One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 430861 |
| Date de publication | 2017-11-10 16:37:41 (vue: 2017-11-10 16:37:41) |
| Titre | NBlog November 10 - one step at a time |
| Texte |  This colorful image popped onto my screen as I searched our stash of security awareness content for social engineering-related graphics. It's a simple but striking visual expression of the concept that security awareness is not the ultimate goal, but an important step on the way towards achieving a positive outcome for the organization. A major part of the art of raising awareness in any area is actively engaging with people in such a way that they think and behave differently as a result of the awareness activities. For some people, providing cold, hard, factual information may be all it takes, which even the most basic awareness programs aim to do. That's not enough for the majority though: most of us need things to be explained to us in terms that resonate and motivate us to respond in some fashion. In physical terms, we need to overcome inertia. In biology, we need to break bad habits to form better ones.Social engineering is a particular challenge for awareness since scammers, fraudsters and other social engineers actively exploit our lack of awareness or (if that fails) subvert the very security mechanisms we put in place. "Your password has expired: pick a new one now to avoid losing access to your account!" is a classic example used by many a phisher. It hinges on tricking victims into accepting the premise (password expired) at face value and taking the easy option, clicking a link that leads them to the phisher's lair while thinking they are going to a legitimate password-change function. Our raising awareness of the need to choose strong passwords may be counterproductive if employees unwittingly associate phishing messages with user authentication and security!Part of our awareness approach in December's NoticeBored materials on social engineering will be to hook-in to our natural tendency to notice something amiss, something strange and different. Humans are strong at spotting patterns at a subconscious level. For instance, did you even notice the gradation from red to green on the ladder image? That was a deliberate choice in designing the image, a fairly crude and obvious example ... once it has been pointed out anyway! See if you can spot the other, more subtle visual cues (and by all means email me to see what you missed!). |
| Envoyé | Oui |
| Condensat | a for that there those abnormal about accepting access account achieving action actively activities actual advice aim alert all amiss among any anyway approach are area art aspects associate attacks authentication automatic avoid awareness bad barely basic been behave behaviors better biology bombarded break briefly bring bust buster busters but call camouflaged can catch challenge change choice choose classic clicking closing coincidences cold colorful concept concerning concerns conscious content could counterproductive crises crude cues currently dangers december deliberate describe described describing designing did difference different differently distinctive each easy efficient either email employees encouraging/promoting engaging engineering engineers enjoy enough especially even example expectations experience expired expired: explain explained exploit expression extra eye face facing factual failing fails fairly fashion find fits five flow flukes food form frauds fraudsters from front function genuine goal going gradation graphics grasses green guidance habits hard harmful has help hinges hold home hook hope how howl humans hyenas identify image important incidents including inertia information instance interpret item jungle just lack ladder lair leads leaflets learned legitimate less level life link lion literally little losing lurking major majority make many materials may means mechanisms memory messages might minds missed more most mostly motivate motivational must natural nblog need new normal not notice noticebored november now obvious occasional once one ones onto option organization other others out outcome overcome pack page page: part particular password passwords pattern patterns people perhaps person personal phisher phishing physical pick place point pointed pointing pop popped popping positive potentially precious premise prior programs providing put quick raising rather react readers reading real recognition red reflexes reflexive rehearsal reinforcement related relation remarkable repetition resonate respond responses result rotten routinely safety save say scam scammers scams screen searched security see senses side significance similar simple since single situations skim skins smells social some something sometimes special spot spotting starts stash step strange striking strong subconscious subtle subvert such suite supplement takes taking tendency terms them themselves theoretical there thereof these things think thinking though though: thoughts threaten threatening threats through time towards tricking true two ultimate unwittingly used user value variants very victims visual way well what when which will win working world your |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.