Security and Employee Compliance - Introduction to the X-Factor | Coursera

Para EmpresasPara los estudiantes

Explorar
Principales cursos
Inicia Sesión
Únete de forma gratuita

Security and Employee Compliance

Loading...

Cybersecurity and the X-Factor

Sistema Universitario de Georgia

4.7 (196 calificaciones) | 10K estudiantes inscritos

Curso 3 de 4 en Cybersecurity: Developing a Program for Your Business Programa Especializado

Inscríbete gratis

What is the X-Factor? In Cybersecurity, the X-Factor related to unknown and unpredictable human behavior within and outside of your organization. “No one really knows why humans do what they do”, (David K. Reynolds), and because of this organizations can be unprepared for malicious, untrained, or even best intentioned behavior that can cause alarm and sometimes irreparable harm. This course will introduce you to the types of training available to reduce the impact of the X-Factor, evaluate its effectiveness, explore the Security Education, Training and Awareness (SETA) program, and learn why it may fail. The course will conclude with information designed to assist you with some critical components for your business security program. Activities focused on hactivism, cyberinsurance, and ransomware will round out your knowledge base. Your team of instructors has prepared a series of readings, discussions, guest lectures, and quizzes to engage you in this exciting topic.

Reseñas

4.7 (196 calificaciones)

5 stars
76.02%
4 stars
19.38%
3 stars
2.55%
2 stars
0.51%
1 star
1.53%

MS

Jul 31, 2020

It is one of the best course if you want to know about Cyber-security and how Organisations prepare against threats. Thanks to CourseEra and the teachers. 5 stars from my side.

DP

Jun 18, 2020

It is really great experience in learning this course. I have learned newly about the threat intelligence, employee habits and security breaches etc. Thank you.

De la lección

Introduction to the X-Factor

The X-factor within information security is human behavior within and outside your organization. Our introduction includes an overview of information security management and its goals as well as describing the problem created by non-malicious insider behavior. We include discussion about the purpose of training within organizational cybersecurity efforts and whether it is achieving its purpose.

Course Overview video1:11

Security and Employee Compliance4:26

Industry Q&A: Security and End Users1:47

Pulling it together8:24

Impartido por:

Dr. Humayun Zafar, CEH, CISM
Professor of Information Security and Assurance
Dr. Traci Carte
Associate Professor Chair, Information Systems
Herbert J. Mattord, Ph.D., CISM, CISSP, CDP
Professor of Information Security and Assurance
Mr. Andy Green
Lecturer of Information Security and Assurance
Michael Whitman, Ph.D., CISM, CISSP
Professor of Information Security

Prueba el curso Gratis

Transcripción

A standing joke in cybersecurity circles is that it's easy to keep your data safe, just disconnect every computer from the internet. That might keep the data safe, but it would also make most systems useless. So, companies spend a lot of money on sophisticated technology like Firewalls, Encryption programs, and Real-time intrusion monitoring, just to name a few. They also hire highly experienced security professionals, and engage in security education training and awareness efforts with their employees, customers, and business partners. Security Education Training and Awareness, also known as SETA, is the fundamental task for security-focused organizations. These efforts provide critical information to employees to maintain or improve their current levels of security knowledge. The benefits of most SETA efforts include improving employee behavior, helping employees know where or how to report violations, and enabling organizations to hold employees accountable. For now, we're going to focus just on the effort to improve employee behavior. It's reported that over half of all information security breaches are either indirectly, or directly caused by employee's poor security behaviors. Some estimates are as high as 95 percent of successful breaches require one or more employees to become complicit with the hacker in some way. Let's stop and think about that. Security breaches might be initiated by some hacktivists or bad actor in a faraway land, but their success does not rely on the technical genius that they have so much as it relies on the corporate employees not following procedure. So how do organizations make sure that employees are aware of, and are complying with security policies? They roll out training that is often a boring, computer-based, voice-over PowerPoint annual event. In short, here are some things you can do to stay safe from phishing e-mails. One, never click on unexpected links or attachments. Compliance is expected because the training is mandated. There have been a number of academic studies focused on how and why security training is effective or ineffective. I am also fairly sure that many disgruntled security managers asked the same question. So, why is security training not as effective as organizations would like? First, we have to think about the underlying assumptions behind such training. Did the designers believe that the security rules are mostly being followed, and that they are simply reminding the users of the importance of continued compliance? Or are these annual training efforts intended to improve compliance? I already mentioned that SETA efforts are focused on improving employee behavior, but surely some of the employees are doing what they're supposed to do. To help answer this question, I asked a security manager to describe training effectiveness in his organization. He said, "No matter how well you train folks, it will never keep you 100 percent safe. Each year we perform two to three phishing training scenarios." Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details, often for malicious reasons, by masquerading as a trustworthy entity in electronic communication. He continued, "We are normally 10 to 15 percent effective in harvesting. For an organization of 4,500-ish people, that's still about 450 usernames and passwords. Doing so has created 450 insider threats. Tax related phishing tests are the best." So, after annual training, this organization sends fake e-mails to their employees to see if anyone will send their log in information and even password. About 10 to 15 percent do just that. This is not an uncommon result.

