Scribd Logo
Upload

Welcome to Scribd!

  • The Human Element in Cyber Security

    Uploaded by

    jhonramosdiocades
    32 views22 pages
    The human element in cyber security refers to human errors and behaviors that can increase cybersecurity risks, such as falling for phishing emails or misconfiguring cloud permissions. While deliberate attacks cannot be ignored, human mistakes are a significant source of breaches. To address this, organizations must understand human psychology and provide effective security training to employees. Training helps educate users on password management, incident response, secure communication best practices, and more to build a security-conscious culture and mitigate risks from the human element. Regular simulated attacks can also identify weaknesses to focus training.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The human element in cyber security refers to human errors and behaviors that can increase cybersecurity risks, such as falling for phishing emails or misconfiguring cloud permissions. While deliberate attacks cannot be ignored, human mistakes are a significant source of breaches. To address this, organizations must understand human psychology and provide effective security training to employees. Training helps educate users on password management, incident response, secure communication best practices, and more to build a security-conscious culture and mitigate risks from the human element. Regular simulated attacks can also identify weaknesses to focus training.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    32 views22 pages

    The Human Element in Cyber Security

    Uploaded by

    jhonramosdiocades
    The human element in cyber security refers to human errors and behaviors that can increase cybersecurity risks, such as falling for phishing emails or misconfiguring cloud permissions. While deliberate attacks cannot be ignored, human mistakes are a significant source of breaches. To address this, organizations must understand human psychology and provide effective security training to employees. Training helps educate users on password management, incident response, secure communication best practices, and more to build a security-conscious culture and mitigate risks from the human element. Regular simulated attacks can also identify weaknesses to focus training.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 22

    The Human

    Element in
    Cyber
    Security
    PSYCHOLOGY
    and
    TRAINING
    The human element in
    cyber security
    Is less about the deliberate criminal action of
    insiders than innocent mistakes made by
    people who fail to apply basic controls such
    as limiting permissions on cloud database, or
    who fall prey to seemingly legitimate e-
    mails that fool them into clicking on
    malicious links.

    2
    The human element
    in cyber security The human element in cyber security is
    crucial and it involves both psychology
    and training. Understanding human
    behavior and psychology is essential for
    designing effective security measures.
    Training employees and users to recognize
    threats, practice good security habits, and
    stay vigilant is equal important to mitigate
    risk.
    This includes pishing
    awareness, password
    management, and creating
    security conscious culture
    within organizations.
    3
    W ha t c a n
    • The simplest approach is to educated end-users about the human
    be done? element in cyber security. At work, employees need to be aware of the
    risk of the clicking om links and emails from unknown senders or
    senders masquerading as known source through techniques like address
    spoofing. And managers need to stress the importance of employees
    vigilance 4
    STATISTICS
    Verizon's 2020 Data Breach Report ranked mis-delivery and
    misconfiguration—inadvertent exposures of data caused by
    human error—as the third and fourth most common causes
    of breaches in 2020, respectively, up from sixth and eighth
    places in 2015.
    Human factors of cyber security have been behind some of
    Cyberbreaches
    the biggest data security statistics
    in recent memory.
    6
    5
    5
    4 4.3 4.4 4.5
    3 3.5
    3 2.8
    2 2.4 2.5
    2 2 1.8
    1
    0
    Category 1 Category 2 Category 3 Category 4

    Series 1 Series 2 Series 3


    Tuesday, February 2, 20XX Sample Footer Text 5
    Simulated Attacks
    IT organizations can go beyond education, though. By periodically
    conducting simulated phishing attacks, they can pinpoint the most
    vulnerable users and single them out for education.
    Consider setting up a dedicated
    internal email account, and invite
    users to forward suspicious emails to
    be checked before taking action
    upon them.
    Tuesday, February 2, 20XX
    Misconfiguration
    Education is also needed to avoid
    misconfiguration risks. Organizations
    have eagerly embraced cloud platforms
    to give users more control over their
    computing needs, but many have not
    provided sufficient training about the
    shared responsibility model that is
    common to most cloud platform
    providers.

