Applying Lessons Learned to Security Awareness Training.
Please note that we will be meeting at a different location beginning with our 7 January meeting. We are currently searching for a new location for our meetup. Details to follow… But do RSVP for this meetup to allow us to appropriately size our new location.
IT Security is not always top priority for companies. Many do not see the reason to spend time educating their teams on information security. Employees are therefore unaware of the effects their actions might have on the enterprise.
Implementing firewalls and access controls is not sufficient because attackers will find the weakest link in the chain – the user. The employee can carelessly click on a phishing email or be socially engineered thus allowing an unauthorized user access to the network and sensitive data. Ultimately, it takes only one person to click on one link that makes it through the firewall, as Eirik Iverson showed in his previous presentation and roundtable Phishing for Christmas discussion.
At our last meeting, he presented “Security Awareness Training & Education (SATE) Problems,” an in-depth evaluation of user education on Phishing Emails. The discussions confirmed a shared tough reality for cyber security professionals. We agreed that the majority of security awareness and training efforts aspiring to stop the phishing clicks have either failed miserably, achieved too little, and/or only changed behavior temporarily. Eirik Inverson’s thought provoking presentation is available to RMF meetup members in our meetup library.
We were delighted when Julia Benson volunteered to present on the follow-up topic. The goal of her presentation is to apply lessons learned on findings dealing with human error and present it in a way more easily understood by non-technical users. Julia intends for her presentation to be a catalyst for an engaging session on how to educate users on the importance of security in their digital environment.
Julia Benson has been studying IT Security and earned several IT certifications (Security+, Project +, A+, CCNA) during her first year at Western Governors University (WGU). She provides training to users of her organization on new systems where she works as a Project Support and Web Systems Manager. Julia also previously worked in a help desk environment where she supported frustrated customers in Germany and UK with their product related technical issues.
REGISTER at https://www.meetup.com/NCR-Risk-Management-Framework-Lifeboat/ SOONEST. You’ll find the practical information for our LifeBoat group meeting there. You can also tell other folks that they can easily get information and RSVP by starting on our ISSA Northern Virginia (NOVA) home page at http://nova.issa.org/ .
If anyone decides against using a free Meetup account, they are welcome to call 703-402-4379 to RSVP and get the practical details (where, when, and free parking). They can also optionally request to be added to our BCC email distro list. HOWEVER, many valuable RMF LifeBoat files are posted on our meetup for download by our Meetup group members.