Exam Objectives 5.6
Given a scenario, implement security awareness practices.
- Types of anomalous behavior:
- Risky: Carrying out risky practices
- Unexpected: A user attempting unauthorized access
- Unintentional: Damage caused by human error
- User guidance and training methods:
- Policy/handbooks: Training material
- Situational awareness: A training aid for a job role
- Insider threat: A disgruntled employee causing damage
- Password management: Best practice for passwords
- Removable media and cables: Attack vectors
- Social engineering: Catching users unaware
- Operational security: Looking at social engineering attacks
- Hybrid/remote work environments: Working in remote locations
- Reporting and monitoring:
- Initial: Evaluating training effectiveness
- Recurring: Retraining if staff’s guard is lowered
- Development: Creating training materials
- Execution: Delivery of training