A beginner’s introduction to cyber security & the human aspect of cyber security
This list of free (or cheap) resources is a good introduction to the world of cyber security and the human aspect of cyber security. It’s by no means exhaustive, covering only the most fundamental concepts.
Nevertheless, it’s a great place to start for beginners and those wanting to understand the basics.
If you don’t have time to look through it all, we’d recommend you start with the things marked ‘recommended’.
Enjoy, and good luck.
A short, simple, jargon-busting video that provides easy-to-understand definitions for terminology commonly used to describe cyber threats and the technology used to protect data.
Nick Espinosa explains how internet culture fails to foster a common understanding of cybersecurity and threats online. His five laws, designed to help us think like a hacker, explain why human nature exposes people and businesses to risk.
With two decades of cybersecurity experience, LaCour shines a light on the underbelly of internet mischief and malice, with the intent of empowering you to be vigilant and stay safe and protected.
James Lyne talks about the growing gap between the cybersecurity know-how of internet users and the skills and tactics of professional cyber criminals. .
Having a computer hacked can be life altering. We’re often fearful of hackers and those who want to engage in identity theft.
Adam Anderson is an ex-NSA agent and IT specialist and explains how hacking can be prevented.
Ransomware has become increasingly pervasive, but effective, as a form of cybercrime. James Lyne, steps through a demo of how ransomware victimises unsuspecting users, showing how cyber criminals use the internet to piece together ransomware to create cryptocode.
Chris Domas is a cybersecurity researcher, operating on what’s become a new front of war, “cyber.” In this engaging talk, he shows how researchers use pattern recognition and reverse engineering to understand a chunk of binary code whose purpose and contents they don’t know.
Frank Heidt, cyber defense professional, offers a sobering historic, economic and demographic overview of the growing threat to the U.S. from Chinese cyber invasions. Heidt mixes humor with intellect as he places the audience on “high alert” through stories of espionage and intrigue.
Personal data is a precious commodity but can we sometimes share too much? Rob May thinks we need to develop our human firewall in an age where so much of our lives are online.
Cybercrime netted a whopping $450 billion in profits last year, with 2 billion records lost or stolen worldwide. Security expert Caleb Barlow calls out the insufficiency of our current strategies to protect our data. His solution? We need to respond to cybercrime with the same collective effort as we apply to a health care crisis, sharing timely information on who is infected and how the disease is spreading. If we’re not sharing, he says, then we’re part of the problem.
Glenn Greenwald was one of the first reporters to see — and write about — the Edward Snowden files, with their revelations about the United States’ extensive surveillance of private citizens. In this searing talk, Greenwald makes the case for why you need to care about privacy, even if you’re “not doing anything you need to hide.”
It’s been 25 years since the first PC virus (Brain A) hit the net. What was once an annoyance has become a sophisticated tool for crime and espionage. Computer security expert Mikko Hyppönen tells us how we can stop these new viruses from threatening the internet as we know it.
Hacking is about more than mischief-making or political subversion. As Catherine Bracy describes in this spirited talk, it can be just as much a force for good as it is for evil. She spins through some inspiring civically-minded projects in Honolulu, Oakland and Mexico City — and makes a compelling case that we all have what it takes to get involved.
Most organisations fail to measure their human cyber risk.
Some measure security training uptake. Some go a little further and measure suspicious link-clicks or report-rates. But very few can answer key security questions such as “How has our human cyber risk changed over time?” and “Which security interventions reduce most risk?”.
This whitepaper explains that to answer such questions, the security industry needs meaningful metrics: to be able to benchmark; to be able to see progress; and to measure success and impact.
Much has been written about the benefits of a secure culture. By contrast, very little has been written about how to develop a secure culture.
This whitepaper reveals how today’s security teams can build a people-centric secure culture – one that places your people at the heart of cyber security. It also introduces C-CAT, CybSafe’s world-first Culture Assessment Tool that generates personalised recommendations for advancing the people-centric security culture of individual organisations.
