Human Element Security
Goals
- Define human element security, including Security Awareness, Training, and Education (SATE)
- Define social engineering and its strategies, including pretexting, phishing, and tailgating
- Identify human element security awareness issues
- Identify elements of risk management in policies and procedures
- Identify the layers of a defense-in-depth strategy
- Compare the abilities of physical, logical, and administrative controls, and combinations of same, to protect resources
- Categorize cybersecurity principles and defense concepts according to area of impact
- Identify password security best practices
- Identify the security concerns that would be mitigated or eliminated with Security Awareness, Training, and Education (SATE) programs
- Classify security principles and actions according to the types of attacks they mitigate or eliminate
- Classify attacks according to the cybersecurity concept or principle that was violated
- Identify cybersecurity concepts and principles that protect critical information (e.g., intellectual property, files)
- Identify the types of assets or resources that can be secured
- Categorize security principles and cyber defense concepts according to the type of asset or resource needing protection
- Classify threats and attacks according to what leg of the CIA triad is targeted
- Categorize control mechanisms (i.e., physical, logical, administrative) according to the type of risk they mitigate or eliminate
- Align the four types of attacks (i.e., interception, interruption, modification, and fabrication) to the legs of the CIA triad
Human element security involves focusing on the human aspect of cybersecurity.