Cybersecurity All-in-One For Dummies

Title Page
Copyright Page
Table of Contents
Introduction
About This Book
Foolish Assumptions
Icons Used in This Book
Beyond the Book
Where to Go from Here
1 Cybersecurity Basics
Chapter 1 What Exactly Is Cybersecurity?
Cybersecurity Means Different Things to Different Folks
Cybersecurity Is a Constantly Moving Target
Technological changes
Digital data
The Internet
Cryptocurrency
Mobile workforces and ubiquitous access
Smart devices
Big data
The COVID-19 pandemic
Social shifts
Economic model shifts
Political shifts
Data collection
Election interference
Hacktivism
Greater freedom
Sanctions
New balances of power
Looking at the Risks Cybersecurity Mitigates
The goal of cybersecurity: The CIA Triad
From a human perspective
Chapter 2 Getting to Know Common Cyberattacks
Attacks That Inflict Damage
Denial-of-service (DoS) attacks
Distributed denial-of-service (DDoS) attacks
Botnets and zombies
Data destruction attacks
Is That Really You? Impersonation
Phishing
Spear phishing
CEO fraud
Smishing
Vishing
Pharming
Whaling: Going for the “big fish”
Messing around with Other People’s Stuff: Tampering
Captured in Transit: Interception
Man-in-the-middle attacks
Taking What Isn’t Theirs: Data Theft
Personal data theft
Business data theft
Data exfiltration
Compromised credentials
Forced policy violations
Cyberbombs That Sneak into Your Devices: Malware
Viruses
Worms
Trojans
Ransomware
Scareware
Spyware
Cryptocurrency miners
Adware
Blended malware
Zero-day malware
Fake malware on computers
Fake malware on mobile devices
Fake security subscription renewal notifications
Poisoned Web Service Attacks
Network Infrastructure Poisoning
Malvertising
Drive-by downloads
Stealing passwords
Exploiting Maintenance Difficulties
Advanced Attacks
Opportunistic attacks
Targeted attacks
Blended (opportunistic and targeted) attacks
Some Technical Attack Techniques
Rootkits
Brute-force attacks
Injection attacks
Cross-site scripting
SQL injection
Session hijacking
Malformed URL attacks
Buffer overflow attacks
Chapter 3 The Bad Guys You Must Defend Against
Bad Guys and Good Guys Are Relative Terms
Bad Guys Up to No Good
Script kiddies
Kids who are not kiddies
Terrorists and other rogue groups
Nations and states
Corporate spies
Criminals
Hacktivists
Terrorists
Rogue insiders
Cyberattackers and Their Colored Hats
How Cybercriminals Monetize Their Actions
Direct financial fraud
Indirect financial fraud
Profiting off illegal trading of securities
Stealing credit card, debit card, and other payment-related information
Stealing goods
Stealing data
Ransomware
Cryptominers
Not All Dangers Come From Attackers: Dealing with Nonmalicious Threats
Human error
Humans: The Achilles’ heel of cybersecurity
Social engineering
External disasters
Natural disasters
Pandemics
Environmental problems caused by humans
Cyberwarriors and cyberspies
The impotent Fair Credit Reporting Act
Expunged records are no longer really expunged
Social Security numbers
Social media platforms
Google’s all-knowing computers
Mobile device location tracking
Defending against These Attackers
2 Personal Cybersecurity
Chapter 1 Evaluating Your Current Cybersecurity Posture
Don’t be Achilles: Identifying Ways You May Be Less than Secure
Your home computer(s)
Your mobile devices
Your Internet of Things (IoT) devices
Your networking equipment
Your work environment
Identifying Risks
Protecting against Risks
Perimeter defense
Firewall/router
Security software
Your physical computer(s) and any other endpoints
Backups
Detecting
Responding
Recovering
Improving
Evaluating Your Current Security Measures
Software
Hardware
Insurance
Education
Privacy 101
Think before you share
Think before you post
General privacy tips
Banking Online Safely
Safely Using Smart Devices
Cryptocurrency Security 101
Chapter 2 Enhancing Physical Security
Understanding Why Physical Security Matters
Taking Inventory
Stationary devices
Mobile devices
Locating Your Vulnerable Data
Creating and Executing a Physical Security Plan
Implementing Physical Security
Security for Mobile Devices
Realizing That Insiders Pose the Greatest Risks
Chapter 3 Cybersecurity Considerations When Working from Home
Network Security Concerns
Device Security Concerns
Location Cybersecurity
Shoulder surfing
Eavesdropping
Theft
Human errors
Video Conferencing Cybersecurity
Keep private stuff out of camera view
Keep video conferences secure from unauthorized visitors
Social Engineering Issues
Regulatory Issues
Chapter 4 Securing Your Accounts
Realizing You’re a Target
Securing Your External Accounts
Securing Data Associated with User Accounts
Conduct business with reputable parties
Use official apps and websites
Don’t install software from untrusted parties
Don’t root your phone
Don’t provide unnecessary sensitive information
