Security and Employee Compliance - Introduction to the X-Factor | Coursera

Para EmpresasPara los estudiantes

Explorar
Principales cursos
Inicia Sesión
Únete de forma gratuita

Security and Employee Compliance

Loading...

Cybersecurity and the X-Factor

Sistema Universitario de Georgia

4.7 (221 calificaciones) | 16K estudiantes inscritos

Curso 3 de 4 en Cybersecurity: Developing a Program for Your Business Programa Especializado

Inscríbete gratis

What is the X-Factor? In Cybersecurity, the X-Factor related to unknown and unpredictable human behavior within and outside of your organization. “No one really knows why humans do what they do”, (David K. Reynolds), and because of this organizations can be unprepared for malicious, untrained, or even best intentioned behavior that can cause alarm and sometimes irreparable harm. This course will introduce you to the types of training available to reduce the impact of the X-Factor, evaluate its effectiveness, explore the Security Education, Training and Awareness (SETA) program, and learn why it may fail. The course will conclude with information designed to assist you with some critical components for your business security program. Activities focused on hactivism, cyberinsurance, and ransomware will round out your knowledge base. Your team of instructors has prepared a series of readings, discussions, guest lectures, and quizzes to engage you in this exciting topic.

Reseñas

4.7 (221 calificaciones)

5 stars
76.92%
4 stars
18.55%
3 stars
2.26%
2 stars
0.45%
1 star
1.81%

MS

30 de jul. de 2020

It is one of the best course if you want to know about Cyber-security and how Organisations prepare against threats. Thanks to CourseEra and the teachers. 5 stars from my side.

DP

17 de jun. de 2020

It is really great experience in learning this course. I have learned newly about the threat intelligence, employee habits and security breaches etc. Thank you.

De la lección

Introduction to the X-Factor

The X-factor within information security is human behavior within and outside your organization. Our introduction includes an overview of information security management and its goals as well as describing the problem created by non-malicious insider behavior. We include discussion about the purpose of training within organizational cybersecurity efforts and whether it is achieving its purpose.

Course Overview video1:11

Security and Employee Compliance4:26

Industry Q&A: Security and End Users1:47

Pulling it together8:24

Impartido por:

Dr. Humayun Zafar, CEH, CISM
Professor of Information Security and Assurance
Dr. Traci Carte
Associate Professor Chair, Information Systems
Herbert J. Mattord, Ph.D., CISM, CISSP, CDP
Professor of Information Security and Assurance
Mr. Andy Green
Lecturer of Information Security and Assurance
Michael Whitman, Ph.D., CISM, CISSP
Professor of Information Security

Prueba el curso Gratis

Transcripción

A standing joke in cybersecurity circles is that it's easy to keep your data safe, just disconnect every computer from the internet. That might keep the data safe, but it would also make most systems useless. So, companies spend a lot of money on sophisticated technology like Firewalls, Encryption programs, and Real-time intrusion monitoring, just to name a few. They also hire highly experienced security professionals, and engage in security education training and awareness efforts with their employees, customers, and business partners. Security Education Training and Awareness, also known as SETA, is the fundamental task for security-focused organizations. These efforts provide critical information to employees to maintain or improve their current levels of security knowledge. The benefits of most SETA efforts include improving employee behavior, helping employees know where or how to report violations, and enabling organizations to hold employees accountable. For now, we're going to focus just on the effort to improve employee behavior. It's reported that over half of all information security breaches are either indirectly, or directly caused by employee's poor security behaviors. Some estimates are as high as 95 percent of successful breaches require one or more employees to become complicit with the hacker in some way. Let's stop and think about that. Security breaches might be initiated by some hacktivists or bad actor in a faraway land, but their success does not rely on the technical genius that they have so much as it relies on the corporate employees not following procedure. So how do organizations make sure that employees are aware of, and are complying with security policies? They roll out training that is often a boring, computer-based, voice-over PowerPoint annual event. In short, here are some things you can do to stay safe from phishing e-mails. One, never click on unexpected links or attachments. Compliance is expected because the training is mandated. There have been a number of academic studies focused on how and why security training is effective or ineffective. I am also fairly sure that many disgruntled security managers asked the same question. So, why is security training not as effective as organizations would like? First, we have to think about the underlying assumptions behind such training. Did the designers believe that the security rules are mostly being followed, and that they are simply reminding the users of the importance of continued compliance? Or are these annual training efforts intended to improve compliance? I already mentioned that SETA efforts are focused on improving employee behavior, but surely some of the employees are doing what they're supposed to do. To help answer this question, I asked a security manager to describe training effectiveness in his organization. He said, "No matter how well you train folks, it will never keep you 100 percent safe. Each year we perform two to three phishing training scenarios." Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details, often for malicious reasons, by masquerading as a trustworthy entity in electronic communication. He continued, "We are normally 10 to 15 percent effective in harvesting. For an organization of 4,500-ish people, that's still about 450 usernames and passwords. Doing so has created 450 insider threats. Tax related phishing tests are the best." So, after annual training, this organization sends fake e-mails to their employees to see if anyone will send their log in information and even password. About 10 to 15 percent do just that. This is not an uncommon result.

