Security Awareness Training Framework Wiki
Measuring Human Risk: What is Your Organization’s Security Score? The methodology and results of a multi-year human security risk assessment and security awareness initiative at Michigan Technological University.
This presentation covers effective security awareness training and measuring its effectiveness. When I was doing security awareness training it was largely saying the same thing as last time, expecting a different result. Additional ideas were always appreciated. This presentation is worth listening to and the handout contains useful information.
Confidentiality – only authorized / appropriate persons have access to the particular information
Integrity – accurate and adequately complete information
Availability – all authorized persons have access as needed
Accountability – actions cannot be repudiated
Authentication – validate the agent
Authorization – control which agents can access which assets
Accounting – determine which agents access which assets and what they did there
| Property | Threat |
|---|---|
| Authentication | Spoofing |
| Integrity | Tampering |
| Non-Repudiation | Repudiation |
| Confidentiality | Disclosure |
| Availability | Denial of Service |
| Authorization | Elevation of Privilege |
OWASP Application Security Verification Standard 2009 (pdf)
Aggressive Virus Defense 