University of Michigan
Applications for Michigan’s MPH degree are now open
Apply by May 1, 2020 to earn your master’s degree online from a top-rated program.
Coursera Together
Keep learning with free resources during COVID-19
Explore new free courses, community discussions, expert interviews, and more.

Explorar todo lo que Coursera tiene para ofrecer

Explorar
Principales cursos
Inicia Sesión
Únete de forma gratuita

Scheduled maintenance: Coursera will be performing site-wide maintenance starting April 2, 2020, at 9 P.M. Pacific Time and will be unavailable for up to two hours.

Security and Employee Compliance

Loading...

Cybersecurity and the X-Factor

Sistema Universitario de Georgia

4.6 (101 calificaciones) | 4.7K estudiantes inscritos

Curso 3 de 4 en Cybersecurity: Developing a Program for Your Business Programa Especializado

Inscríbete gratis

What is the X-Factor? In Cybersecurity, the X-Factor related to unknown and unpredictable human behavior within and outside of your organization. “No one really knows why humans do what they do”, (David K. Reynolds), and because of this organizations can be unprepared for malicious, untrained, or even best intentioned behavior that can cause alarm and sometimes irreparable harm. This course will introduce you to the types of training available to reduce the impact of the X-Factor, evaluate its effectiveness, explore the Security Education, Training and Awareness (SETA) program, and learn why it may fail. The course will conclude with information designed to assist you with some critical components for your business security program. Activities focused on hactivism, cyberinsurance, and ransomware will round out your knowledge base. Your team of instructors has prepared a series of readings, discussions, guest lectures, and quizzes to engage you in this exciting topic.

Revisiones

4.6 (101 calificaciones)

5 stars
73%
4 stars
21%
3 stars
2%
2 stars
1%
1 star
3%

PK

Feb 18, 2017

Very good content. It helped me learning more about the behaviour change models! Enjoyed it

ER

May 09, 2017

Terrific course for understanding the role the human ("X") factor plays in cyber security.

De la lección

Introduction to the X-Factor

The X-factor within information security is human behavior within and outside your organization. Our introduction includes an overview of information security management and its goals as well as describing the problem created by non-malicious insider behavior. We include discussion about the purpose of training within organizational cybersecurity efforts and whether it is achieving its purpose.

Course Overview video1:11

Security and Employee Compliance4:26

Industry Q&A: Security and End Users1:47

Pulling it together8:24

Impartido por:

Dr. Humayun Zafar
Associate Professor of Information Security and Assurance
Dr. Traci Carte
Associate Professor Chair, Information Systems
Herbert J. Mattord, Ph.D., CISM, CISSP, CDP
Associate Professor in Information Security and Assurance
Mr. Andy Green
Lecturer of Information Security and Assurance
Michael Whitman, Ph.D., CISM, CISSP
Professor of Information Security

