1. Home
  2. Training Library
  3. Procedural and people security [CISMP]

A security culture protects

A security culture protects

In September 2021, an article was shared by the BBC with the headline ‘Fraudsters steal £4m a day as crime surges’.

Digital and phone-based impersonation scams were shown to have risen 123% from the previous year, and push payments (when victims think they’re paying a genuine organisation) rose by 71%. It’s clear that we’re living in an era where our online security needs to be more robust than ever, and we can do our part by following procedures outlined by experts such as the National Cyber Security Centre (NCSC).

The online threat

Figure 1:Online threat

Basic diagram showing elements of the online threat affecting the user: Phishing, Pretext and Malware which the user risks when using phone, laptop or tablet.

Let’s look at the inherent threat posed by an individual’s online presence. Most people are online at home and at work. Not only does that mean their personal and sensitive information is at risk, but it also means that confidential organisation information could be at risk if they don’t remain vigilant and follow the correct procedures. 

Social engineering describes how hackers use deception to manipulate individuals into divulging confidential or personal information which they’ll use for fraudulent purposes. They might adopt what’s known as a pretext, which is pretending to be somebody they’re not to convince the end-user to give them vital clues which enable them to gain access to the system they’re targeting.  

In order to counter this threat, the information security officer needs to publicise corporate policies that encourage a culture of security, and senior management support is essential to reinforce this. Not only this, but a ‘security mindset’ needs to be engendered in every individual who works in and for the organisation, with regular procedural updates and fresher items shared. 'If you see something then say something' should be a company motto.

What's next?

Next up, you’re going to take a closer look at threats and vulnerabilities associated with people. Human error is inevitable, but what can be put in place to support it?

Difficulty
Beginner
Duration
45m
Students
67
Ratings
5/5
starstarstarstarstar
Description

Procedural and people security is a key part of Information Assurance. Threats are not only external; they may also originate with or involve staff/ex-staff members. Therefore, it’s essential that all staff follow correct policies and procedures so they foster an appropriate security culture.

About the Author
Students
29680
Labs
125
Courses
1418
Learning Paths
37

A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.