5.6 User Training

0.0(0)
studied byStudied by 0 people
GameKnowt Play
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/8

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

9 Terms

1
New cards

Security Awareness Training

Should be provided before users first connect to the network.

  • Often tailored to specific departments, since different roles have different security needs.

  • Should also extend to third parties like contractors or partners who access the network.

  • Keeping records of who has completed training ensures that everyone using the network has a basic understanding of IT security

2
New cards

Policy/Handbooks

Should be clearly documented and made easily accessible to every user in the company.

  • Should be available online through the company’s intranet and also included in the employee ____book.

  • Ensures that all security requirements are consistently referenced and understood by all employees

3
New cards

Situational Awareness

Constantly watching for threats during their work.

  • Includes being cautious of software attacks like suspicious email links, attachments, unusual URLs, or text messages.

  • Physical threats, such as unexpected USB drives sent in the mail or unlocked doors, also require vigilance.

  • If an official-looking envelope contains a USB drive, users should think carefully before connecting it to their computer

4
New cards

Insider threat

Users can be strong defenders of a network, but they can also pose threats, which are often hard to detect

  • Organizations need a multi-layered approach.

  • Critical system changes should require multiple approvals to prevent unauthorized actions.

  • Active file monitoring should be in place to alert the security team immediately if any important files are modified.

5
New cards

Password Management

Essential for user security and involves setting standards for strong passwords.

  • Often require passwords to meet specific criteria, such as minimum length and inclusion of complex characters.

  • Can be enforced administratively—for instance, in a Windows environment, group policies can be used to mandate password length and complexity

6
New cards

Removable Media & Cables

Plugging in unknown USB drives can introduce malware into a system.

  • When users are away from the office or home, they should avoid using untrusted cables to charge mobile devices, as these could be compromised and pose security threats.

7
New cards

Social Engineering

Users should be trained to recognize common social techniques.

  • Understand how these attacks work, can identify when they are being targeted, and know how to promptly report any suspicious activity to the IT security team.

8
New cards

Operational Security

Understanding security from an attacker’s viewpoint.

  • Users handling large volumes of data should recognize which information is sensitive and apply extra protections to secure that data against potential threats

9
New cards

Hybrid/Remote Work Environments

Introduces new security challenges.

  • Employees should never let family or friends use their work devices.

  • Additional endpoint security is often needed on these devices since they operate outside the office

  • Enhanced security measures, such as stronger VPN protections, are important to safeguard connections when working from home or other remote locations.

    Ask ChatGPT