Cover Image
市場調查報告書

安全意識及培訓計畫之人性面改善

Humanize the Security Awareness and Training Program

出版商 Info-Tech Research Group 商品編碼 603298
出版日期 內容資訊 英文 103 Pages
商品交期: 最快1-2個工作天內
價格
Back to Top
安全意識及培訓計畫之人性面改善 Humanize the Security Awareness and Training Program
出版日期: 2017年02月14日 內容資訊: 英文 103 Pages
簡介

本報告有助您選出需要培訓的末端使用者群組、介紹高必要性培訓模組、協助提供計劃方法和決定時期的作業。Info-Tech提供簡單可訂製的素材,透過定期更新、豐富的顧客相關性情報,創造可反覆應用的培訓模組。

本研究報告優點

  • 判斷目前實施的培訓內容成熟度,找到需要加入培訓內容的議題。
  • 透過Info-Tech Research Group龐大的資料,開發培訓計畫提升末端使用者安全意識。
  • 確保培訓計畫符合法規及產業最佳範例。
  • 建立報告及評估系統以實現敏捷培訓方法。

Infor-Tech培訓計畫提供以下便利工具及模板。

  • 安全培訓計畫手冊 (.doc)
  • 評估安全文化成熟度及開發內容工具 (.xlsx)
  • 末端使用者安全知識測試模板 (.doc)
  • 末端使用者安全知識測試工具 (.xlsx)
  • 集團風險及脆弱評估工具 (.xlsx)
  • 安全意識和培訓末端使用者回饋模板 (.doc)
  • 安全意識和培訓遊戲化指南 (.doc)
  • 安全意識和培訓Roadmap工具和參加者追蹤工具 (.xlsx)
  • 情報安全意識和培訓方針 (.doc)
  • 末端使用者安全作業相關說明書模板 (.doc)

摘要整理

見解

  • 1. 目前進行的安全培訓未創造教育成效,反而令使用者訊息疲勞、無法吸收所需知識。
  • 2. 透過喚起安全性為個人及個別化議題,提升對該問題的關心、培養整體組織的安全意識,進而獲得推動實施培訓計畫的動力。

情況

  • 網路安全情況瞬息萬變,需要經常更新及改善安全培訓和安全意識培養計畫。
  • 網路攻擊者仍針對目前組織安全中最薄弱的末端使用者。

令情況更加困難的因素

  • 以培養安全意識為目的的培訓計畫,往往在促使末端使用者積極參與方面失敗。使培訓計畫停留在低知識水準。
  • 不合適或過時的培訓內容,無法適切推促末端使用者準備、並成功捍衛組織抵禦各種安全威脅。

解決方案

  • 透過建立一個培訓計畫更頻繁地提供縮小範圍的情報,降低勞力及末端使用者的培訓疲勞、改善培訓內容關聯性。
  • 持續評估及改善安全意識和培訓計畫,以維持最新培訓內容。活用末端使用者反饋內容,確保受訓者接收到有意義的內容。
  • 教導末端使用者如何防範未然辨識當前的網路攻擊,使其積極因應網路攻擊。
  • 透過使用Info-Tech培訓計畫和資料,建立一個訂製的培訓計畫並活用最佳範例。
目錄
Product Code: 76236

The cybersecurity landscape is changing faster than ever; can your organization keep up?

When building a security culture, organizations have traditionally focused on annual training that addresses all security threats and best practices. It was meant to cause the least friction for end users and show compliance with training requirements. However, as threats continue to evolve, this approach has become largely ineffective in ensuring that users are equipped with the correct knowledge to act securely.

The solution to this problem? Microlearning. This learning methodology consists of short, engaging, and highly effective training modules, and will allow companies to reduce training fatigue and increase engagement. It is no longer just the organization that is affected by cybersecurity. The growing personal exposure to technology has increased individual risk, making the organization's security training more relevant and important to end users.

Over 95% of all security incidents investigated recognized human error as a contributing factor.

50% of organizations' worst breaches were the result of inadvertent human error.

This research is designed for:

  • CISOs and security managers looking to introduce or improve their awareness and training program.
  • CIOs and IT managers looking to introduce or improve their awareness and training program.

This research will help you:

  • Determine your current training maturity level and identify the topics to cover in your training.
  • Improve your end users' security awareness through training developed using Info-Tech Research Group's extensive materials.
  • Ensure your training program is compliant with regulation and industry best practices.
  • Create a reporting and evaluation system to enable an agile training methodology.

Many employees have access to system networks that in turn can access confidential and sensitive information. It is important to educate these users on the best practices needed for them to protect both themselves and the organization from any potential threats or attacks.

Intruders are becoming more sophisticated and are using highly targeted social engineering attacks that are difficult to defend against. If you don't have a current security awareness and training program, it is time to join the 72% of large organizations and 68% of small organizations that conduct security training on an ongoing basis.

Info-Tech's training program manual will help you select which group of end users need training, outline what training modules are needed, determine how to deliver it, and determine when to deliver it.

Info-Tech will provide easily customizable materials that will be regularly updated to ensure you have the relevant information to keep iterating your training modules.

The Blueprint is accompanied with easy to use tools and templates including:

  • Security Training Program Manual (doc.)
  • Security Culture Maturity Assessment and Content Development Tool (xlsx)
  • End-User Security Knowledge Test Template (doc.)
  • End-User Security Knowledge Test Tool (xlsx)
  • Group Risk and Vulnerability Assessment Tool (xlsx)
  • Security Awareness and Training End-User Feedback Template (doc.)
  • Security Awareness and Training Gamification Guide (doc.)
  • Security Awareness and Training Roadmap Tool and Participant Tracker (xlsx)
  • Information Security Awareness and Training Policy (doc.)
  • End-User Security Job Description Template (doc.)

Executive Summary

Insight:

  • 1. Your security training is not creating education, it's creating information fatigue and therefore is not getting absorbed.
  • 2. By presenting security as a personal and individualized issue, you can make this new personal focus a driver for your organizational security awareness and training program.

Situation:

  • The fast evolution of the cybersecurity landscape requires security training and awareness programs that are frequently updated and improved.
  • Cyberattackers target your end users, who remain today's weakest link in organizational security.

Complication:

  • Security and awareness training programs often fail to engage end users. Lack of engagement can lead to low levels of knowledge retention.
  • Irrelevant or outdated training content does not properly prepare your end users to effectively defend the organization against security threats.

Resolution:

  • Create a training program that delivers smaller portions of information on a more frequent basis to minimize effort, reduce end-user training fatigue, and improve content relevance.
  • Evaluate and improve your security awareness and training program continuously to keep its content up to date. Leverage end-user feedback to ensure content remains relevant to those who receive it.
  • Teach end users how to recognize current cyberattacks before they fall victim, and turn them into active barriers against cyberattacks.
  • Use Info-Tech's blueprint and materials to build a customized training program that utilizes best practices.
Back to Top