Hackers - information security awareness and training module for September
Background and scope
Hacking involves finding or creating and exploiting vulnerabilities in IT systems, networks,
technologies, people, processes, facilities and organizations. There’s lots more to explore on this topic aside from simply breaking in to Internet-connected IT systems to steal credit card details.
Hackers represent the good, the bad and the ugly of information security.
At the good end of the scale, white-hat hackers are actively exploring and expanding
IT. Hacking, for them, is a deep fascination with technology, and a willingness to share their passion with the wider geek community. Good hackers are generally
obsessive but benevolent, at worst benign. Good hackers are mortified if they inadvertently cause damage.
Bad hackers are also fascinated with technology, but more selfish in nature. They
enjoy themselves poking around in systems on the Internet, not worrying too much about any damage they cause along the way except in so far as it increases the
possibility of them being caught and prosecuted. To them, victims are “asking for it” if they don’t adequately secure their systems and information.
Ugly hackers, sometimes known as crackers, are shamelessly if covertly operating on
the criminal Dark Side. They are the black-hats, overtly malicious or malevolent, earning a living by defrauding, stealing or coercing assets from individuals and
organizations with no sense of guilt. Due to the illegality of what they do, ugly hackers are extremely concerned, verging on paranoid, about staying undetected and
not being apprehended by the authorities, to the extent that they have no qualms about deliberately destroying victims’ IT systems (and hence their businesses) in order
to avoid leaving traces of forensic evidence (known as “scorched earth”). These are the guys working for criminal gangs, terrorists, and most dastardly of all, “foreign
September’s security awareness and training module:
Introduces hacking, providing general context and background information;
Describes and characterizes hackers, crackers, social engineers, fraudsters, scammers, script-kiddies, makers, penetration testers and so forth;
Expands on the information risks in this area and the security controls against hacking;
Motivates people to think - and most of all act - more securely.
Consider your learning objectives in relation to hacking. Are there any specific issues or related concerns that are worth bringing up this month?
As well as customizing the NoticeBored materials to suit your awareness branding and objectives, feel free to blend-in additional content. Use the
materials in the company newsletters and magazines, your intranet Security Zone, in awareness events and training courses, and for new employee induction or orientation purposes.