Security Program Elements

User awareness programs are designed to make employees aware of potential security threats and risks.

• For example, a company might send out false phishing emails to make employees click a link and sign in with their login credentials.

• Although the emails are harmless, employees who fall for the false emails will be informed that it is part of a user awareness program and they should be more careful about phishing emails.

User training programs are more formal than user awareness programs.

• For example, dedicated training sessions which educate users on the corporate security policies, how to create strong passwords, and how to avoid potential threats.

Physical access control protects equipment and data from potential attackers by only allowing authorized users into protected areas such as network closets or data center floors.

• Multifactor locks can protect access to restricted areas.

  • ie. a door that requires users to swipe a badge and scan their fingerprint to enter.

  • Permissions of the badge can easily be changed, for example permissions can be removed when an employee the company.