Prueba el curso Gratis

Transcripción

A standing joke in cybersecurity circles is that it's easy to keep your data safe, just disconnect every computer from the internet. That might keep the data safe, but it would also make most systems useless. So, companies spend a lot of money on sophisticated technology like Firewalls, Encryption programs, and Real-time intrusion monitoring, just to name a few. They also hire highly experienced security professionals, and engage in security education training and awareness efforts with their employees, customers, and business partners. Security Education Training and Awareness, also known as SETA, is the fundamental task for security-focused organizations. These efforts provide critical information to employees to maintain or improve their current levels of security knowledge. The benefits of most SETA efforts include improving employee behavior, helping employees know where or how to report violations, and enabling organizations to hold employees accountable. For now, we're going to focus just on the effort to improve employee behavior. It's reported that over half of all information security breaches are either indirectly, or directly caused by employee's poor security behaviors. Some estimates are as high as 95 percent of successful breaches require one or more employees to become complicit with the hacker in some way. Let's stop and think about that. Security breaches might be initiated by some hacktivists or bad actor in a faraway land, but their success does not rely on the technical genius that they have so much as it relies on the corporate employees not following procedure. So how do organizations make sure that employees are aware of, and are complying with security policies? They roll out training that is often a boring, computer-based, voice-over PowerPoint annual event. In short, here are some things you can do to stay safe from phishing e-mails. One, never click on unexpected links or attachments. Compliance is expected because the training is mandated. There have been a number of academic studies focused on how and why security training is effective or ineffective. I am also fairly sure that many disgruntled security managers asked the same question. So, why is security training not as effective as organizations would like? First, we have to think about the underlying assumptions behind such training. Did the designers believe that the security rules are mostly being followed, and that they are simply reminding the users of the importance of continued compliance? Or are these annual training efforts intended to improve compliance? I already mentioned that SETA efforts are focused on improving employee behavior, but surely some of the employees are doing what they're supposed to do. To help answer this question, I asked a security manager to describe training effectiveness in his organization. He said, "No matter how well you train folks, it will never keep you 100 percent safe. Each year we perform two to three phishing training scenarios." Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details, often for malicious reasons, by masquerading as a trustworthy entity in electronic communication. He continued, "We are normally 10 to 15 percent effective in harvesting. For an organization of 4,500-ish people, that's still about 450 usernames and passwords. Doing so has created 450 insider threats. Tax related phishing tests are the best." So, after annual training, this organization sends fake e-mails to their employees to see if anyone will send their log in information and even password. About 10 to 15 percent do just that. This is not an uncommon result.

Explora nuestro catálogo

Inscríbete de manera gratuita y obtén recomendaciones personalizadas, actualizaciones y ofertas.

Principales cursos en línea

IA para todos
Introducción a TensorFlow
Redes neurales y aprendizaje profundo
Algoritmos, parte 1
Algoritmos, parte 2
Aprendizaje Automático
Aprendizaje automático con Python
Aprendizaje automático con Sas Viya
Programación R
Introducción a la programación con Matlab
Análisis de datos con Python
Aspectos básicos de AWS: El paso a la nube nativa
Aspectos básicos de la plataforma en la nube de Google
Ingeniería de confiabilidad del sitio
Hablar inglés de manera profesional
La ciencia del bienestar
Aprendiendo a aprender
Mercados financieros
Prueba de hipótesis en el área de la salud pública
Aspectos básicos del liderazgo diario

Principales especializaciones en línea

Aprendizaje profundo
Python para todos
Ciencia de Datos
Ciencias de los Datos Aplicada con Python
Aspectos básicos de los negocios
Arquitectura con Google Cloud Platform
Ingeniería de datos en la plataforma en la nube de Google
Excel para MySQL
Aprendizaje automático avanzado
Matemática aplicada al aprendizaje automático
Automóviles de auto conducción
Revolución de la cadena de bloques para la empresa
Análisis comercial
Habilidades de Excel aplicadas para los negocios
mercadeo digital
Análisis estadístico con R para el área de la salud pública
Aspectos básicos de la inmunología
Anatomía
Gestión de la innovación y del pensamiento de diseño
Aspectos básicos de la psicología positiva

Certificados en linea

Soporte de TI de Google
Especialista en compromiso con el cliente de IBM
Ciencia de datos de IBM
Administrador de proyectos aplicado
Certificado profesional de IA aplicada de IBM
Aprendizaje automático para análisis
Análisis y visualización de datos espaciales
Gestión e ingeniería de construcción
Diseño instruccional

Programas de titulación en línea

Maestría en Ciencia de Datos
Licenciatura en Ciencias de la Computación
Títulos de Ciencias de la Computación e Ingeniería
Maestría en Aprendizaje Automático
Maestría en Administración de Empresas y títulos de estudios de negocios
Maestría en Ingeniería Eléctrica
Maestría en Salud Pública
Maestría en Tecnología de la Información

Coursera

About
Leadership
Careers
Catalog
Certificates
MasterTrack™ Certificates
Degrees
For Enterprise
For Government
For Campus

Comunidad

Learners
Partners
Developers
Beta Testers
Translators
Blog
Tech Blog

Más

Terms
Privacy
Help
Accessibility
Press
Contact
Directory
Affiliates

Consíguelo en Google Play

© 2020 Coursera Inc. Todos los derechos reservados.