Skip to content

Dated: 05-11-2024

Ch01. what is Information Security Awareness

Ensuring employee is aware of

  • The importance of protecting sensitive information
  • What they should do to handle information securely
  • Risks of mishandling information

Pasted image 20241105220820.png

  • NIST Special Publication 800-50 (Building An IT Security Awareness & Training Program)
    • Awareness
    • Training
    • Education

Awareness

  • Awareness is not training
  • Purpose of awareness is simply to focus attention on security
  • Change behavior or reinforce good security practices

Training

  • "Strives to produce relevant and needed security skills and competencies"
  • Seeks to teach skills
  • E.g. IT Security course for system administrators covering all security aspects

Education

  • Integrates all of the skills and competencies into a common body of knowledge
  • E.g. a degree program

Pasted image 20241105220654.png

Don'ts

  • Share your password
  • Click on suspicious email links
  • Install unlicensed software on your PC

Do's

  • Logout when getting up from your system
  • Report security incidents