This awareness and training module explores cybersecurity, a problematic term. Despite being bandied about, it is rarely defined and often misunderstood. It encompasses issues ranging from IT and network security in general up to cyberwar - an extreme range that people don't usually appreciate.
To the average man in the street, cyber vaguely implies something to do with the Internet or IT. Almost any Internet incident could be deemed a cyber-attack, for instance. To IT and information security professionals, cyber may imply IT or network-based attacks, especially those delivered via the Internet but perhaps more sophisticated than the run-of-the-mill incidents. To journalists and politicians, cyber might be either a buzzword that makes them appear as if they are keeping up with the highest of high-tech, or a byword for highly sophisticated electronic/digital warfare involving serious damage to the nation’s critical infrastructure, high-tech attacks by superpowers, rogue states, terrorist groups and so forth.
If your organization is an integral part of the critical national infrastructure (e.g. government, defense, electricity supply, financial services etc.), cybersecurity is clearly a directly relevant topic. It’s also pertinent if your organization depends on the critical national infrastructure (which, by its very nature, is highly likely!). One might further argue that the risks and controls are relevant to all organizations in respect of their internal critical infrastructures, plus the suppliers and other organizations on which they depend. Furthermore, cyber- appears frequently in the news, hence employees might be wondering what the buzz is about.
- Introduce and explain cyber- terms such as cybersecurity, cyberspace, cyberattack and cyberwar;
- Elaborate on the associated risks, including credible scenarios;
- Describe and promote the corresponding information security controls;
- Inform and motivate people to think through the implications of, say, cyberwar, hopefully putting themselves, their families and the organization in a better state to avoid or survive cyber-incidents of all kinds.
An awareness and training module about cyber-risk, cybersecurity controls, cyber-incidents and more.