ch14 - Computer Security Principles and Practice Chapter 14...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 14 Chapter 14 Human Factors Human Factors
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 Human Factors important, broad area consider a few key topics: security awareness, training, and education organizational security policy personnel security E-mail and Internet use policies
Background image of page 2
3 Security Awareness, Training, and Education prominent topic in various standards provides benefits in: improving employee behavior increasing employee accountability mitigating liability for employee behavior complying with regulations and contractual obligations
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 Learning Continuum
Background image of page 4
5 Awareness seeks to inform and focus an employee's attention on security issues threats, vulnerabilities, impacts, responsibility must be tailored to organization’s needs using a variety of means events, promo materials, briefings, policy doc should have an employee security policy document
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
6 Training teaches what people should do and how they do it to securely perform IS tasks encompasses a spectrum covering: general users good computer security practices programmers, developers, maintainers security mindset, secure code development managers tradeoffs involving security risks, costs, benefits executives risk management goals, measurement, leadership
Background image of page 6
7 Education most in depth targeted at security professionals whose jobs require expertise in security more employee career development often provided by outside sources college courses specialized training programs
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
8 Organizational Security Policy “formal statement of rules by which people given access to organization's technology and information assets must abide” also used in other contexts
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 02/05/2011 for the course CS 2105 taught by Professor Ana during the Fall '09 term at National University of Singapore.

Page1 / 25

ch14 - Computer Security Principles and Practice Chapter 14...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online