Use payment services that eliminate the need to share credit card numbers
Use one-time, virtual credit card numbers when appropriate
Monitor your accounts
Report suspicious activity ASAP
Employ a proper password strategy
Utilize multifactor authentication
Log out when you’re finished
Use your own computer or phone
Lock your computer
Use a separate, dedicated computer for sensitive tasks
Use a separate, dedicated browser for sensitive web-based tasks
Secure your access devices
Keep your devices up to date
Don’t perform sensitive tasks over public Wi-Fi
Never use public Wi-Fi in high-risk places
Access your accounts only in safe locations
Use appropriate devices
Set appropriate limits
Use alerts
Periodically check access device lists
Check last login info
Respond appropriately to any fraud alerts
Never send sensitive information over an unencrypted connection
Beware of social engineering attacks
Establish voice login passwords
Protect your cellphone number
Don’t click on links in emails or text messages
Securing Data with Parties You’ve Interacted With
Securing Data at Parties You Haven’t Interacted With
Securing Data by Not Connecting Hardware with Unknown Pedigrees
Chapter 5 Passwords
Passwords: The Primary Form of Authentication
Avoiding Simplistic Passwords
Password Considerations
Easily guessable personal passwords
Complicated passwords aren’t always better
Different levels of sensitivity
Your most sensitive passwords may not be the ones you think
You can reuse passwords — sometimes
Consider using a password manager
Creating Memorable, Strong Passwords
Knowing When to Change Passwords
Changing Passwords after a Breach
Providing Passwords to Humans
Storing Passwords
Storing passwords for your heirs
Storing general passwords
Transmitting Passwords
Discovering Alternatives to Passwords
Biometric authentication
SMS-based authentication
App-based one-time passwords
Hardware token authentication
USB-based authentication
Chapter 6 Preventing Social Engineering Attacks
Don’t Trust Technology More than You Would People
Types of Social Engineering Attacks
Six Principles Social Engineers Exploit
Don’t Overshare on Social Media
Your schedule and travel plans
Financial information
Personal information
Information about your children
Information about your pets
Work information
Possible cybersecurity issues
Crimes and minor infractions
Medical or legal advice
Your location
Your birthday
Your “sins”
Leaking Data by Sharing Information as Part of Viral Trends
Identifying Fake Social Media Connections
Photo
Verification
Friends or connections in common
Relevant posts
Number of connections
Industry and location
Similar people
Duplicate contact
Contact details
Premium status
LinkedIn endorsements
Group activity
Appropriate levels of relative usage
Human activities
Cliché names
Poor contact information
Skill sets
Spelling
Age of an account
Suspicious career or life path
Level or celebrity status
Using Bogus Information
Using Security Software
General Cyberhygiene Can Help Prevent Social Engineering
3 Securing a Business
Chapter 1 Securing Your Small Business
Making Sure Someone Is In Charge
Watching Out for Employees
Incentivize employees
Avoid giving out the keys to the castle
Give everyone separate credentials
Restrict administrators
Limit access to corporate accounts
Implement employee policies
Enforce social media policies
Monitor employees
Dealing with a Remote Workforce
Use work devices and separate work networks
Set up virtual private networks
Create standardized communication protocols
Use a known network
Determine how backups are handled
Be careful where you work remotely
Be extra vigilant regarding social engineering
Considering Cybersecurity Insurance
Complying with Regulations and Compliance
Protecting employee data
PCI DSS
Breach disclosure laws
GDPR
HIPAA
Biometric data
Anti-money laundering laws
International sanctions
Handling Internet Access
Segregate Internet access for personal devices
Create bring your own device (BYOD) policies
Properly handle inbound access
Protect against denial-of-service attacks
Use https
Use a VPN
Run penetration tests
Be careful with IoT devices
Use multiple network segments
Be careful with payment cards
Managing Power Issues
Chapter 2 Cybersecurity and Big Businesses
Utilizing Technological Complexity
Managing Custom Systems
Continuity Planning and Disaster Recovery
Looking at Regulations
Sarbanes Oxley
Stricter PCI requirements
Public company data disclosure rules
Breach disclosures
Industry-specific regulators and rules
Fiduciary responsibilities
Deep pockets
Deeper Pockets — and Insured
Considering Employees, Consultants, and Partners
Dealing with internal politics
Offering information security training
Replicated environments
Looking at the Chief Information Security Officer’s Role
