相關主題
商品描述
Gain greater compliance with corporate training by addressing the heart of the very awareness vs. compliance problem: people are human. People have incredible strengths and incredible weaknesses, and as a Information Security professional, you need to recognize and devise training strategies that take advantage of both. This concise book introduces two such strategies, which combined, can take a security awareness program to the next level of effectiveness, retention, compliance, and maturity.
Security policies and procedures are often times inconvenient, technically complex, and hard to understand. Advanced Persistent Training provides numerous tips from a wide range of disciplines to handle these especially difficult situations.
Many information security professionals are required by regulation or policy to provide security awareness training within the companies they work for, but many believe that the resulting low compliance with training does not outweigh the costs of delivering that training. There are also many who believe that this training is crucial, if only it could be more effective.
What you will learn:
- Present awareness materials all year-round in a way that people will really listen.
- Implement a "behavior-first" approach to teaching security awareness.
- Adopt to gamification the right way, even for people who hate games.
- Use tips from security awareness leaders addressing the same problems you face.
Who is this book for
Security awareness professionals or IT Security professionals who are tasked with teaching security awareness within their organization.
商品描述(中文翻譯)
提升企業培訓的遵循度,需針對意識與遵循問題的核心進行處理:人是人。人擁有驚人的優勢和驚人的弱點,作為資訊安全專業人士,您需要認識到這一點並制定利用這兩者的培訓策略。本書簡明扼要地介紹了兩種策略,這兩者結合起來,可以將安全意識計劃提升到更高的有效性、保留率、遵循度和成熟度。
安全政策和程序往往不方便、技術上複雜且難以理解。《進階持續培訓》(Advanced Persistent Training)提供了來自各種領域的眾多建議,以應對這些特別困難的情況。
許多資訊安全專業人士因法規或政策要求,在其工作公司內提供安全意識培訓,但許多人認為,培訓的低遵循度並不值得付出這些培訓的成本。也有許多人認為這種培訓至關重要,只要它能更有效。
您將學到的內容:
- 全年以人們真正會聆聽的方式呈現意識材料。
- 實施「行為優先」的方法來教授安全意識。
- 以正確的方式採用遊戲化,即使對於討厭遊戲的人。
- 使用安全意識領導者提供的建議,解決您面臨的相同問題。
本書適合對象:
負責在其組織內教授安全意識的安全意識專業人士或資訊安全專業人士。
