Cybersecurity for Small and Midsize Businesses by Marlon Bermudez
Author:Marlon Bermudez [Bermudez, Marlon]
Language: eng
Format: epub
Publisher: BookBaby
Published: 2020-07-05T16:00:00+00:00
Figure 36 âBuilding Blocks for a Capable and Ready Cybersecurity Workforceâ
Source: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-181.pdf
The National Cybersecurity Alliance (NCSM) provides resources to promote cybersecurity awareness:
Stop Think Connect
https://www.stopthinkconnect.org/resources
Stay Safe online
https://staysafeonline.org/cybersecure-business/
Cybersecurity and cybersecurity awareness are not tasks in a checklist that organizations can simply cross off. Cybersecurity is a critical business function and process that requires proper, constant, and on-going attention and monitoring.
Components of a cybersecurity awareness program
The cybersecurity awareness program has many components, including but not limited to:
Cybersecurity Awareness Program Policy Documentation of the organizationâs overall intent and approach regarding end user awareness. The policy can include the resources the organization allocates towards this effort and the consequences for employees to fail to comply with the required training. The policy should include all legal and regulatory compliance requirements and how often efforts to meet these requirements will be reviewed. Defining the role, responsibilities, and identity of the employee in charge of the program will help ensure accountability.
Roles and responsibilities Users (employees) need to be aware that the organization requires cybersecurity training and that training efforts are recorded and tracked. This will help hold them accountable. Different users will have different roles, but each user should sign the cybersecurity awareness program policy so that all are aware of the training requirements and repercussions for not completing the assigned training.
End user video training End user Training should cover basic security concepts and department-specific topics, e.g., CEO fraud for the accounting department.
Phishing training campaigns Organizations can use test phishing campaigns to identify users who are likely to click on malicious links, malicious attachments, enter credentials on (fake) phishing websites, etc. Most cybersecurity awareness and training solutions can be configured to automatically enroll users who fail the phishing test in additional training. Training provides the skill to detect phishing emails, and awareness (explaining policies and procedures) helps change behavior.
Newsletters and current events Keeping users aware of what is happening in the organization is critical, e.g., a known phishing scam that targets users of a product the organization uses.
Auditable logs and training reports The ability to generate a report on training progress, the effectiveness of phishing emails, and the overall effectiveness of the program is critical for meeting legal and regulatory requirements and for improving the effectiveness of the program.
Format The policy should follow the security policy framework developed by the organization under Subcategory ID.GV-1 and reference other policies as necessary.
Policy availability The policy should be signed by all covered users within the organization and be available for review at any time. If the organization uses a product like DocuSign (as reviewed in previous Subcategories), all the policies signed electronically will be easily accessible.
Training types and schedule Include how often training efforts will take place, and the type of training users will be expected to complete, e.g., the organization may specify a general training session once a year, monthly newsletters, monthly video training, and random phishing emails.
Documented exceptions All employees should receive cybersecurity training to help protect the organization; lack of training on social engineering can lead to a devastating data breach from which the organization may not be able to recover.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
The ChatGPT Millionaire: Making Money Online has never been this EASY by Neil Dagger(682)
Dan Lok by unknow(615)
Side Hustles for Dummies by Simon Alan R.;(589)
Improving Internet Access to Help Small Business Compete in a Global Economy by Hermann E. Walker(505)
Start. Scale. Exit. Repeat. by Colin C. Campbell(444)
How to Grow Your Small Business by Donald Miller(431)
From Science to Business: Preparing Female Scientists and Engineers for Successful Transitions into Entrepreneurship: Summary of a Workshop by Catherine Jay Didion(406)
500 Ways to Make Money by NAVEEN CHAUHAN(386)
Founder vs Investor by Elizabeth Joy Zalman(366)
Tiny Business, Big Money by Elaine Pofeldt(362)
The Startup Owner's Manual by Steve Blank(351)
SURVIVAL SKILLS FOR FREELANCERS by Townsend Sarah(342)
The Worth of Water by Gary White & Matt Damon(341)
Think Your Way to Success: How to Develop a Winning Mindset and Achieve Amazing Results by Mark Rhodes(335)
The Harder I Fall, the Higher I Bounce: Life Lessons From the Entrepreneur Dubbed the King of Kiosks by Fortune Magazine by Max James(334)
The Five Most Important Questions You Will Ever Ask About Your Organization by Peter F. Drucker & NULL(333)
See, Solve, Scale by Danny Warshay(332)
Read Books All Day and Get Paid For It: The Business of Book Coaching by Jennie Nash(329)
Blog Writing by Phil Sweet(324)
