What is security awareness?
The easiest way to to understand security awareness is to break it down in to it’s very definitions
Awareness: having or showing realisation, perception, or knowledge
Security: measures taken to secure against attack, crime, espionage or sabotage etc.
So we can deduce that Security Awareness is having the realisation and knowledge to take the appropriate measures to help secure against threats to the organisation or individual alike.
Being security aware means you understand that there is the potential for someone to deliberately or accidentally steal, damage, or misuse sensitive data that is stored throughout the organization. Therefore, it is prudent to highlight the necessity of managing these potential threats on all fronts (information, physical, and personal) by trying to stop them from occurring in the first place. According to the European Network and Information Security Agency, ‘Awareness of the risks and available safeguards is the first line of defence for the security of information systems, networks and infrastructure.’, a sentiment strongly supported by Exsatus. Many organisations require formal security awareness training for all employees, not only for when they join the organisation but periodically, usually Bi-annually.
Some of the topics covered in our security awareness training talks include:
- The nature of sensitive data and physical assets employees may come in contact with, such as intellectual property, privacy concerns and classified or confidential information
- Employee and contractor responsibilities in handling sensitive data, including examples of employee NDA’s and security related policies
- Employee and contractor responsibilities on physical security and assets, including examples of the related security policies and procedures
- Requirements for proper handling of sensitive material in physical form, including marking, transmission, storage and destruction
- Proper methods for protecting sensitive information on computer systems, including password policies, encryption and use of various methods of authentication
- Other computer security concerns, including malware, phising, social engineering and corporate espionage etc.
- Workplace security, including access control, cctv, wearing of identification, reporting of incidents, forbidden articles, etc.
- Data protection acts and the related laws
- Consequences of failure to properly protect information, including potential loss of employment, economic consequences to the firm, damage to individuals whose private records are divulged, and possible criminal penalties
The focus of Security Awareness should be to achieve a long term shift in the attitude of employees towards security as a whole, whilst promoting a cultural and behavioural change within an organisation.
Cyber Security Awareness
Our cyber security awareness talks are focused specifically on the growing cyber threats that plague the internet and online systems today. An in-depth look in to the blackhat (hacking) community and the anatomy of targeted and sponsored attacks. Some of the topics covered by our cyber security awareness talks, include:
- The nature of targeted or sponsored cyber attacks
- Attack vectors, including malware, phising, social engineering, SCADA and corporate espionage etc.
- Identifying and taken charge of potential threats and countermeasures
- OSINT and tracking attackers or points of attack
- Data Protection act and the law related to cyber related crime
- Consequences of failure to properly protect against attacks, economic consequences, OPSEC failure, damage to individuals whose private records are divulged etc.
Terms and Conditions for our security awareness talks
Please note that the security awareness talks themselves are free, there may be charges incurred for traveling and accommodation expenses. These charges are calculated at our discretion and will be applied at the time of booking of the security awareness talks. Further to the above the security awareness talks are limited to 2 half hour (30 minute) sessions per organisation, however there is no limit to the amount of attendees of each sessions, we only ask that the numbers are made know to us at the time of booking.
We may collect the following information:
- name, lastname and job title
- contact information including email address, telephone and mobile numbers
- demographic information such as postcode, preferences and interests, geolocation
- other information relevant to customer surveys, polls and questionnaires
We are committed to ensuring that all collected information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard, encrypt and secure the information we collect. You may request details of personal information which we hold about you under the Data Protection Act 1998. A small fee may be payable. If you would like a copy of the information held on you please write to us or email us at firstname.lastname@example.org.
For the Terms and Conditions of Exsatus website please follow on to our legal blurb.
Question the integrity of Security
Information is the oxygen of the modern age. It seeps through the walls topped by barbed wire, it wafts across the electrified borders
- Ronald Reagan