- Why security awareness training in its current form isn’t working
- The importance of “security ABC”
- How to measure and develop a people-centric security culture
- C-CAT – CybSafe’s Culture Assessment Tool
- C-CAT’s seven key dimensions scientifically proven to influence human cyber risk
In this whitepaper, we outline the CybSafe approach to applying behavioural science, how it’s embedded in everything we do and how our products drive behaviour change in employees.
- About CybSafe Research and Analysis
- Collaborations & Partnerships
- Tackling the Human Aspect of Cyber Security: The need for effective behaviour change
- The psychology of cyber security: How to think about behaviour change
- The CybSafe Method: From human cyber risks to human cyber resilience
- Behaviour Change: The CybSafe Way
Blogs, articles and other reading
Cybrary’s cyber security glossary provides the cyber security community with knowledge of and insight on the industry’s significant terms and definitions.
This list contains key terminology and is one of the most extensive cyber security glossary/vocabulary resources online.
Cyber security encompasses a much bigger, broader range of roles than most people realise. From operations to risk analysis to law, there are a huge variety of interesting career options – and you don’t necessarily have to study STEM subjects or have a degree in cyber security.
Cyber Security Challenge UK exists to inspire and enable more people from diverse backgrounds to become cyber security professionals.
Their website offers free resources and information on typical roles within the industry, development paths and career advice.
This report is concerned with human aspects of cybersecurity including not only psychology and sociology, but also ethnography, anthropology, human biology, behavioural economics and any other subject that takes humans as its main focal point.
Most security awareness training attempts to raise awareness only. This blog explains the importance of security awareness training raising awareness, changing behaviour and building a culture of security, in order for it to be successful in decreasing risk.
Here, CybSafe explains why the old definition of security awareness training is too rudimentary – because it talks only of educating people and says nothing of ensuring they actually do anything with this security knowledge.
Instead, of assuming people’s awareness will automatically change their behaviour, this blog explains the importance of behaviour training and a secure culture in successfully decreasing risk.
The definition of the human aspect of cyber security is changing. Cyber security strategies are typically sub-divided into sections on technology, processes and the human aspect of cyber security.
Definitions of both technology and processes are relatively uniform. The human aspect, however, is unique and can actually mean different things to different people.
This blog set out what the “human aspect” means in a traditional sense, as well as what it will mean in the future.
It covers big picture events driving cybercrimes and the top cyber risks affecting executives and their organizations. It provides examples of common cyberattacks; explains how good “security hygiene” helps to combat security threats; outlines key actions to avoid threats such as phishing, identity theft, hacking, and financial fraud; and explains how contract “firewalls” and third-party cyber risk management can help mitigate the most common cyber risks.
1 hour 46 mins
In this course you’ll explore what makes information so valuable and how information security is about the balance of the CIA Triad: Confidentiality, Integrity and Availability.
This course will help you to understand online security, recognise threats, and take steps to protect your digital life, whether at home or work.
The course will also frame your online safety in the context of the wider world, introducing you to different types of malware, including viruses and trojans, as well as concepts such as network security, cryptography, identity theft and risk management.
It delivers an understanding of Information Security management issues including risk management, security standards, legislation, frameworks and business continuity.
This course offers a high-level overview of the security landscape.
It covers foundational concepts for the field of cybersecurity;
examines various types of common threats and attacks; ways to protect our environments through tools and design; explains some advanced topics such as penetration testing; and provides context for the cybersecurity jobs market and key roles within the industry.
This introduction to end-user information and cyber security awareness is designed to teach the principles and practices that mobile, desktop and gaming device users need to keep themselves safe, at home and at work.
Based on the principle that a company’s most valuable assets are its people and its data, the course outlines why cyber security training is a means to protect both.
This course outlines the basic components of social engineering and how it is used.
Addressing different types of social engineering attacks, it provides hands-on experience using the Social Engineering Toolkit (SET).
The course teaches behavioural and technical controls that can be implemented to reduce the likelihood of a successful social engineering attack. It explores fake social media profiles, phishing emails and malicious payload and gives you the experience of playing the “victim” by opening a malicious file.
The course explains why you should limit the information you share on social media and covers some basic items to include in your security awareness program.
By the end of the course, you should understand:
- Different types of social engineering attack
- Behavioural and technical controls that can be used against them
- How to communicate basic security awareness to others