This book constitutes the refereed proceedings of the 13th IFIP WG 11.8 World Conference on Information Security Education, WISE 13, held in Maribor, Slovenia, in September 2020. The conference was held virtually due to the COVID-19 pandemic. The 13 full papers presented were carefully reviewed and selected from 28 submissions. The papers are organized in the following topical sections: teaching methods and tools; cybersecurity knowledge within the organization; and teaching of detection and forensics.
Understanding cybersecurity principles and practices is vital to all users of IT systems and services, and is particularly relevant in an organizational setting where the lack of security awareness and compliance amongst staff is the root cause of many incidents and breaches. If these are to be addressed, there needs to be adequate support and provision for related training and education in order to ensure that staff know what is expected of them and have the necessary skills to follow through. Cybersecurity Education for Awareness and Compliance explores frameworks and models for teaching cybersecurity literacy in order to deliver effective training and compliance to organizational staff so that they have a clear understanding of what security education is, the elements required to achieve it, and the means by which to link it to the wider goal of good security behavior. Split across four thematic sections (considering the needs of users, organizations, academia, and the profession, respectively), the chapters will collectively identify and address the multiple perspectives from which action is required. This book is ideally designed for IT consultants and specialist staff including chief information security officers, managers, trainers, and organizations.
Modern society has become dependent on technology, allowing personal information to be input and used across a variety of personal and professional systems. From banking to medical records to e-commerce, sensitive data has never before been at such a high risk of misuse. As such, organizations now have a greater responsibility than ever to ensure that their stakeholder data is secured, leading to the increased need for cybersecurity specialists and the development of more secure software and systems. To avoid issues such as hacking and create a safer online space, cybersecurity education is vital and not only for those seeking to make a career out of cybersecurity, but also for the general public who must become more aware of the information they are sharing and how they are using it. It is crucial people learn about cybersecurity in a comprehensive and accessible way in order to use the skills to better protect all data. The Research Anthology on Advancements in Cybersecurity Education discusses innovative concepts, theories, and developments for not only teaching cybersecurity, but also for driving awareness of efforts that can be achieved to further secure sensitive data. Providing information on a range of topics from cybersecurity education requirements, cyberspace security talents training systems, and insider threats, it is ideal for educators, IT developers, education professionals, education administrators, researchers, security analysts, systems engineers, software security engineers, security professionals, policymakers, and students.
Computers at Risk presents a comprehensive agenda for developing nationwide policies and practices for computer security. Specific recommendations are provided for industry and for government agencies engaged in computer security activities. The volume also outlines problems and opportunities in computer security research, recommends ways to improve the research infrastructure, and suggests topics for investigators. The book explores the diversity of the field, the need to engineer countermeasures based on speculation of what experts think computer attackers may do next, why the technology community has failed to respond to the need for enhanced security systems, how innovators could be encouraged to bring more options to the marketplace, and balancing the importance of security against the right of privacy.
This book constitutes the refereed proceedings of the 14th IFIP WG 11.8 World Conference on Information Security Education, WISE 14, held virtually in June 2021. The 8 papers presented together with a special chapter showcasing the history of WISE and two workshop papers were carefully reviewed and selected from 19 submissions. The papers are organized in the following topical sections: a roadmap for building resilience; innovation in curricula; teaching methods and tools; and end-user security.
Information Security Policies Made Easy is the definitive resource tool for information security policies. Version 9 now includes an updated collection of 1250 + security policies and templates covering virtually every aspect of corporate security.
The best defense against the increasing threat of social engineering attacks is Security Awareness Training to warn your organization's staff of the risk and educate them on how to protect your organization's data. Social engineering is not a new tactic, but Building an Security Awareness Program is the first book that shows you how to build a successful security awareness training program from the ground up. Building an Security Awareness Program provides you with a sound technical basis for developing a new training program. The book also tells you the best ways to garner management support for implementing the program. Author Bill Gardner is one of the founding members of the Security Awareness Training Framework. Here, he walks you through the process of developing an engaging and successful training program for your organization that will help you and your staff defend your systems, networks, mobile devices, and data. Forewords written by Dave Kennedy and Kevin Mitnick! - The most practical guide to setting up a Security Awareness training program in your organization - Real world examples show you how cyber criminals commit their crimes, and what you can do to keep you and your data safe - Learn how to propose a new program to management, and what the benefits are to staff and your company - Find out about various types of training, the best training cycle to use, metrics for success, and methods for building an engaging and successful program
A jargon-busting guide to the key concepts, terminology, and technologies of cybersecurity. Perfect for anyone planning or implementing a security strategy. In Making Sense of Cybersecurity you will learn how to: Develop and incrementally improve your own cybersecurity strategy Detect rogue WiFi networks and safely browse on public WiFi Protect against physical attacks utilizing USB devices or building access cards Use the OODA loop and a hacker mindset to plan out your own attacks Connect to and browse the Dark Web Apply threat models to build, measure, and improve your defenses Respond to a detected cyber attack and work through a security breach Go behind the headlines of famous attacks and learn lessons from real-world breaches that author Tom Kranz has personally helped to clean up. Making Sense of Cybersecurity is full of clear-headed advice and examples that will help you identify risks in your organization and choose the right path to apply the important security concepts. You'll learn the three pillars of a successful security strategy and how to create and apply threat models that will iteratively improve your organization's readiness. Foreword by Naz Markuta. About the technology Someone is attacking your business right now. Understanding the threats, weaknesses, and attacks gives you the power to make better decisions about how to secure your systems. This book guides you through the concepts and basic skills you need to make sense of cybersecurity. About the book Making Sense of Cybersecurity is a crystal-clear overview of common cyber threats written for business and technical readers with no background in security. You’ll explore the core ideas of cybersecurity so you can effectively talk shop, plan a security strategy, and spot your organization’s own weak points. By examining real-world security examples, you’ll learn how the bad guys think and how to handle live threats. What's inside Develop and improve your cybersecurity strategy Apply threat models to build, measure, and improve your defenses Detect rogue WiFi networks and safely browse on public WiFi Protect against physical attacks About the reader For anyone who needs to understand computer security. No IT or cybersecurity experience required. About the author Tom Kranz is a security consultant with over 30 years of experience in cybersecurity and IT. Table of Contents 1 Cybersecurity and hackers 2 Cybersecurity: Everyone’s problem PART 1 3 Understanding hackers 4 External attacks 5 Tricking our way in: Social engineerin 6 Internal attacks 7 The Dark Web: Where is stolen data traded? PART 2 8 Understanding risk 9 Testing your systems 10 Inside the security operations center 11 Protecting the people 12 After the hack