Overall security program management
Test and measurement of the security program
Human risk management
Information asset classification and control
Security operations
Information security strategy
Identity and access management
Data loss prevention
Fraud prevention
Incident response plan
Disaster recovery and business continuity planning
Compliance
Investigations
Physical security
Security architecture
Geopolitical risks
Ensuring auditability of system administrators
Cybersecurity insurance compliance
Chapter 3 Identifying a Security Breach
Identifying Overt Breaches
Ransomware
Defacement
Claimed destruction
Detecting Covert Breaches
Your device seems slower than before
Your Task Manager doesn’t run
Your Registry Editor doesn’t run
Your device starts suffering from latency issues
Your device starts suffering from communication and buffering issues
Your device’s settings have changed
Your device is sending or receiving strange email messages
Your device is sending or receiving strange text messages
New software (including apps) is installed on your device — and you didn’t install it
Your device’s battery seems to drain more quickly than before
Your device seems to run hotter than before
File contents have been changed
Files are missing
Websites appear different than before
Your Internet settings show a proxy, and you never set one up
Some programs (or apps) stop working properly
Security programs have turned off
An increased use of data or text messaging (SMS)
Increased network traffic
Unusual open ports
Your device starts crashing
Your cellphone bill shows unexpected charges up to here
Unknown programs request access
External devices power on unexpectedly
Your device acts as if someone else were using it
New browser search engine default
Your device password has changed
Pop-ups start appearing
New browser add-ons appear
New browser home page
Your email from the device is getting blocked by spam filters
Your device is attempting to access “bad” sites
You’re experiencing unusual service disruptions
Your device’s language settings changed
You see unexplained activity on the device
You see unexplained online activity
Your device suddenly restarts
You see signs of data breaches and/or leaks
You are routed to the wrong website
Your hard drive or SSD light never seems to turn off
Other abnormal things happen
Chapter 4 Recovering from a Security Breach
An Ounce of Prevention Is Worth Many Tons of Response
Stay Calm and Act Now with Wisdom
Bring in a Pro
Recovering from a Breach without a Pro’s Help
Step 1: Figure out what happened or is happening
Step 2: Contain the attack
Step 3: Terminate and eliminate the attack
Boot the computer from a security software boot disk
Back up
Delete junk (optional)
Run security software
Reinstall Damaged Software
Restart the system and run an updated security scan
Erase all potentially problematic System Restore points
Restore modified settings
Rebuild the system
Dealing with Stolen Information
Paying ransoms
Consult a cybersecurity expert
Consult a lawyer
Learning for the future
Recovering When Your Data Is Compromised at a Third Party
Reason the notice was sent
Scams
Passwords
Payment card information
Government-issued documents
School or employer-issued documents
Social media accounts
Chapter 5 Backing Up
Backing Up Is a Must
Backing Up Data from Apps and Online Accounts
SMS texts
Social media
WhatsApp
Google Photos
Other apps
Backing Up Data on Smartphones
Android
Automatic backups
Manual backups
Apple
Backing up to iCloud
Backing up using iTunes
Conducting Cryptocurrency Backups
Backing Up Passwords
Looking at the Different Types of Backups
Full backups of systems
Original system images
Later system images
Original installation media
Downloaded software
Full backups of data
Incremental backups
Differential backups
Mixed backups
Continuous backups
Partial backups
Folder backups
Drive backups
Virtual drive backups
Exclusions
In-app backups
Figuring Out How Often You Should Backup
Exploring Backup Tools
Backup software
Drive-specific backup software
Windows Backup
Smartphone/tablet backup
Manual file or folder copying backups
Automated task file or folder copying backups
Creating a Boot Disk
Knowing Where to Back Up
Local storage
Offsite storage
Cloud
Network storage
Mixing locations
Knowing Where Not to Store Backups
Encrypting Backups
Testing Backups
Disposing of Backups
Chapter 6 Resetting Your Device
Exploring Two Types of Resets
Soft resets
Older devices
Windows computers
Mac computers
Android devices
iPhones
Hard resets
Resetting a Windows device
Resetting a modern Android device
Resetting a Mac
Resetting an iPhone
Rebuilding Your Device after a Hard Reset
Chapter 7 Restoring from Backups
You Will Need to Restore
Wait! Do Not Restore Yet!
