Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
en:it-security:blog:awareness [2023/12/02 23:23] psycoreen:it-security:blog:awareness [2024/08/02 12:33] (current) psycore
Line 1: Line 1:
 ~~NOTOC~~ ~~NOTOC~~
 +{{tag>francais it-security blog awareness}}
 ====== The importance of awareness in IT security ====== ====== The importance of awareness in IT security ======
  
 ===== Introduction ===== ===== Introduction =====
  
-{{ it-security:blog:internet-3484137_640.jpg?400}} Phrases such as "it was the stupid user's fault" or "end users are just too stupid" are very common when it comes to IT security. +Phrases such as "it was the stupid user's fault" or "end users are just too stupid" are very common when it comes to IT security. However, this idea is fundamentally wrong. If users don't know things, the fault lies with IT security management. 
-However, this idea is fundamentally wrong. If users don't know things, the fault lies with IT security management.+ 
 +{{ it-security:blog:internet-3484137_640.jpg?400}}
  
 ===== Errors in IT security management ===== ===== Errors in IT security management =====
  
-A large focus is often placed on technical security solutions. High costs are incurred in order to integrate technically complex software into the company. +A large focus is often placed on technical security solutions. High costs are incurred in order to integrate technically complex software into the company. Then you feel safe, but wake up one morning to find that despite all the technology, you have been compromised.
-Then you feel safe, but wake up one morning to find thatdespite all the technology, you have been hacked.+
  
-==== What happened? ====+==== What has happened? ====
  
-Despite all the technical measures, the network was compromised. This was triggered by double-clicking on an ISO file that was sent as an attachment in an email. +Despite all the technical measures, the network was compromised. The trigger was double-click on an ISO file that was sent as an attachment in an email. Windows integrated it and the malware was able to spread.
-Windows integrated it and the malware was able to spread.+
  
 === Old attack methods === === Old attack methods ===
Line 31: Line 30:
  
 ^ Technology ^ Process ^ People ^ ^ Technology ^ Process ^ People ^
-| EDR, SOC | Guidelines, management systems | Awareness |+| [[wpde>Endpoint_Detection_and_Response|EDR]][[wpde>Security_Operations_CenterSOC]] | Guidelines, management systems | Awareness |
  
 In our case, no emphasis was placed on awareness or sensitisation, as users are "stupid". This is a fatal misconception. "Stupid" and ignorant are fundamentally different things. In our case, no emphasis was placed on awareness or sensitisation, as users are "stupid". This is a fatal misconception. "Stupid" and ignorant are fundamentally different things.