Navigation and service

BSI - Federal Office for Information Security (Link to homepage)

Awareness

Awareness of problems and secure behaviour

Awareness is a fundamental security safeguard when dealing with IT systems on a daily basis. First of all, awareness must be raised of the problems associated with cyber security; then that knowledge can serve as a stepping stone to bring about behavioural changes that mean people act in a way that fosters digital security.

Security awareness measures are successful if they empower their target groups and motivate individuals to achieve a greater level of cyber security. It is important to develop awareness measures that treat employees as equals and are rooted in actual practice.

The right perspective

Changing perspective can help to implement security awareness measures successfully. IT security is only as good as the person using the systems. This is why we do not see people as vulnerabilities, but as a defensive shield against cyber attacks. The widespread rhetoric of the "human factor" can tend to have a negative effect. Whereas if we see people as the "human security factor", they become part of the solution, not the problem. The interface between humans and machines needs to be better designed.

What we offer

The Alliance for Cyber Security develops new approaches that you can follow to build up and boost awareness within your company. In future, we want to support you with additional tips and information. The links below contain material on such topics as "Secure handling of photos in the workplace". You can use this information to empower yourself and your employees as well as to raise awareness of IT security issues.

Approaches to achieve better awareness

Gut gerüstet: Ein/e geschulte/r Mitarbeiter/in erkennt sofort wann ein unbekannter Anhang einer Nachricht geöffnet werden darf oder nicht.

Well equipped: Human security factor

Wertvolles Motiv: Handyfoto auf dem im Hintergrund ein Monitor mit Passwortzettel zu sehen ist

A valuable image -- for friend and foe

Additional information

  • How to identify fraudulent e-mails
  • How to protect yourself from spam
  • How to protect yourself from password theft via phishing
  • A podcast to tell you more about IT security at the workplace
  • Awareness-raising and training are covered extensively in the IT-Grundschutz, Organisation and personnel module
  • You can find a free phishing awareness campaign, accessible to everyone and created as part of ECSM 2019, which will teach you how to identify phishing e-mails yourself based on practical examples, here: www.phish-test.de (this is a service offered by a cyber security initiative based in Cologne)

More Information

Back to Human factor