    Tuesday, February 2, 20XX


    IT organizations can also work more closely with their
    cloud providers to improve visibility into what users are
    doing with their accounts. IT organizations can also take
    the simple step of implementing multi-factor
    authentication on cloud accounts so that precious data
    isn't protected by an easily guessed password.

    IT organizations can also work more closely with their


    cloud providers to improve visibility into what users are
    doing with their accounts. IT organizations can also take
    the simple step of implementing multi-factor
    authentication on cloud accounts so that precious data
    isn't protected by an easily guessed password.
    Investing in
    the right
    technology
    Organizations should have an incident response plan in
    place, so IT administrators and security professionals can
    quickly bring resources to bear to mitigate the impact of an
    attack once it begins. Likewise, consider learning more
    about cyber risk monitoring services and how they can find
    and report on the biggest gaps in a company's security,
    including its employees.
    9
    Psychology plays a significant
    role in cyber security

    USER
    HUMAN
    BEHAVIOR
    ERROR
    COGNITIVE SOCIAL
    BIASES ENGINEERING

    PSYCHOLOGICAL
    Tuesday, February 2, 20XX Sample Footer Text
    RESILIENCE 10
    TRAINING is a vital component of
    addressing the human element in cyber
    security. Here’s how training plays a
    crucial role:

    Sample Footer Text


    Tuesday, February 2, 20XX 11
    PHISING AWARENESS

    Training programs educate users about the dangers of


    phishing emails and how to recognize them. This
    includes teaching them to scrutinize email content,
    sender information and URLs.

    Tuesday, February 2, 20XX Sample Footer Text 12


    PASSWORD
    MANAGEMENT

    Users are trained on creating a strong passwords, using


    password managers and avoiding password-related
    pitfalls like password sharing or writing them down.

    Tuesday, February 2, 20XX Sample Footer Text 13


    SECURITY POLICIES

    Training reinforces organizational policies, ensuring


    that employees understand the rules and expectations
    for handling sensitive data, accessing company system
    and using secure communication channels.

    Tuesday, February 2, 20XX Sample Footer Text 14


    INCIDENT RESPONSE

    Employees are trained on how to report security


    incidents promptly and correctly. This help in quick
    identification and mitigation of potential threats.

    Tuesday, February 2, 20XX Sample Footer Text 15


    SECURE
    COMMUNICATION

    Training emphasizes the importance of secure


    communication methods such as encrypted email and
    messaging, for protecting sensitive information.

    Tuesday, February 2, 20XX Sample Footer Text 16


    CYBER HYGIENE

    Users learn best practices for maintaining good cyber


    hygiene, such as keeping software up to date, avoiding
    suspicious downloads, and regularly backing-up data

    Tuesday, February 2, 20XX Sample Footer Text 17


    SIMULATED
    ATTACKS

    Organization often conduct simulated phishing or


    cyber security exercises to test employee’s responses
    and further improve their training.

    Tuesday, February 2, 20XX Sample Footer Text 18


    ROLE SPECIFIC
    TRAINING

    Different roles within organization may require


    specialized training to address specific cyber security
    risk or compliance requirements.

    Tuesday, February 2, 20XX Sample Footer Text 19


    CONTINUOUS
    LEARNING

    Cyber threats evolve constantly, so ongoing training


    and awareness programs ensure that employees stay
    up-to-date with the lates security trends and best
    practices.

    Tuesday, February 2, 20XX Sample Footer Text 20


    Training is proactive measure that helps

    Summary empower individuals to become the first


    line of defense against cyber threats,
    making them more aware, vigilant, and
    capable of safeguard their organization’s
    digital assets.

    Tuesday, February 2, 20XX Sample Footer Text 21


    Thank You
    Presenter name:

    1. JOSEPH FREY R.
    DIOCADES

    2. ANGELA ALBERTO

    3. ARNEL EMPERADO

    ADVISER:

    MR. MARK JOHN SALAO

    Tuesday, February 2, 20XX Sample Footer Text 22

    You might also like