1. Home
  2. Training Library
  3. Module 4 - Procedural and People Security Controls

Module 4 - Procedural and People Security Controls

Developed with
QA

Contents

keyboard_tab
Module 4 - Procedural and People Security Controls
2
People Security
PREVIEW8m 30s

The course is part of this learning path

play-arrow
Introduction to Procedural and People Security Controls
Overview
DifficultyBeginner
Duration37m
Students124
Ratings
5/5
starstarstarstarstar

Description

This course looks at ways in which the threats and vulnerabilities associated with the people who use IT systems can be mitigated. It highlights the important people security implications and how a security culture can be developed, then it investigates how user access controls can be effectively integrated with IT systems. Finally, it looks at the role of security training and awareness.

Learning Objectives

The objectives of this course are to provide you with and understanding of:

  • The people threats facing organizations and the importance of a security culture
  • Practical people controls, including employment contracts, service contracts, codes of conduct and acceptable use policies
  • Access controls, including authentication and authorization, passwords, tokens and biometrics
  • The importance of data ownership, privacy; access points, identification and authentication mechanisms, and information classification
  • How organizations can raise security awareness and the different approaches to deliver security-related training

Intended Audience

This course is ideal for members of information security management teams, IT managers, security and systems managers, information asset owners and employees with legal compliance responsibilities. It acts as a foundation for more advanced managerial or technical qualifications.

Prerequisites

There are no specific pre-requisites to study this course, however, a basic knowledge of IT, an understanding of the general principles of information technology security, and awareness of the issues involved with security control activity would be advantageous.

Feedback

We welcome all feedback and suggestions - please contact us at support@cloudacademy.com if you are unsure about where to start or if would like help getting started.

Transcript

Welcome to the Procedural and People Security Controls Learning Path.

 

Often the most vulnerable aspects of an IT system aren’t the most obvious ones. Typically, an organization protects its borders with firewalls, content checkers and intrusion prevention systems; workstations are protected with antivirus products and audit systems; and servers have integrity and backup solutions as well as access control systems and delegated rights for administrators.

 

However, all these systems are open to exploitation if the people using, administrating or relying on them don’t follow the correct procedures.

 

This Learning Path looks at ways in which the threats and vulnerabilities associated with the people who use IT systems can be mitigated.

 

It has three videos:

·        The first highlights the important people security implications and how a security culture can be developed;

·        The second video then investigates how user access controls can be effectively integrated with IT systems; and

·        And finally, the third video looks at the role of security training and awareness.

 

The videos are supported by quizzes for you to check your understanding as you work through them.

 

 

 

About the Author
Students821
Courses11
Learning paths2

Fred is a trainer and consultant specializing in cyber security.  His educational background is in physics, having a BSc and a couple of master’s degrees, one in astrophysics and the other in nuclear and particle physics.  However, most of his professional life has been spent in IT, covering a broad range of activities including system management, programming (originally in C but more recently Python, Ruby et al), database design and management as well as networking.  From networking it was a natural progression to IT security and cyber security more generally.  As well as having many professional credentials reflecting the breadth of his experience (including CASP, CISM and CCISO), he is a Certified Ethical Hacker and a GCHQ Certified Trainer for a number of cybersecurity courses, including CISMP, CISSP and GDPR Practitioner.