SOLUTION BRIEF
Thinking in the Security Context
“
At least 78% of respondents indicated that their company had experienced a data security breach as a result of human negligence or maliciousness.” – The Human Factor in Data Protection report, The Ponemon Institute
Security Curious • Staff are taught to think about security in ALL interactions • Reports any and all anomalies no matter how small
Security Cynic • Doesn’t automatically trust • Questions all unknown sources • Often independently verifies “trusted” communications out of band • “Guilty until proven innocent”
What is Thinking in the Security Context? One of the biggest challenges organisations face as they strive to safeguard sensitive information is habituating employees to “thinking in the security context.” This mindset requires workers to be perpetually cognizant that every task they perform, from Internet downloads to paper recycling, has the potential to create corporate risk exposure if they are not careful.
Security Skeptic • Actively takes steps to safely validate potential threats (e.g., uses VirusTotal) • Looks for proof of non-malicious intent • Isn’t afraid to hit the “pause” button and escalate
Security Paranoid • Healthy connection to reality of today’s threats • Believes the security of their organisation depends solely on their vigilance • Has a “personal” sense of accountability for the organisation’s security posture • Has a very well-tuned “threat meter” • Keeps abreast of current threats, vulnerabilities and exploits • Recursively asks “What if” • Takes nothing at face value … ever!
Which Job Roles Require Security Awareness? All of them! The level of security awareness naturally varies according to job function, with IT professionals being generally more up to date on the most recent and malicious security threats and internal vulnerabilities, while non-IT staff may be wholly unaware of any risk at all. Cyber criminals rely on ignorance and negligence! Continued on next page
08-506 668 00 • LearningTree.se/Cyber2018