Using penetration testing feedback to cultivate an atmosphere of proactive security amongst end-users
暂无分享,去创建一个
Purpose – The purpose of this case study paper is to demonstrate that, no matter how complex computer security systems are, effort should be concentrated and focused on employees to improve their security awareness. Each employee needs to become a “Security Deputy” to the company's computer security staff and he or she needs to take some responsibility for preventing security breaches – whether inside the workplace or not. It is easy to unwittingly spread a virus, or open security vulnerabilities, and such actions might damage a company's systems perhaps even more than malicious employees, through simple ignorance of security issues.Design/methodology/approach – A series of surveys and questionnaires were designed along with practical exercises and security awareness training sessions.Findings – Following their involvement in the exercises and awareness training, employees demonstrated improvement in security awareness. Users were made explicitly aware of the realities of IT security with pertinent questi...
[1] Richard Bejtlich. Extrusion Detection: Security Monitoring for Internal Intrusions , 2005 .
[2] Steven Furnell,et al. Considering the Problem of Insider IT Misuse , 2003, Australas. J. Inf. Syst..
[3] William L. Simon,et al. The Art of Deception , 2002 .
[4] Joan Hash,et al. Building an Information Technology Security Awareness and Training Program , 2003 .
[5] Bruce Schneier,et al. Beyond fear - thinking sensibly about security in an uncertain world , 2003 .