Managing Internal Security Risk
Cybersecurity requires a 365-degree approach to an organization's attack surface. Internal points of access require as much care as external access points. Internally, it's important to consider access controls as well as user training as methods for improving security. With training, there are ongoing efforts to learn how to maintain user engagement and improve the internalization of training material. With users' being potential security risks, it's crucial to form an effective training method and maintain access controls for applications and systems. To address this, current research into the topics of user training and zero-trust will be aggregated here with special consideration to being approachable to smaller organizations. Based on current research, suggestions for building a foundation for long-term success in these areas will be made. The benefits of these methods will look to achieve a more secure organization by improving the users' knowledge and awareness of computers and relevant security concepts. Specific topics cover in this approach includes, preparing for the creation of a training program, zero trust implementation, and ways these can implemented. In the interest of discovering what a company may be starting with, a survey was sent out to determine the confidence and interest users had in computing topics. The results showed most users were interested in additional training and security awareness. In the end it was found that implementing training and zero-trust take plenty of work, but the requirements for starting such an approach are limited and can help create a more secure organization.