Strong
confidentiality and authentication mechanisms are wonderful provided they are
well designed, implemented, used, managed and maintained … but
cryptographic controls have a nasty tendency of failing open, sometimes
becoming spectacularly insecure - which is just one of the information risks associated with cryptography.
Since this is ‘only’
a security awareness module, we’ve avoided delving into the
advanced mathematics that underpins cryptography, while at the same time giving
enough information for the module to be both interesting and actionable. Cryptography is a complex, technical topic, for sure, but that's no reason for the awareness program to ignore it and hope for the best!
Read more
about July’s awareness module and get in touch for more info, or to subscribe to the NoticeBored service. Even if you have the expertise and interest to research and prepare your own awareness materials, wouldn't you rather spend your valuable time interacting with your colleagues, spreading the word about information security and helping them see the light?
Talking of spending time in the organization, the train-the-trainer guide in the module offers guidance on how we envisage the materials
being used, and offers a bunch of creative ideas to make your awareness
program more interactive and, yes, fun. This month, there are some
“crypto-toys” for workers to explore basic encryption mechanisms, hands-on, and the chance to mess
around with medieval-style wax seals, not unlike those on our awareness posters every month. More than simply a design touch, they are a subtle
historical reference to a physical form of information security, a tip o’ the
hat to our predecessors.
Regards,
Gary (Gary@isect.com)
No comments:
Post a Comment