Internet Security Awareness Training
Encyclopedia
Internet Security Awareness Training (ISAT) consists of the training of members of an organization regarding the protection of various information assets of that organization. Organizations that need to comply with government regulations (i.e. GLBA, PCI, HIPAA, SarBox) normally require formal ISAT for all employees, usually once or twice a year. Many Small and Medium Enterprises (SME's) do not require ISAT for regulatory compliance, but train their employees to prevent
a cyberheist
. Internet Security Awareness Training at this point in time is usually provided via online courses. ISAT is a subset of general security awareness
Training.
Topics covered in ISAT include:
Being Internet Security Aware means you understand that there are people actively trying to steal data that is stored within an organization's computers. (This often focuses on user names and passwords, so that criminal elements can ultimately get access to bank accounts.) That is why it is important to protect the assets of the organization and stop that from happening.
According to Microsoft,
The focus of ISAT is to achieve an immediate and lasting change in the attitude of employees towards Internet Security, but making it clear that security policies are vital for the survival of the organization, and not as rules that restrict the employee being efficient at work.
a cyberheist
Cyberheist
Cyberheist are the attacks by cyber criminals, which are rapidly getting more sophisticated. These attacks are now breaching across the employees of enterprises. They bypass the antivirus security software and social engineer employees to click on something...
. Internet Security Awareness Training at this point in time is usually provided via online courses. ISAT is a subset of general security awareness
Security awareness
Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical and, especially, information assets of that organization...
Training.
Topics covered in ISAT include:
- Appropriate methods for protecting sensitive information on personal computerComputerA computer is a programmable machine designed to sequentially and automatically carry out a sequence of arithmetic or logical operations. The particular sequence of operations can be changed readily, allowing the computer to solve more than one kind of problem...
systems, including password policyPassword policyA password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. A password policy is often part of an organization's official regulations and may be taught as part of security awareness training... - Various computer security concerns, including spamSpamSpam may refer to:* Spam , a canned pork meat product* Spam , unsolicited or undesired electronic messages* E-mail spam, unsolicited or undesired email messages* "Spam" , a comedy sketch...
, malwareMalwareMalware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
, phishingPhishingPhishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
, social engineeringSocial engineering (security)Social engineering is commonly understood to mean the art of manipulating people into performing actions or divulging confidential information...
, etc. - Consequences of failure to properly protect information, including potential job loss, economic consequences to the firm, damage to individuals whose private records are divulged, and possible civil and criminal law penalties.
Being Internet Security Aware means you understand that there are people actively trying to steal data that is stored within an organization's computers. (This often focuses on user names and passwords, so that criminal elements can ultimately get access to bank accounts.) That is why it is important to protect the assets of the organization and stop that from happening.
According to Microsoft,
- End User Internet Security Awareness Training resides in the Policies, Procedures, and Awareness layer of the Defense in Depth security model.
- User security awareness can affect every aspect of an organization’s security profile.
- End User Security awareness is a significant part of a comprehensive security profile because many attack types rely on human intervention (Social Engineering) to succeed.
The focus of ISAT is to achieve an immediate and lasting change in the attitude of employees towards Internet Security, but making it clear that security policies are vital for the survival of the organization, and not as rules that restrict the employee being efficient at work.
See also
- Access controlAccess controlAccess control refers to exerting control over who can interact with a resource. Often but not always, this involves an authority, who does the controlling. The resource can be a given building, group of buildings, or computer-based information system...
- Physical SecurityPhysical securityPhysical security describes measures that are designed to deny access to unauthorized personnel from physically accessing a building, facility, resource, or stored information; and guidance on how to design structures to resist potentially hostile acts...
- SecuritySecuritySecurity is the degree of protection against danger, damage, loss, and crime. Security as a form of protection are structures and processes that provide or improve security as a condition. The Institute for Security and Open Methodologies in the OSSTMM 3 defines security as "a form of protection...
- Security controlsSecurity controlsSecurity controls are safeguards or countermeasures to avoid, counteract or minimize security risks.To help review or design security controls, they can be classified by several criteria, for example according to the time that they act, relative to a security incident:*Before the event, preventive...
- Security managementSecurity managementSecurity Management is a broad field of management related to asset management, physical security and human resource safety functions. It entails the identification of an organization's information assets and the development, documentation and implementation of policies, standards, procedures and...