Security Awareness Training

Print this Page	glossary of terms	Security Awareness Training (SAT)	table of contents	Close this Page

Security Awareness Training:

1. Every company has a legal obligation to provide regular Security Awareness Training.

Policy:

1. Understand the threat, manage the risk and eliminate the root cause.

2. Eliminate the need for application programs to be downloaded and patched.

3. Fully automate the patching of system software and stop all other patching.

4. Provide professional Business Message Services to replace public email services so business data cannot be leaked.

5. Use many single purpose computing devices rather than general purpose computers.

6. A computer used for email must not be used for browsing or any other purpose.

7. A computer used to process business data must not be used for email or browsing.

8. Re-image every computer back to factory settings every few months.

Action Plan:

1. Train people to identify email phishing attacks.

2. Train people to identify web surfing attacks.

3. Prevent data loss by email.

4. Eliminate malware being introduced.

5. Eliminate spam messages before they are processed.

6. Eliminate ransomware from being executed.

7. Eliminate data loss by attachment to wrong person.

Cyber War:

1. Training people at induction time only is not good enough - regular re-training is mandated.

2. Make a big example of those that get things wrong by misusing social media.

Phishing:

1. Train people to understand that the majority of messages (by phone or email) are phishing attacks.

2. Ensure that people who deal with phone calls and emails from the public do not have access to any business information that could be leaked.

2. Ensure that people who have access to business information do not need to deal with the public where they could leak some business information.

Ransomware:

1. Ransonware is growing and will keep on growing because companies are not eliminating the root cause.

2. The root cause is downloaded applications programs - every application program has vulnerabilities that will be exploited by criminals.

Anti-Virus:

1. Anti-Virus is the classic confidence trick of deliberatly creating and publicising a threat and then selling a solution to the threat.

2. It is in the interests of every anti-virus vendor to keep on creating viruses, trojans and othe rmalware and then cleverly creating expensive solutions to discover such malware.

3. Where the origin of malware is eliminated by never downloading any application programs and never downloading any emails, then malware can never get to a computer and anti-virus is not needed.

4. Eliminate the root cause, rather than spending on more application programs to detect the malware downloaded with other application programs.

Email Attachment Leak:

1. Eliminate the threat of a data breach by attaching a business document to an email and sending it to the wrong "jane".

2. Stop using email services that are no longer fit for purpose and start using Business Message Services that are safe and can be expired after they are sent in error.

Document Control:

1. Document Title: Security Awareness Training.

2. Description: Security Awareness Training.

3. Keywords: Security Awareness Training.

4. Privacy: Shared with approved people for the benefit of humanity.

5. Edition: 1.2.

6. Issued: 24 Jan 2018.