Where Did You Learn About Cybersecurity -- or Did You?

[InfoSec News <alerts () infosecnews org>]

http://www.eetimes.com/author.asp?section_id=8&doc_id=1320907

By Carolyn Mathas
EE Times
2/6/2014

I just noticed the results of a report commissioned by the Institution of 
Engineering and Technology (IET) called "Using Open Source Intelligence to 
Improve ICS & SCADA Security." The report suggests that information that 
engineers place on social media, in blogs, and in papers is sufficient to 
mount cyberattacks. In this case, the attacks involved utilities. However, 
it shouldn't matter what industry is front and center -- only that this 
may be a side door in.

The basis for the IET's concern was a survey of 250 small and midsized 
enterprises. Half were aware of the government's Cyber Security Strategy, 
and just 14% said cyberthreats were "the highest priority."

I have a question: How have you been trained/warned/advised regarding the 
use of social media, written papers, articles, blogs, etc. and how they 
relate to security? This report concentrated on the UK, but life isn't 
that much different on this side of the pond.

Did you receive any university-level training regarding the role of the 
individual in security breaches? Was this a part of the new-hire training 
at your company? What did you learn, and where did you learn it, as to how 
much information is too much? Maybe this is covered in nondisclosure 
agreements you sign upon corporate entry as part of an HR exercise?

[...]



--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/