Security awareness tips: Making programmes more effective
As a research study by mail security company Clearswift found last November, few organisations tackle the awareness agenda with enthusiasm. Half of the employees polled said they had never received any awareness training, and two-thirds had never had training in their current role. That led the researchers to conclude that most workers were “IT freestyling:” working with little or no guidance about what was and was not permitted.
So what are the keys to making an awareness programme effective, and ensuring it produces a long-term impact on the behaviour of the people using systems?
The best way is to ask security pros who have been through the process. And what better way to find out than to ask members of security groups on the LinkedIn social networking site? We at SearchSecurity.co.UK recently did just that, and, within hours, professionals from around the world began to offer up their suggestions.
Here is a summary of some of their security awareness tips :
Targeting A corporate security policy can be long and complicated, and much of it will be irrelevant to individual workers, so security pros suggest tailoring training to each group of users.
“The message and the language must be crafted to the audience: Speak in the audience's language. Never use ‘security-speak’ except to other security folk,” wrote Brook Schoenfield, a senior security architect for US-based Cisco Systems.
Nick Baskett, managing director of Matta Group in London, echoed that view: “Teaching someone something they don't see as relevant to their job is a sure way to encourage amnesia. Security awareness to the [Personal Assistant] for the CFO has different elements than training someone in a call centre.”
Michael Krausz, an information security consultant based in Austria, made the point that training has to be engaging if it is to register with people. “The training should be inspiring and interesting. There's nothing worse for increasing awareness than a boring training session,” he wrote. “What usually works is to include practical elements that contain an element of surprise to keep a class interesting.” In one session, Krausz showed people the source code of a virus, for example, and in another, he showed a hardware keylogger and asked people to think about how much of their typing such a keylogger could hold in its 2GB of memory.
He also emphasised the need for face-to-face sessions in addition to any computer-based training (CBT). “Using CBT neither creates nor increases awareness. If people do not have in-person training sessions, they will simply learn the answers, but their awareness will not change,” Krausz said.
Security Awareness Posters - News
“Most security awareness training wears off very quickly, something like 4-6 weeks if you are lucky. Daily and weekly reminders, posters, knick knacks for the desk, etc., also start becoming background noise and glazed over,” he wrote.
Lack of novelty is another issue that can reduce the effectiveness of awareness programmes. Something that's new is more likely to get noticed than something that's become familiar. (Roper, Grau & Fischer, 2005). Renewal of posters and messages will
of the company's expanding range of DPA compliance support products, including the Complete DPA Toolkit (www.itgovernance.co.uk/products/3099), which contains a DPA compliance assessment tool, pocket guides and data protection awareness posters.
ITG's e-learning course is just one part of the company's expanding range of DPA compliance support products, including the Complete DPA Toolkit, which contains a DPA compliance assessment tool, pocket guides and data protection awareness posters.
Manama, June 18 (BNA)-- The Interior Ministry's Public Relations Directorate has launched an electronic awareness project to spread social, cultural and security awareness. It is the first of its kind and is accessible via the Public Relations
IMC Major Melissa Buck Wins Prize for Information Security Awareness
IMC major Melissa Buck, '13, recently won the bronze prize in the 2011 Computer Security Awareness Poster and Video Contest in the poster category. The host of the contest, EDUCAUSE, is a non-profit organization that focuses on the intelligent use of technology in higher education. EDUCAUSE stated: “Surveys of colleges and universities have shown that a significant percentage of security breaches are caused by the carelessness of a student or staff member.” Therefore, the organization is excited to use Melissa’s poster design to heavily promote its message concerning Internet security.
Melissa said: “I am passionate about graphic design and I take every opportunity I can to develop and showcase my skills. When I entered the competition, I was not expecting much to come out of it; I just thought of it as another chance to have fun doing what I love and get my work out there.”
Starting in early May, Melissa’s poster, as well as the other winning entries, can be found at http://www.educause.edu/SecurityVideoContest2011
EDUCAUSE is a nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology. EDUCAUSE helps those who lead, manage, and use information resources to shape strategic decisions at every level.
Security Awareness Posters - Bookshelf
No tech hacking, a guide to social engineering, dumpster diving, and shoulder surfing
As the network of informal security proponents grew, security was becoming an interesting challenge instead of a chore. Posters As my homegrown awareness ...The ethical hack, a framework for business value penetration testing
There are three basic phases to develop an effective security awareness program: 1. ... display security awareness posters and change them periodically, ...Security education, awareness, and training, from theory to practice
When you have the right cartoon character, use it as or in your logo, and make it a part of as many security awareness posters and products as you can. ...AVL systems for bus transit, update
FIGURE 8 Example of a Security Awareness Poster (Courtesy: BART). Some agencies such as WMATA and TriMet collaborate with Community Emergency Response Teams ...Information security management handbook
Security awareness can be disseminated to employees through weekly newsletters, e- mails, posters, or even a booth set up in a ...Day-after-day News Directory
Security Awareness Posters
Posters are a great tool for promoting awareness of any topic. ... on a given security topic in an interesting and informative manner. Our posters are carefully designed to ...
Privacy and security awareness and education posters
Security Awareness Posters & HIPAA Compliance Posters With Your Logo at no extra charge! ... Our custom security awareness posters will allow you to tailor the ...
Security Awareness Posters, Privacy Posters, and HIPAA Posters
Security Awareness Posters, Privacy Posters, and HIPAA Posters
Sample NoticeBored security awareness poster images
There are six brand security awareness posters in the latest NoticeBored security awareness module. ... The security awareness poster images are now just US$95 per image ...
Information security awareness - posters
Our security awareness posters are funny and colorful artwork that will please your eyes and remind you and your company staff important security facts.