Explora nuestro catálogo

Inscríbete de manera gratuita y obtén recomendaciones personalizadas, actualizaciones y ofertas.

Coursera Footer

Principales cursos en línea

Buscar el objetivo y el significado de la vida
Comprender las investigaciones médicas
Japonés para principiantes
Introducción a la Informática en la nube
Bases para la concientización
Aspectos básicos de las finanzas
Aprendizaje Automático
Aprendizaje automático con Sas Viya
La ciencia del bienestar
Rastreo de contactos de COVID-19
IA para todos
Mercados financieros
Introducción a la Psicología
Primeros pasos con AWS
Marketing internacional
C++
Análisis predictivo y minería de datos
Aprender a aprender en UCSD
Programación para todos de Michigan
Programación JHU R
Capacitación en CPI de Google CBRS

Principales especializaciones en línea

Procesamiento natural del lenguaje (NLP)
IA para medicina
Experto en palabras: escritura y edición
Modelización de enfermedades infecciosas
Pronunciación del inglés americano
Automatización de las pruebas de software
Aprendizaje profundo
Python para todos
Ciencia de Datos
Aspectos básicos de los negocios
Habilidades de Excel aplicadas para los negocios
Ciencia de los datos con Python
Finanzas para todos
Habilidades de comunicación para ingenieros
Capacitación en ventas
Carrera en gestión de marcas
Análisis de negocios en Wharton
Psicología positiva en Penn
Aprendizaje automático en Washington
Diseño gráfico de CalArts

Certificados en linea

Certificados profesionales
Certificados MasterTrack
Soporte de TI de Google
Ciencia de datos de IBM
Ingeniería de datos de Google Cloud
IA aplicada por IBM
Arquitectura de Google Cloud
Analista de ciberseguridad de IBM
Automatización de TI de Google con Python
Profesional de mainframe de z/OS de IBM
Gestión aplicada de proyectos en UCI
Certificado en diseño instruccional
Certificado en ingeniería y gestión de la construcción
Certificado en grandes datos
Certificado en Aprendizaje automático para el análisis
Certificado en emprendimientos y gestión de la innovación
Certificado en Sostenibilidad y Desarrollo
Certificado en trabajo social
Certificado en IA y aprendizaje automático
Certificado en Análisis y visualización de datos espaciales

Programas de titulación en línea

Títulos en ciencias informáticas
Títulos en negocios
Títulos en salud pública
Títulos en ciencias de los datos
Licenciaturas
Licenciatura en Ciencias de la Computación
Maestría en Ingeniería eléctrica
Título de finalización de licenciatura
Maestría en Gestión
Maestría en Ciencias informáticas
MPH
Maestría en contabilidad
MCIT
MBA en línea
Maestría en ciencias de los datos aplicada
MBA global
Maestría en Innovación y emprendimiento
Maestría en Ciencia de los datos
Maestría en Ciencias informáticas
Maestría en Salud Pública

Coursera

Acerca de
Liderazgo
Empleo
Catálogo
Certificados
Certificados MasterTrack™
Grados
Para Empresas
Para gobiernos
Para el campus
En respuesta al Coronavirus

Comunidad

Estudiantes
Socios
Desarrolladores
Probador beta
Traductores
Blog
Blog de Tecnología
Centro de enseñanza

Más

Términos
Privacidad
Ayuda
Accesibilidad
Prensa
Contacto
Directorio
Afiliados

Aprende en cualquier lado

Consíguelo en Google Play

© 2020 Coursera Inc. Todos los derechos reservados.