September’s security awareness topic is outsider threats

Outline and scope New this month

03 NB awareness poster on outsider threats 350If “insiders” are defined as the organization’s employees, “outsiders” must be everyone else, right, all those who are not on the payroll?  In reality from any single organization’s perspective, a huge variety and number of people qualify as outsiders. 

‘We’ are completely outnumbered by ‘them’.

Leading on from August’s awareness coverage of insider threats, it’s time now to explore the information-related threats from outside the organization – both threatening outsiders and external threats that don’t involve malicious people, or indeed people, at all.

The scope includes external events, incidents, accidents and challenges that aren’t deliberate, targeted attacks by specific people or groups – supply chain interruptions, cloud service failures and Internet drop-outs for example are external threats to the business, as are more general, widespread or social issues such as climate change, infectious disease outbreaks and natural disasters.  We call these “outside threats”.

For completeness, the threats and risks arising from “inbetweenies” – neither insiders nor outsiders - were mentioned last month and are brought up again this month.  We’re talking about contractors, consultants, professional advisors, interns, temps and others.  Perhaps at some future point we should explore the inbetweeny threats in more depth.

 

Learning objectives

September’s security awareness module will:

  • Introduce outsider and external threats, providing general context and background information;
  • Contrast those threats against the insider threats we covered last month;
  • Expand on the associated risks and security controls, describing a structured and systematic process for identifying, evaluating and treating the information risks;
  • Stimulate insiders to think - and most of all act - more securely in respect of outsiders.

Consider your organization’s learning objectives in relation to outside/r threats.  Are there specific concerns in this area, or just a general interest?  Does the organization face particularly threatening adversaries and challenging situations?

Assuming, that is, your awareness program even covers outsider threats at all ...

Contents of the module

  • A-to-ZTrain-the-trainer guide on outsider threats - suggests awareness activities using the NB materials
  • Awareness seminar on outsider threats - PowerPoint slide deck with speaker notes
  • Awareness posters on outsider threats (x3) - High-res photographic images to print as posters or illustrate other content
  • A-to-Z of outsider threats - in effect, a threat catalog to help identify outsider threats - see --->
  • Job ad: prairie dog lookout wanted - everyone should be alert for outsider threats!
  • Case study on outsider threats
  • Wordsearch puzzle on outsider threats
  • FAQ on outsider threats
  • Awareness challenges on outsider threats (x2)
  • Awareness survey on outsider threats
  • Awareness test on outsider threats
  • Hyperlinked information security glossary - updated monthly
  • Diagrams for outsider threats (x10) - in Visio allowing customers to customize/adapt to their requirements
     
  • Management seminar on outsider threats - aimed at managers
  • Board agenda on outsider threats - for top management
  • Elevator pitch on outsider threats - for busy senior managers
  • Model policies on outsider threats and penetration testing - generic policy templates to adapt and adopt
  • Executive briefing on outsider threats - high-level one-pager
  • Management briefing on outsider threats - more details on managing the threats
  • Outsider threats metric - a maturity metric to measure and improve
     
  • Newsletter on outsider threats
  • Professional seminar on outsider threats - aimed at professionals and specialists
  • Professional briefing on outsider threats - guidance on dealing with outsider threats
  • Internal Controls Q uestionnaire - audit-style checklist to review the threats, risks, processes and controls

Get this module

Subscribe to the NoticeBored service to receive this module, plus further batches of security awareness and training materials, fresh every month.  We offer a wealth of top-quality creative content on a market-leading range of information risk and security topics making it easy and economic for you to run a world-class security awareness and training program.

Email us to set the ball rolling.  Find out what it takes to get your security awareness and training program quickly up to speed, for a lot less than you might think.  We’re a small company with a big reputation for quality and innovation.

What’s next?

Tag along with us on NBlog as we work on the next awareness topic.  In addition to clues about what’s coming up, we share hints and tips on making security awareness more effective.

Home > NB this month >

Copyright © 2018 IsecT Ltd.