Explora nuestro catálogo

Inscríbete de manera gratuita y obtén recomendaciones personalizadas, actualizaciones y ofertas.

Principales cursos en línea

Finding Purpose & Meaning in Life
Understanding Medical Research
Japanese for Beginners
Introduction to Cloud Computing
Foundations of Mindfulness
Fundamentals of Finance
Aprendizaje Automático
Aprendizaje automático con Sas Viya
La ciencia del bienestar
Covid-19 Contact Tracing
IA para todos
Mercados financieros
Introduction to Psychology
Getting Started with AWS
International Marketing
C++
Predictive Analytics & Data Mining
UCSD Learning How to Learn
Michigan Programming for Everybody
JHU R Programming
Google CBRS CPI Training

Principales especializaciones en línea

Natural Language Processing (NLP)
AI for Medicine
Good with Words: Writing & Editing
Infections Disease Modeling
The Pronounciation of American English
Software Testing Automation
Aprendizaje profundo
Python para todos
Ciencia de Datos
Aspectos básicos de los negocios
Habilidades de Excel aplicadas para los negocios
Data Science with Python
Finance for Everyone
Communication Skills for Engineers
Sales Training
Career Brand Management
Wharton Business Analytics
Penn Positive Psychology
Washington Machine Learning
CalArts Graphic Design

Certificados en linea

Certificados profesionales
MasterTrack Certificates
Soporte de TI de Google
Ciencia de datos de IBM
Google Cloud Data Engineering
IBM Applied AI
Google Cloud Architecture
IBM Cybersecurity Analyst
Google IT Automation with Python
IBM z/OS Mainframe Practitioner
UCI Applied Project Management
Instructional Design Certificate
Construction Engineering and Management Certificate
Big Data Certificate
Machine Learning for Analytics Certificate
Innovation Management & Entrepreneurship Certificate
Sustainabaility and Development Certificate
Social Work Certificate
AI and Machine Learning Certificate
Spatial Data Analysis and Visualization Certificate

Programas de titulación en línea

Computer Science Degrees
Business Degrees
Public Health Degrees
Data Science Degrees
Bachelor's Degrees
Licenciatura en Ciencias de la Computación
MS Electrical Engineering
Bachelor Completion Degree
MS Management
MS Computer Science
MPH
Accounting Master's Degree
MCIT
MBA Online
Maestría en ciencias de los datos aplicada
Global MBA
Master's of Innovation & Entrepreneurship
MCS Data Science
Master's in Computer Science
Maestría en Salud Pública

Coursera

Acerca de
Liderazgo
Empleo
Catálogo
Certificados
Certificados MasterTrack™
Grados
Para Empresas
Para gobiernos
Para el campus
En respuesta al Coronavirus

Comunidad

Estudiantes
Socios
Desarrolladores
Probador beta
Traductores
Blog
Blog de Tecnología

Más

Términos
Privacidad
Ayuda
Accesibilidad
Prensa
Contacto
Directorio
Afiliados

Consíguelo en Google Play

© 2020 Coursera Inc. Todos los derechos reservados.