Restoring Data to Apps
Restoring from Full Backups of Systems
Restoring to the computing device that was originally backed up
Restoring to a different device than the one that was originally backed up
Original system images
Later system images
Installing security software
Original installation media
Downloaded software
Restoring from full backups of data
Restoring from Incremental Backups
Incremental backups of data
Incremental backups of systems
Differential backups
Continuous backups
Partial backups
Folder backups
Drive backups
Virtual-drive backups
Restoring the entire virtual drive
Restoring files and/or folders from the virtual drive
Dealing with Deletions
Excluding Files and Folders
Understanding Archives
Multiple files stored within one file
Old live data
Old versions of files, folders, or backups
Restoring Using Backup Tools
Restoring from a Windows backup
Restoring to a system restore point
Restoring from a smartphone/tablet backup
Restoring from manual file or folder copying backups
Utilizing third-party backups of data hosted at third parties
Returning Backups to Their Proper Locations
Network storage
Restoring from a combination of locations
Restoring to Non-Original Locations
Never Leave Your Backups Connected
Restoring from Encrypted Backups
Testing Backups
Restoring Cryptocurrency
Booting from a Boot Disk
4 Securing the Cloud
Chapter 1 Clouds Aren’t Bulletproof
Knowing Your Business
Discovering the company jewels
Initiating your plan
Automating the discovery process
AWS Discovery Service
Google Cloud Discovery Service
Knowing Your SLA Agreements with Service Providers
Where is the security?
Knowing your part
Building Your Team
Finding the right people
Including stakeholders
Creating a Risk Management Plan
Identifying the risks
Assessing the consequences of disaster
Pointing fingers at the right people
Disaster planning
When Security Is Your Responsibility
Determining which assets to protect
Using an automation tool
Letting ITAM help you comply
Applications designed to manage and protect your company’s assets
Knowing your possible threat level
Van Gogh with it (paint a picture of your scenario)
Setting up a risk assessment database
Confidential data loss
Integrity loss
Data access loss
Avoiding Security Work with the Help of the Cloud
Having someone else ensure physical security
Making sure providers have controls to separate customer data
Recognizing that cloud service providers can offer better security
Chapter 2 Getting Down to Business
Negotiating the Shared Responsibility Model
Coloring inside the lines
Learning what to expect from a data center
Taking responsibility for your 75 percent
SaaS, PaaS, IaaS, AaaA!
SaaS
SaaS security
PaaS
PaaS security
IaaS
IaaS security
FaaS
SaaS, PaaS, IaaS, FaaS responsibilities
Managing Your Environment
Restricting access
Assessing supply chain risk
Managing virtual devices
Application auditing
Managing Security for Devices Not Under Your Control
Inventorying devices
Using a CASB solution
Applying Security Patches
Looking Ahead
Chapter 3 Developing Secure Software
Turbocharging Development
No more waterfalls
CI/CD: Continuous integration/continuous delivery
Shifting left and adding security in development
Tackling security sooner rather than later
Putting security controls in place first
Circling back
Implementing DevSecOps
Automating Testing during Development
Using static and dynamic code analysis
Taking steps in automation
Leveraging software composition analysis
Security holes in open-source code
Dependency tracking
Security holes and how to plug them
Proving the job has been done right
Logging and monitoring
Ensuring data accountability, data assurance, and data dependability
Running Your Applications
Taking advantage of cloud agnostic integration
Recognizing the down sides of cloud agnostic development
Getting started down the cloud agnostic path
Like DevOps but for Data
Testing, 1-2-3
Is this thing working?
Working well with others
Baking in trust
DevSecOps for DataOps
Considering data security
Ending data siloes
Developing your data store
Meeting the Challenges of DataSecOps
Understanding That No Cloud Is Perfect
Chapter 4 Restricting Access
Determining the Level of Access Required
Catching flies with honey
Determining roles
Auditing user requirements
Understanding Least Privilege Policy
Granting just-in-time privileges
The need-to-know strategy
Granting access to trusted employees
Restricting access to contractors
Implementing Authentication
Multifactor authentication (Or, who’s calling me now?)
