One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8644790 |
| Date de publication | 2025-01-30 01:44:13 (vue: 2025-01-30 14:08:09) |
| Titre | DICE: An Evolution of the ACE Framework for Security Training |
| Texte | Three years ago, Proofpoint published a brief that describes a three-phase methodology for building an effective security awareness and training (SA&T) program. It\'s called the ACE framework. And the best time to use it is when you are building a robust, year-long curriculum that covers foundational cybersecurity topics. In other words, the ACE Framework is helpful for creating a proactive security awareness program in the sense that it\'s designed to meet learners where they are. It helps to advance their understanding of this complex domain. However, the threat landscaping is constantly evolving. Just in the past two years, we\'ve seen a rise in QR code phishing and the abuse of chatbots and large language models (LLMs). We also know that our employees are knowingly taking risky actions. So, how do we cope with these more transient and near-term security challenges? Our response is to evolve the ACE framework into what we refer to as the DICE framework. Here\'s what these two frameworks look like, how they relate to each other, and how to use them. ACE framework basics The ACE framework is a proactive approach to security training. Fundamentally, it has three phases: Assess. At the start, your learners get familiar with the subject by doing quizzes, using simulations, and taking surveys. Change Behavior. Interventions draw on learning principles from cognitive science. As such, they are meant to both increase a learner\'s understanding of security and motivate them to take the right action when it is required. Evaluate. In the final phase, you determine how effective the educational interventions have been. Once these steps are completed, the loop then restarts and continues all over again because, let\'s be honest, cybersecurity education is never complete. DICE: Taking the ACE framework to the next level As we looked to evolve the ACE framework, we split up its first phase, Assess, into two distinct processes: Detect and Intervene. Detect. This can mean detecting external threats or internal ones. When it\'s detecting external threats, it typically refers to those that target an individual, like a business email compromise email message, which is identified by Proofpoint Targeted Attack Protection. When it\'s detecting internal threats, it\'s often about identifying the behavior of an individual and deciding if it is either consistent with company policy (like reporting a phish) or inconsistent (like using an unapproved USB device). In this latter case, a data-loss prevention (DLP) violation will be triggered. Intervene. Once a risky behavior has been detected, it is time to intervene. Ideally, an intervention happens at the time of the incident. For example, a teachable moment will display after a learner fails a phishing simulation. Sometimes they happen a few days later. So, if a learner fails a phishing simulation, they are automatically assigned an anti-phishing training. The last two steps of the DICE framework largely follow the same pattern as the ACE framework. The evolution of ACE framework into the DICE framework. The Assess phase is split into the Detect and Intervene processes. The Change Behavior and Evaluate phases remain largely analogous. When to use DICE The DICE framework is more reactive than ACE in the sense that it addresses security-related issues that are happening in the moment. Moreover, DICE nicely aligns with a human risk management (HRM) approach to cybersecurity because the educational experience is continuous and driven by what the learner needs to know. What are the conditions under which the DICE framework is best applied? We recommend applying it when: 1. New threats are targeting your organization. In this case, you need to quickly bring people in your organization up to date with information that pertains to these types of attacks. You want to teach them: What to look for How to report it The consequences for falling for an attack 2. Unsecure behaviors are detected. This might be through Proofpoint services or third-party integrations |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | about abuse ace action actions addresses advance after again ago aligns all also analogous and/or anti applicable applied applying approach approaches are assess assigned attack attacks automatically awareness basics because been behavior behaviors best both brief bring building business called can case challenges change chatbots code cognitive company complementary complete completed complex compromise conclusion conditions consequences consistent constantly continues continuous cope core covers creating curriculum cybersecurity data date days deciding defensive describes designed detect detected detecting determine device dice dice: display distinct dlp doing domain draw driven each education educational effective either email employees evaluate evolution evolve evolving example experience external fails falling familiar final first follow foundational framework frameworks from fundamentally get happen happening happens has have helpful helps here honest how however hrm human ideally identified identifying immediately incident inconsistent increase individual information integrations internal intervene intervention interventions issues its job just know knowingly knowledge landscaping language large largely last later latter learn learner learners learning let level like llms long look looked loop loss management mean meant meet message methodology might models moment more moreover motivate near need needs never new next nicely nudge offensive often once ones ongoing organization other over party past pattern people pertains phase phases phases: phish phishing policy practices prevention principles proactive processes processes: program proofpoint protection provides published quickly quizzes reactive recommend reeducate refer refers relate related remain report reporting required response restarts result right rise risk risky robust sa&t same science securely security seen sense services simulation simulations sometimes split start steps subject such supplements surveys take taking target targeted targeting tasks teach teachable term than that them them: then these think third those threat threats three through time topics training transient triggered two types typically unapproved under understanding unsecure usb use using violation want way what when when: where which will words year years your |
| Tags | Threat |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.