Non-technical controls
You might feel that your security countermeasures are sufficient to see off any attack, but one weakness that they can’t defend against is the behaviour of your users.
Is human fallibility a risk you have to accept? Not entirely, there are other controls you can take to limit this risk, here’s an overview:
What are some other security controls?
Here are ways to mitigate risks that aren’t of a technical nature:
- Adding clauses to employment contracts to create security awareness.
- Creating security operating procedures.
- Providing staff training.
- Carrying out communication campaigns.
It also helps to have the security team staff able to be approached for help and support. These measures add a further layer of defence on top of the technical and software controls covered before. These extra measures aim to raise awareness, in order to promote user behaviours and attitudes that further reduce the risk of attack.
Keeping up to date
Another control is making sure that your systems are up to date. You’ve seen why patching is so important, but it’s surprising how many organisations don’t have a robust approach to updating their systems. A patching policy should include how patch notifications from vendors should be analysed the critical ones that affect security are applied as soon as possible.
You’ve now explored different types of cyber attack and covered a range of controls and countermeasures you can use to protect your systems. But what do you think are the most common security threats?
Make a list a of the top security threats, and then move on to the next step where a QA cyber-security trainer is going to give you a rundown of the top ten.
In this course on malicious software, you will learn about the various types of malicious code in detail, contrast the different types before looking at look at the countermeasures used to combat them. You’ll also encounter non-technical controls and see the OWASP top 10 security threats.
A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.