Authenticating with API keys
Using Firebase authentication
Employing OAuth
Google and Facebook authentication methods
Introducing the Alphabet Soup of Compliance
Global compliance
Complying with PCI
Complying with GDPR
HIPAA compliance
Government compliance
Compliance in general
Maintaining Compliance and CSPM
Discovering and remediating threats with CSPM applications
Automating Compliance
Integrating with DevOps
Controlling Access to the Cloud
Using a cloud access security broker (CASB)
Middleware protection systems
Employing a secure web gateway (SWG)
Data loss prevention (DLP) systems
Using a Firewall as a Service (FWaaS)
Secure Access Service Edge (SASE)
Identifying user behavior
Carrying out forensic investigations
Using a managed service provider
Getting Certified
ISO 27001 Compliance
SOC 2 compliance
Certifying security
Certifying availability
Certifying processing integrity
Certifying confidentiality
Certifying privacy
PCI certification
Chapter 5 Implementing Zero Trust
Making the Shift from Perimeter Security
Examining the Foundations of Zero Trust Philosophy
Two-way authentication
Endpoint device management
End-to-end encryption
Public key/private key encryption
A scary bit about email
Policy based access
Accountability
Guarding against external threats with SIEM
Protecting against internal threats with UEBA
Least privilege
Network access control and beyond
CSPM risk automation
Dealing with Zero Trust Challenges
Choose a roadmap
Take a simple, step-by-step approach
Keep in mind some challenges you face in implementing zero trust
Dealing with change
Integrating legacy systems
Creating full visibility
Building DIY solutions
Zero trust and the cloud: Using a third-party solution
Enabling business collaboration
Making zero trust agile
Building the right team
Chapter 6 Using Cloud Security Services
Customizing Your Data Protection
Validating Your Cloud
Multifactor authentication
One-time passwords
Managing file transfers
HSM: Hardware Security Modules for the Big Kids
Looking at HSM cryptography
Managing keys with an HSM
A little bit about keys
Bitcoin and other cryptocurrency
Building in tamper resistance
Using HSMs to manage your own keys
Meeting financial data security requirements with HSMs
DNSSEC
OpenDNSSEC
Evaluating HSM products
Looking at cloud HSMs
KMS: Key Management Services for Everyone Else
SSH compliance
The encryption-key lifecycle
Setting Up Crypto Service Gateways
5 Testing Your Security
Chapter 1 Introduction to Vulnerability and Penetration Testing
Straightening Out the Terminology
Hacker
Malicious user
Recognizing How Malicious Attackers Beget Ethical Hackers
Vulnerability and penetration testing versus auditing
Policy considerations
Compliance and regulatory concerns
Understanding the Need to Hack Your Own Systems
Understanding the Dangers Your Systems Face
Nontechnical attacks
Network infrastructure attacks
Operating system attacks
Application and other specialized attacks
Following the Security Assessment Principles
Working ethically
Respecting privacy
Not crashing your systems
Using the Vulnerability and Penetration Testing Process
Formulating your plan
Selecting tools
Executing the plan
Evaluating results
Moving on
Chapter 2 Cracking the Hacker Mindset
What You’re Up Against
Who Breaks into Computer Systems
Hacker skill levels
Hacker motivations
Why They Do It
Planning and Performing Attacks
Maintaining Anonymity
Chapter 3 Developing Your Security Testing Plan
Establishing Your Goals
Determining Which Systems to Test
Creating Testing Standards
Timing your tests
Running specific tests
Conducting blind versus knowledge assessments
Picking your location
Responding to vulnerabilities you find
Making silly assumptions
Selecting Security Assessment Tools
Chapter 4 Hacking Methodology
Setting the Stage for Testing
Seeing What Others See
Scanning Systems
Hosts
Open ports
Determining What’s Running on Open Ports
Assessing Vulnerabilities
Penetrating the System
Chapter 5 Information Gathering
Gathering Public Information
Social media
Web search
Web crawling
Websites
Mapping the Network
WHOIS
Privacy policies
Chapter 6 Social Engineering
Introducing Social Engineering
Starting Your Social Engineering Tests
Knowing Why Attackers Use Social Engineering
Understanding the Implications
Building trust
Exploiting the relationship
Deceit through words and actions
Deceit through technology
Performing Social Engineering Attacks
Determining a goal
Seeking information
Using the Internet
Dumpster diving
Phone systems
Phishing emails
Social Engineering Countermeasures
Policies
User awareness and training
Chapter 7 Physical Security
