Personnel are often the weakest link in the security chain. In this video, Mike Chapple explains how cybersecurity professionals can improve personnel security through addressing policy violations, understanding the insider threat, and managing the use of
- [Instructor] Personnel are often the weakest link in the security chain. And personnel security should be an important part of the foundation of any cybersecurity program. In my Security+ Risk Management course, you'll learn about the importance of having strong security policies that clearly outline expectations for individual behavior, as well as the consequences for failing to comply with policy. Personnel security programs should be built upon educating employees about these policies and their individual roles in protecting the enterprise.
As you build your personnel security program, you should design explicit procedures that describe how you will handle violations of security policy. This is often a tricky situation that requires coordination between cybersecurity teams, managers throughout the organization, the legal team, and the human resources department. You should never approach an individual about a policy violation without first consulting with management. You might wind up causing more trouble than you expected.
One of the specific issues that you should address is the use of personal resources on company premises and with corporate data. You'll want to clearly identify whether it is appropriate to use personal computers, personal email or Cloud service accounts, and personal mobile devices for these purposes. If you allow the use of personal resources, you should have procedures for vetting those uses to ensure that they comply with security policies and remain in compliance over time. You'll also need to arm your staff with the knowledge that they need to protect themselves.
In my Security+ Threats, Attacks, and Vulnerabilities course, you learned all about the risks of social engineering. Education is the best preventative tool to protect your team from falling victim to these attacks. Finally, you have to remember that not every employee has your organization's best interests at heart. Insider attacks are a source of many very damaging security breaches. When someone violates your trust, the impact can be devastating.
Verizon recently released a report analyzing a year's worth of data breaches around the world, and they found that a quarter of all security breaches were the result of the insider threat. You can protect your organization from the insider threat by performing strong and consistent background checks of new employees. I'll talk more about those later in this course. You can also implement careful monitoring processes, provide managers with training to help them identify disgruntled employees and intervene before something bad happens, and you can deploy data loss prevention technology that watches for unauthorized data exfiltration.
Protecting against personnel security threats can be very tricky, but it is an important component of any cybersecurity program.
Looking for study partners?Join the CompTIA Security+ SY0-501 Exam study group
Earning the CompTIA Security+ certification can help kick-start your career in information security. This course—the second installment in a series readying you for version SY0-501 of the CompTIA Security+ exam—prepares you to tackle the Technologies and Tools domain. Instructor Mike Chapple—an IT leader with over 15 years of experience—covers key topics, including how to install network components that can help support enterprise security, leverage security and monitoring technologies, troubleshoot security issues, improve the security of mobile devices, and secure common protocols. Visit certmike.com to join one of his free study groups.
We are a CompTIA Content Publishing Partner. As such, we are able to offer CompTIA exam vouchers at a 10% discount. For more information on how to obtain this discount, please download these PDF instructions.
- IP addresses
- Routers, switches, and bridges
- VPNs and VPN concentrators
- Network intrusion detection and prevention
- Managing secure networks
- Tuning and configuring SIEMs
- Troubleshooting digital certificates
- Personnel, host, and mobile device security
- Mobile device management and tracking
- Securing common protocols
Skill Level Beginner
IT Security Foundations: Core Conceptswith Lisa Bock1h 13m Beginner
Insights from a Cybersecurity Professionalwith Mike Chapple32m 15s Intermediate
1. TCP/IP Suite
2. Network Security Devices
3. Managing Secure Networks
4. Wireless Networking
5. Security and Monitoring Technologies
6. Security Assessment Tools
7. Security Troubleshooting
8. Personnel Security
9. Host Security
10. Mobile Device Security
11. Securing Protocols
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.