In addition to understanding how strong security habits can improve information security, users should also understand how attackers target users to undermine an organization’s security. In this video, learn about common user-based threats that may be combatted with strong security awareness and training programs. These include advanced persistent threats (APTs), zero-days, new viruses, and phishing attacks.
- [Instructor] In addition to understanding…how strong security habits can improve information security,…users should also understand how attackers target users…to undermine an organization's security.…Security education programs should include…coverage of user-based security threats.…Phishing is one of the most common…user-based threats facing organizations.…In a phishing attack,…attacker send legitimate-looking messages…to end users, seeking to get them…to disclose sensitive information…or perform another action that undermines security.…
These messages can appear very realistic,…using corporate logos and terminology.…The example phishing message shown here…was used to impersonate Citibank.…While phishing uses messages targeted at end users,…it's only one example of a category of attacks…known as social engineering.…In social engineering, attackers attempt…to manipulate individuals into undermining security.…Security awareness efforts should inform users…that social engineering isn't limited to email…and that they should be wary of suspicious requests…
To join one of Mike's free study groups for access to bonus tips and practice questions, visit certmike.com.
- The security triad: confidentiality, integrity, and availability
- Security principles
- Resource security
- Data security
- Security controls
- Assessing security controls
- Security policy
- Physical security
Skill Level Intermediate
Q: This course was updated on 05/18/2018. What changed?
A: New videos were added that cover software licensing. In addition, the following topics were updated: integrity, leveraging industry standards, data encryption, security control selection and implementation, audits and assessments, security policy framework, security policy training and procedures, and ethics.
Insights from a Cybersecurity Professionalwith Mike Chapple32m 15s Intermediate
1. The Security Triad
2. Security Principles
3. Resource Security
4. Data Security
5. Data Security Controls
6. Security Controls
Control frameworks3m 55s
7. Assessing Security Controls
8. Security Policy
9. Awareness and Training
10. Physical Security
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.