Identifying Basic Physical Security Vulnerabilities
Pinpointing Physical Vulnerabilities in Your Office
Building infrastructure
Attack points
Countermeasures
Utilities
Attack points
Countermeasures
Office layout and use
Attack points
Countermeasures
Network components and computers
Attack points
Countermeasures
6 Enhancing Cybersecurity Awareness
Chapter 1 Knowing How Security Awareness Programs Work
Understanding the Benefits of Security Awareness
Reducing losses from phishing attacks
Reducing losses by reducing risk
Grasping how users initiate loss
Knowing How Security Awareness Programs Work
Establishing and measuring goals
Showing users how to “do things right”
Recognizing the Role of Awareness within a Security Program
Disputing the Myth of the Human Firewall
Chapter 2 Creating a Security Awareness Strategy
Identifying the Components of an Awareness Program
Choosing effective communications tools
Picking topics based on business drivers
Knowing when you’re a success
Figuring Out How to Pay for It All
Chapter 3 Determining Culture and Business Drivers
Understanding Your Organization’s Culture
Determining security culture
Recognizing how culture relates to business drivers
Identifying Subcultures
Interviewing Stakeholders
Requesting stakeholder interviews
Scheduling the interviews
Creating interview content
Taking names
Partnering with Other Departments
Chapter 4 Choosing the Best Tools for the Job
Identifying Security Ambassadors
Finding ambassadors
Maintaining an ambassador program
Knowing the Two Types of Communications Tools
Reminding users to take action
Requiring interaction from users
Exploring Your Communications Arsenal
Knowledgebase
Posters
Hardcopy newsletters
Monitor displays
Screen savers
Pamphlets
Desk drops
Table tents
Coffee cups or sleeves
Stickers
Mouse pads
Pens and other useful giveaways
Camera covers
Squishy toys and other fun giveaways
Active communications tools
Computer based training
Contests
Events
Chapter 5 Measuring Performance
Knowing the Hidden Cost of Awareness Efforts
Meeting Compliance Requirements
Collecting Engagement Metrics
Attendance metrics
Likability metrics
Knowledge metrics
Measuring Improved Behavior
Tracking the number of incidents
Examining behavior with simulations
Tracking behavior with gamification
Demonstrating a Tangible Return on Investment
Recognizing Intangible Benefits of Security Awareness
Knowing Where You Started: Day 0 Metrics
Chapter 6 Assembling Your Security Awareness Program
Knowing Your Budget
Finding additional sources for funding
Securing additional executive support
Coordinating with other departments
Allocating for your musts
Limiting your discretionary budget
Appreciating your team as your most valuable resource
Choosing to Implement One Program or Multiple Programs
Managing multiple programs
Beginning with one program
Gaining Support from Management
Devising a Quarterly Delivery Strategy
Ensuring that your message sticks
Distributing topics over three months
Deciding Whether to Include Phishing Simulations
Planning Which Metrics to Collect and When
Considering metrics versus topics
Choosing three behavioral metrics
Incorporating Day 0 metrics
Scheduling periodic updates
Biasing your metrics
Branding Your Security Awareness Program
Creating a theme
Maintaining brand consistency
Coming up with a catchphrase and logo
Promoting your program with a mascot
Chapter 7 Running Your Security Awareness Program
Nailing the Logistics
Determining sources or vendors
Scheduling resources and distribution
Contracting vendors
Recognizing the role of general project management
Getting All Required Approvals
Getting the Most from Day 0 Metrics
Creating Meaningful Reports
Presenting reports as a graphical dashboard
Adding index scores
Creating an awareness index
Reevaluating Your Program
Reconsidering your metrics
Evaluating your communications tools
Measuring behavioral changes
Redesigning Your Program
Anything stand out?
Adding subcultures
Adding, deleting, and continuing metrics
Adding and discontinuing communications tools
Revisiting awareness topics
Considering Breaking News and Incidents
Chapter 8 Implementing Gamification
Understanding Gamification
Identifying the Four Attributes of Gamification
Figuring Out Where to Gamify Awareness
Examining Some Tactical Gamification Examples
Phishing reporting
Clean desk drops
Tailgating exercises
USB drop reporting
Reporting security incidents
Ad hoc gamification
Putting Together a Gamification Program
Determining reward tiers
Assigning point levels
Creating a theme
Offering valid rewards
Assigning points to behaviors
Tracking users and the points they earn
Promoting the Program
Index
EULA