27-06-2017, 03:26 PM
Information security awareness is an evolving part of information security that focuses on raising awareness of the potential risks of rapidly evolving forms of information and rapidly evolving threats to information that focuses on behavior human. As threats have matured and information has increased in value, attackers have increased their capabilities and expanded to broader intentions, developed more attack methods and methodologies, and are acting on more diverse grounds. As controls and information security processes have matured, attacks have matured to bypass controls and processes. Attackers have successfully attacked and exploited the human behavior of individuals to break down corporate networks and critical infrastructure systems. Targeted individuals who are not aware of the information and threats may, unknowingly, circumvent traditional security controls and processes and allow a violation of the organization. In response, information security awareness is maturing. Cybersecurity as a business problem has dominated the agenda of most CIOs, exposing the need for countermeasures to the current cyber-threat landscape. The goal of information security awareness is to make everyone aware that they are susceptible to opportunities and challenges in the current landscape of threats, change human-risk behaviors, and create or enhance a secure organizational culture.
Information security awareness is one of several key principles of information security. Information security awareness seeks to understand and improve human risk behaviors, beliefs and perceptions about information and information security, as well as to understand and improve organizational culture as a countermeasure against rapidly evolving threats. For example, the OECD guidelines for security of information systems and networks include nine generally accepted principles: awareness, responsibility, response, ethics, democracy, risk assessment, safety design and implementation, safety management and reevaluation . In the context of the Internet, this type of awareness is sometimes referred to as cybersecurity awareness, which is the focus of multiple initiatives, including the US Department of Homeland Security's National Cyber Security Awareness Month and the 2015 Summit of The White House on Cybersecurity Consumer Protection.
Computer-based crime is not something new to us. Viruses have been with us for over 20 years; Spyware has accumulated more than a decade since the first incidents; And the large-scale use of phishing dates back to at least 2003. One of the reasons the researchers agreed that the pace in the information system is evolving and expanding, the security awareness program among employees is falling. Unfortunately, however, it seems that the rapid adoption of online services has not been matched with a corresponding embrace of the security culture.