Cybersecurity and the X-Factor

About this course: What is the X-Factor? In Cybersecurity, the X-Factor related to unknown and unpredictable human behavior within and outside of your organization. “No one really knows why humans do what they do”, (David K. Reynolds), and because of this organizations can be unprepared for malicious, untrained, or even best intentioned behavior that can cause alarm and sometimes irreparable harm. This course will introduce you to the types of training available to reduce the impact of the X-Factor, evaluate its effectiveness, explore the Security Education, Training and Awareness (SETA) program, and learn why it may fail. The course will conclude with information designed to assist you with some critical components for your business security program. Activities focused on hactivism, cyberinsurance, and ransomware will round out your knowledge base. Your team of instructors has prepared a series of readings, discussions, guest lectures, and quizzes to engage you in this exciting topic.

Who is this class for: This course is primarily aimed for learners who are interested in transitioning toward a more managerial role in cybersecurity, and are therefore in understanding the interplay between business strategy and the IT infrastructure.

Created by:  University System of Georgia

• Taught by:  Dr. Humayun Zafar, Associate Professor of Information Security and Assurance

  Information Systems

• Taught by:  Dr. Traci Carte, Associate Professor Chair, Information Systems

  Information Systems

• Taught by:  Herbert J. Mattord, Ph.D., CISM, CISSP, CDP, Associate Professor in Information Security and Assurance

  Information Systems

• Taught by:  Mr. Andy Green, Lecturer of Information Security and Assurance

  Kennesaw State University - Department of Information Systems

• Taught by:  Michael Whitman, Ph.D., CISM, CISSP, Professor of Information Security

  Information Systems

Basic Info Course 3 of 4 in the Cybersecurity: Developing a Program for Your Business Specialization Level Beginner Commitment 4 weeks of study, 3-4 hours/week Language English How To Pass Pass all graded assignments to complete the course. User Ratings 4.5 stars Average User Rating 4.5See what learners said Coursework

Each course is like an interactive textbook, featuring pre-recorded videos, quizzes and projects.

Help from your peers

Connect with thousands of other learners and debate ideas, discuss course material, and get help mastering concepts.

Certificates

Earn official recognition for your work, and share your success with friends, colleagues, and employers.

University System of Georgia The University System of Georgia is composed of 28 higher education institutions including 4 research universities, 2 regional universities, 12 state universities, 13 state colleges and the Skidaway Institute of Oceanography. The Georgia Public Library System, encompassing 61 library systems throughout Georgia, is also part of the University System.

Syllabus


WEEK 1


Introduction to the X-Factor



The X-factor within information security is human behavior within and outside your organization. Our introduction includes an overview of information security management and its goals as well as describing the problem created by non-malicious insider behavior. We include discussion about the purpose of training within organizational cybersecurity efforts and whether it is achieving its purpose.


4 videos, 5 readings, 1 practice quiz expand

1. Video: Course Overview video
2. Reading: Learning Objectives
3. Video: Security and Employee Compliance
4. Reading: MISQ Executive: Information Security Management Overview
5. Reading: Phishing Attacks Hurt Convenience Of Online Banking In The Workplace
6. Reading: 3 things every CISO should know
7. Reading: Shadow IT: Mitigating Security Risks
8. Video: Industry Q&A: Security and End Users
9. Video: Pulling it together
10. Discussion Prompt: Your own compliance behavior
11. Practice Quiz: Introduction to the X-Factor Quiz

Graded: The role of security professionals

WEEK 2


Security Education: Training & Awareness



Within this topic we will discuss traditional training efforts. Security education, training and awareness (SETA) programs are designed to reduce the incidence of accidental security breaches. Through the readings you will learn about the design and delivery of these programs as well as various training techniques. This module concludes with a discussion about your experience and opinion about organizational security training.


4 videos, 4 readings, 1 practice quiz expand

1. Reading: Learning Objectives
2. Video: Introduction to SETA and training
3. Reading: Security Education, Training and Awareness
4. Reading: Training
5. Practice Quiz: SETA Practice Quiz
6. Reading: Making Security Awareness Work
7. Video: Industry Q&A: SETA in Real Life
8. Video: Industry Q&A: Customers and Security Training
9. Video: Pulling it together
10. Discussion Prompt: Recent training experience

Graded: Security Education: Training and Awareness Quiz

WEEK 3


Reasons Why Traditional Training Efforts Fail



In this module you will understand why traditional training efforts through SETA programs may fail. You will learn about human behavior and how understanding it can help managers better leverage their security efforts. Finally, through the readings you will also see that this is a global issue. The readings present examples of existing awareness campaigns in U.K., in Australia, in Canada and Africa.


4 videos, 5 readings, 1 practice quiz expand

1. Reading: Learning Objectives
2. Video: Overview: Habits and Vulnerabilities
3. Reading: Why Do Cybersecurity Awareness Campaigns Fail?
4. Practice Quiz: Why Do Cybersecurity Awareness Campaigns Fail Quiz
5. Video: Employee Habits, Errors, and Security Breaches
6. Reading: The Impact of Past Behavior
7. Video: Habituation: What is it?
8. Discussion Prompt: Automated Behavior
9. Reading: How Does Behavior Become Habitual?
10. Reading: Global Threat Report
11. Video: Pulling it together

Graded: Habits and Training Programs
Graded: Test Your Knowledge!

WEEK 4


Threat Intelligence



We will conclude by identifying some novel problems and practices that organizations are experiencing. You will learn about hactivism, cyberinsurance, and ransomware through popular press readings about recent security problems that landed companies on the front page.


3 videos, 6 readings, 1 practice quiz expand

1. Reading: Learning Objectives
2. Video: Threat Intelligence: Planning for attacks
3. Reading: What is threat intelligence?
4. Reading: Rise of Hacktivism
5. Reading: Cyber Insurance
6. Reading: Protecting yourself from Ransomware
7. Reading: Ransomware
8. Video: Industry Q&A: Threat Intelligence
9. Video: Pulling it together
10. Discussion Prompt: Identify a potential threat
11. Practice Quiz: Practice quiz: Test your threat intelligence!

Graded: Test your knowledge of threat intelligence