Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
en:it-security:blog:awareness [2023/11/09 14:20] – created psycoreen:it-security:blog:awareness [2024/08/02 12:33] (current) psycore
Line 1: Line 1:
 +~~NOTOC~~
 +{{tag>francais it-security blog awareness}}
 ====== The importance of awareness in IT security ====== ====== The importance of awareness in IT security ======
  
Line 4: Line 6:
  
 Phrases such as "it was the stupid user's fault" or "end users are just too stupid" are very common when it comes to IT security. However, this idea is fundamentally wrong. If users don't know things, the fault lies with IT security management. Phrases such as "it was the stupid user's fault" or "end users are just too stupid" are very common when it comes to IT security. However, this idea is fundamentally wrong. If users don't know things, the fault lies with IT security management.
 +
 +{{ it-security:blog:internet-3484137_640.jpg?400}}
  
 ===== Errors in IT security management ===== ===== Errors in IT security management =====
  
-A large focus is often placed on technical security solutions. High costs are incurred in order to integrate technically complex software into the company. Then you feel safe, but wake up one morning to find thatdespite all the technology, you have been [[it-security:glossary:b:breach|breached]].+A large focus is often placed on technical security solutions. High costs are incurred in order to integrate technically complex software into the company. Then you feel safe, but wake up one morning to find that despite all the technology, you have been compromised.
  
-==== What happened? ====+==== What has happened? ====
  
-Despite all the technical measures, the network was compromised. This was triggered by double-clicking on an ISO file that was sent as an attachment in an email. Windows integrated it and the malware was able to spread.+Despite all the technical measures, the network was compromised. The trigger was double-click on an ISO file that was sent as an attachment in an email. Windows integrated it and the malware was able to spread.
  
 === Old attack methods === === Old attack methods ===
Line 26: Line 30:
  
 ^ Technology ^ Process ^ People ^ ^ Technology ^ Process ^ People ^
-| [[it-security:glossary:e:edr|EDR]], [[it-security:glossary:s:soc|SOC]] | Guidelines, management systems | [[it-security:glossary:a:awareness|Awareness]] |+| [[wpde>Endpoint_Detection_and_Response|EDR]], [[wpde>Security_Operations_CenterSOC]] | Guidelines, management systems | Awareness |
  
 In our case, no emphasis was placed on awareness or sensitisation, as users are "stupid". This is a fatal misconception. "Stupid" and ignorant are fundamentally different things. In our case, no emphasis was placed on awareness or sensitisation, as users are "stupid". This is a fatal misconception. "Stupid" and ignorant are fundamentally different things.
Line 35: Line 39:
  
 However, awareness should also be situation-based. In the event of new threats, for example, rapid communication and education should take place in order to be able to react quickly to dangers. However, awareness should also be situation-based. In the event of new threats, for example, rapid communication and education should take place in order to be able to react quickly to dangers.
 +
 +----
 +[[https://pixabay.com/de/users/geralt-9301/?utm_source=link-attribution&utm_medium=referral&utm_campaign=image&utm_content=3484137|Grafik by Gerd Altmann]]