employees monitor their computing behavior and inform their security concerns to management. The training will enhance the overall compliance with the company’s security policies and procedures. Module 05 Page 608 updates on probable an policy reduce their possibility of being subject to Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Administrative Controls Exam 212-82 Advantages = Effective implementation of a security policy = Policies are followed and not just enforced = (Creates awareness on compliance issues = Helps an organization enhance its network security Module 05 Page 609 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited.

Use Quizgecko on...
Browser
Browser