Questions tagged [awareness]
The awareness tag has no usage guidance.
26 questions
4
votes
2
answers
420
views
How concerned should we be about RFID skimming?
I've heard/read several pentesting stories where the pentesters clone RFID badges. I've also seen some articles saying RFID skimming is a negligibly small problem. The RFID skimming I'm talking about ...
- 3,482
2
votes
1
answer
350
views
Hacking demonstration
We are thinking about giving an awareness live demonstration in the company I work for. The general idea is to show the users how can they be hacked while connected to a public wifi spot such as a ...
2
votes
3
answers
291
views
How should security user training be provided when implementing a company BYOD strategy?
Our company is implementing a BYOD policy. I am working with management to draft end user training guidelines / standards as senior member of the Information Security team. Our company is in a ...
- 1,766
2
votes
0
answers
146
views
How to force employees to complete security awareness quiz? [closed]
The idea is that when a user logs in PC (Windows 10) he should be forced to complete a quiz before he could start work.
These are company owned laptops.
The quiz will be few questions short, shown ...
- 533
21
votes
3
answers
3k
views
Should corporate security training be tailored based on a users' job role?
I work in the Information Security team at my workplace. We work in the insurance and healthcare industry and work frequently with customer credit card, financial, and private health data.
Today I ...
- 1,766
7
votes
4
answers
435
views
Why should small and medium-sized businesses care about security?
Pretext
I'm not a security expert, just a web dev with an interest in "security".
I've been tasked by my employer with giving an internal talk on security (specifically web application security) and ...
- 317
1
vote
3
answers
390
views
Why are data breaches like the one at Quora considered so bad?
Today, I read this article that said that some hacker stole personal information of 100 million users of Quora — which allegedly is half of the total user base of Quora. This is kind of like when ...
- 213
2
votes
3
answers
161
views
How can I focus on the positive side of information security to create awareness?
I would like to know how I can create a healthy and positive environment for information security. Due to some mistakes, this is not the case at the moment at the company I am at.
I am an intern at ...
- 211
16
votes
8
answers
3k
views
How to make people report incidents?
I would like to know how you make employees report incidents. Incident reports are a key element of an ISMS. No reports = No discovery of the incident = High chance things go out of control.
We have ...
- 211
6
votes
2
answers
830
views
How to explain importance of security & privacy to a layman? [duplicate]
Often I come across people who don't understand the importance of security or privacy. They are careless and many times they will quote some nonsense, like: 'I have nothing to hide...' etc.
What is ...
- 10.2k
5
votes
1
answer
333
views
Is it wise to show the "e-mail has been scanned by XYZ antivirus" in e-mails footer? [closed]
It is a common practice to append the "antivirus footers" to emails, e.g.:
Scanned by ClamAV
or
This email has been scanned by the XYZ Email Security service
There is many opinions about it, ...
- 1,645
0
votes
2
answers
192
views
Efficiency of end-user training
I have read a lot on the topic of enforcing end-user security training, such as how to spot a phishing email for example. Even enforced training, such as conferences or videos that the end-user must ...
2
votes
1
answer
232
views
How could we provide certainty to users that education material on phishing, isn't phishing itself?
This is a problem that has been bothering me somewhat.
I am able to run a phishing simulation campaign against users across the organisation. If the user clicks on a bad link they are directed and ...
68
votes
7
answers
5k
views
Which topics should a security training for non-IT persons contain?
(I am not sure, if this question fits the security.stackexchange-board, but the list of askable topics does not exclude this question imho and there are some examples)
I've worked for several ...
- 2,047
3
votes
1
answer
307
views
Best way to prevent phishing by turning off HTML links
phishing attacks are very common nowadays. Innocent victims click on suspicious links in emails and get infected. I know that to prevent phishing, one of the ways is to educate users on the proper ...
- 1,971
6
votes
1
answer
292
views
Is online security training effective?
I'm looking at an organization that requires that all employees undergo an annual one-hour online cybersecurity training (watch a video and take a quiz, apparently built using SANS's end-user security ...
- 100k
5
votes
1
answer
372
views
UK or EU regulations that require Security Awareness Training
I was completing a survey of the various regulations and standards that require Privacy or Security Awareness training, and have compiled the following list from various sources:
FEDERAL LAWS AND ...
- 132k
2
votes
0
answers
152
views
How to inform other sysadmins their email encryption is broken [closed]
Does anyone have a good template email to use to send to remote system/mail/security administrators to alert them to the fact that emails to them would not be getting through either at all or securely ...
- 21
5
votes
3
answers
325
views
What are good proof-of-concept implementations for general security awareness training?
I will be giving a presentation on "cyber security" to a school class of 16 year olds and want to show them how network security works, how important privacy is (and why it matters) and how to protect ...
- 51
2
votes
3
answers
332
views
Security coding training best approach
To train the development team, there are various options one can take: inhouse presentation with code samples, CBTs so developers do it at their best time, instructor-led courses onsite or inhouse (...
- 915
-1
votes
2
answers
197
views
Resources fo Security Awareness training [closed]
as part of security awareness for the company, I am looking for something that I could use to spread the awareness. Maybe a web based application/portal which I can create quiz forms easily or share ...
- 725
13
votes
5
answers
2k
views
End user security awareness measurement
Apart from the conventional email phishing tests, what other security Key Performance Indicators can be used to measure end user security awareness in an Organization?
Looking at the SANS critical ...
- 707
11
votes
4
answers
1k
views
How can I convince my communication partner to use encryption in everyday life?
The latest developments made it very clear, how easily basically all communication channels can be wiretapped. However, I think most people still ignore this fact. Especially in business most ...
- 219
2
votes
3
answers
1k
views
Anti-Phishing Campaign Objective
At every office I have worked, links and files, both internal and external, are shared in emails.
Is the objective of an anti-phishing campaign that users never click on blind, or otherwise ...
- 21
1
vote
3
answers
194
views
How to protect against an attack where a person claims to be in a position of authority?
In an office if a person approaches an employee and claims to be a new IT staff and to give them access to their computer, what can prevent this kind of attack? I've worked a couple tech support jobs ...
- 10.2k
5
votes
3
answers
1k
views
Ideas to build security awareness
It has been claimed that "the weakest factor in security is the humans". Unfortunately this is a weak link we cannot cut away so we have to deal with it.
I need ideas to help build inherently ...
- 16.2k