Security Awareness Training

Security Awareness Training Framework Wiki

Measuring Human Risk: What is Your Organization’s Security Score? The methodology and results of a multi-year human security risk assessment and security awareness initiative at Michigan Technological University.

This presentation covers effective security awareness training and measuring its effectiveness. When I was doing security awareness training it was largely saying the same thing as last time, expecting a different result. Additional ideas were always appreciated. This presentation is worth listening to and the handout contains useful information.
Securing The Human in EMEA – Next Generation Awareness Programs
Confidentiality – only authorized / appropriate persons have access to the particular information
Integrity – accurate and adequately complete information
Availability – all authorized persons have access as needed
Accountability – actions cannot be repudiated
Authentication – validate the agent
Authorization – control which agents can access which assets
Accounting – determine which agents access which assets and what they did there
Property Threat
Authentication Spoofing
Integrity Tampering
Non-Repudiation Repudiation
Confidentiality Disclosure
Availability Denial of Service
Authorization Elevation of Privilege
WASC Threat Classification
OWASP Application Security Verification Standard 2009 (pdf)

Comments are closed.