Security Awareness Training Framework Wiki
Measuring Human Risk: What is Your Organization’s Security Score? The methodology and results of a multi-year human security risk assessment and security awareness initiative at Michigan Technological University.
This presentation covers effective security awareness training and measuring its effectiveness. When I was doing security awareness training it was largely saying the same thing as last time, expecting a different result. Additional ideas were always appreciated. This presentation is worth listening to and the handout contains useful information.
Confidentiality – only authorized / appropriate persons have access to the particular information
Integrity – accurate and adequately complete information
Availability – all authorized persons have access as needed
Accountability – actions cannot be repudiated
Authentication – validate the agent
Authorization – control which agents can access which assets
Accounting – determine which agents access which assets and what they did there
|Availability||Denial of Service|
|Authorization||Elevation of Privilege|
OWASP Application Security Verification Standard 2009 (pdf)