According to a set of data released by the US investment consulting agency Cybersecurity Ventures, by 2025, the economic losses caused by global cybercrime will reach 10.5 trillion US dollars. Behind a cybercrime market comparable to the world’s third-largest economy, every Internet user can be a potential victim of cybercrime. Popularizing the education of cybersecurity awareness among the whole people and improving the awareness and ability of the whole people to deal with cybersecurity threats have become an important part of the cybersecurity strategies of many countries.
As the country of origin of Internet technology and the leading country in network security technology. The United States has long attached importance to the “people” factor in network security. The US has introduced a series of national policies, laws, and standards from the top-level design. And established a set of national policies, laws, and standards established by the government, society, and universities.
The national network security awareness education system that enterprises and individuals participate in and cooperate efficiently. So, every citizen can become a “network security guard” to improve the overall level. And the efficiency of network security at the minimum social cost. These measures of the United States in the education of network security awareness. The US can provide a reference for our country to strengthen the education of network security awareness.
1. Incorporate cybersecurity awareness education into national cybersecurity policies
The United States has successively issued a series of cybersecurity policies. And made overall arrangements for the education of cybersecurity awareness of the whole people. And in the form of national strategies, national action plans, and presidential executive orders. As early as 1999, the United States has clearly written information security awareness into the National Information Security Strategic Framework.
In 2003, the United States released the National Strategy for Protecting Cyberspace Security, emphasizing. The need for a wide range of American people to take advantage of cybersecurity. And establishing security awareness and training programs is one of the five priorities for national cybersecurity. In 2004, the United States launched the National Cyber Security Awareness Month. Which sets a specific theme every year to call on the American public to strengthen their awareness of security protection. And to deal with various types of cybercrime activities.
Cyberspace Policy Review
In 2009, the United States released the “Cyberspace Policy Review” report. And advocating the launch of a national cyberspace security public awareness. And education campaigns to make the public fully aware of the importance of cybersecurity issues. During2010 this, the United States launched the National Cyber Security Education Program (NICE). Which aims to comprehensively improve information security in the United States. Through systematic and standardized popularization of cyber security knowledge, formal academic education, vocational training, and certification. ability.
During2014, the United States designated January 28 each year as National Data Privacy Day to raise. The public awareness of the importance of privacy and the protection of personal information. In 2016, the United States released the National Cybersecurity Action Plan and established the National Cybersecurity Promotion Committee. And formulated ten-year action recommendations including raising public cybersecurity awareness. The report “Enhancing National Cybersecurity—Promoting the Security and Development of the Digital Economy. That ” issued by the Commission pointed out the American public’s cybersecurity awareness. And capabilities should be continuously improved, and the public should be shaped as a major player in national cybersecurity assurance.
In 2018, the United States released the National Cyber Strategy, pointing out that from the perspective of objective needs. And long-term development, strengthening public cybersecurity awareness education is an important aspect of maintaining national cybersecurity. In 2021, the U.S. Cyberspace Sunbathing Committee released the “Cybersecurity Recommendations for the Biden Administration”. That proposes to promote national education, digital literacy, and public awareness.
2. Incorporate cybersecurity awareness education into laws, regulations, and standards
The United States has also incorporated cybersecurity awareness education into the scope of legal protection. Through laws, regulations, standards, and other forms. The Federal Information Security Management Act (FISMA) requires federal agencies to establish security awareness. And awareness training programs to conduct information security training for federal employees, contractors, etc., to enhance information security awareness. The Privacy and Security Rules of the Health Insurance Portability. And Accountability Act (HIPAA) requires a security awareness and training program for all employees, including new hires, management, partners, etc.
Financial Services Modernization Act (GLBA)
The Financial Services Modernization Act (GLBA) requires training employees on how to recognize. And respond to fraud or identity theft and properly handle customer information. The Sarbanes-Oxley Act (SOX) requires public companies to conduct security awareness training programs. And The Fair and Accurate Credit Transactions Act (FACTA) requires employees to be trained in identity theft prevention programs. The Massachusetts Data Protection Act requires ongoing security training for permanent and temporary contract employees. That focuses on the security, confidentiality, and/or integrity of any electronic, paper. And other records containing personal information. reasonably foreseeable internal and external risks.
In addition to the security awareness training required by laws and regulations, and relevant industry norms. And standards in the United States also require security awareness training. The Payment Card Industry Data Security Standard (PCI-DSS) requires a formal security awareness. And training program should be implemented at least annually to educate all personnel about the importance of cardholder data security. The National Institute of Standards and Technology. “NIST SP 800-53: Recommended Privacy and Security Controls for Federal Information Systems and Organizations. And “states that organizations should determine personnel security awareness training and Appropriate content for security awareness techniques. The North American Electric Reliability Council (NERC) requires personnel risk assessment, training, and safety awareness education. The U.S. Securities and Exchange Commission’s (SEC) Cybersecurity Exam Initiative Guidelines require companies to educate their employees about information security and risks.
However, most laws, regulations, and standards in the United States do not have clear regulations on the training topics. And training duration, training cycle, frequency, assessment, and measurement methods should be covered by security awareness education.
3. Government, society, schools, and enterprises work together to promote cybersecurity awareness education
U.S. government agencies are responsible for the overall planning, coordination, and guidance of security awareness education. For example, the U.S. Department of Homeland Security is the main functional department of cyberspace security awareness education, and through the Stop. Think. Connect project, various publicity activities are carried out to help the American public understand cyber behavior risks and countermeasures. The U.S. Department of Commerce undertakes the promotion and coordination of the National Cyberspace Security Education Program (NICE). Through the National Institute of Standards and Technology (NIST) to popularize cybersecurity knowledge in schools and workplaces.
Social institutions play the role of publicity, training, and certification of safety awareness. For example, the National Cyber Security Alliance (NCSA) is one of the main sponsors. And organizers of the National Cyber Security Awareness Month in the United States. Training organizations and certification agencies conduct professional training and certification.
The school shoulders the responsibility of network security professional courses and knowledge dissemination. The United States attaches great importance to the education of network security awareness. Through schools, and cultivates the public’s awareness of network security from an early age. From the basic education stage of kindergarten to the 12th grade, students have been instilled in network security knowledge. Prepare to develop security-conscious, qualified digital citizens. Relying on university resources and characteristics, colleges and universities open cybersecurity majors and organize. They formulate cybersecurity training plans, scholarship programs, cybersecurity competitions, etc. And to increase the security knowledge and skills of college students, and encourage. And to guide college students to join the cybersecurity industry.
Education And Safety Skills Training
The company conducts safety awareness education and safety skills training for internal employees. The cost of security awareness training is relatively low. And that compared to the record and high financial losses to businesses caused by data breaches. And in most cases, training costs are less than 1% of the cost of a breach. Businesses of all sizes are beginning to realize. That internal threats are just as important as external threats. That is especially as telecommuting becomes the new normal amid the COVID-19 pandemic. And employee security awareness education is more important than ever, and needs to be complemented.” Human Vulnerability”. The more employees are educated on security awareness, the lower. The overall security risk of the enterprise, and the more cyber-resilient the enterprise becomes.