exploit. With a hurricane, for example, you might choose to locate facilities outside of hurricane zones. If you know that facilities might lose power from a wide variety of threats, you can address the vulnerability of nonresilient power sources by installing backup generators.
As with vulnerabilities, I divide countermeasures into the following categories — these categories correspond to the implementation type of the countermeasure, not the vulnerability it addresses:
Technical countermeasure: Mitigates vulnerabilities by using technical tools. A software tool used to fix a technical flaw is a technical countermeasure. Multifactor authentication is a technical countermeasure that can mitigate an operational weakness of poor security awareness as demonstrated by users who don’t know not to divulge their passwords. Awareness messages embedded in screen savers are also technical countermeasures.
Physical countermeasure: Uses physical tools, such as reminder signs, to mitigate vulnerabilities.
Personnel countermeasure: Involves tools that address the human resources (HR) process, such as a security awareness presentation into new hire orientation.
Operational countermeasure: Addresses how work is performed, which may also include the identification of governance. This may include how to properly identify callers asking for protected information.
Part 2
Building a Security Awareness Program
IN THIS PART …
Create a strategy to communicate your message and measure results.
Tailor your program to your organization’s culture.
Choose program topics that consider business drivers and other factors that motivate users.
Pick the comunications tools that work best for the users you need to reach.
Integrate metrics that show how awareness benefits your organization.
Конец ознакомительного фрагмента.
Текст предоставлен ООО «ЛитРес».
Прочитайте эту книгу целиком, купив полную легальную версию на ЛитРес.
Безопасно оплатить книгу можно банковской картой Visa, MasterCard, Maestro, со счета мобильного телефона, с платежного терминала, в салоне МТС или Связной, через PayPal, WebMoney, Яндекс.Деньги, QIWI Кошелек, бонусными картами или другим удобным Вам способом.
