Non-technical controls

You might feel that your security countermeasures are sufficient to see off any attack, but one weakness that they can’t defend against is the behaviour of your users.

Is human fallibility a risk you have to accept? Not entirely, there are other controls you can take to limit this risk, here’s an overview:

What are some other security controls?

Here are ways to mitigate risks that aren’t of a technical nature:

• Adding clauses to employment contracts to create security awareness.
• Creating security operating procedures.
• Providing staff training.
• Carrying out communication campaigns.

It also helps to have the security team staff able to be approached for help and support. These measures add a further layer of defence on top of the technical and software controls covered before. These extra measures aim to raise awareness, in order to promote user behaviours and attitudes that further reduce the risk of attack.

Keeping up to date

Another control is making sure that your systems are up to date. You’ve seen why patching is so important, but it’s surprising how many organisations don’t have a robust approach to updating their systems. A patching policy should include how patch notifications from vendors should be analysed the critical ones that affect security are applied as soon as possible.

You’ve now explored different types of cyber attack and covered a range of controls and countermeasures you can use to protect your systems. But what do you think are the most common security threats?

Make a list a of the top security threats, and then move on to the next step where a QA cyber-security trainer is going to give you a rundown of the top ten.