RE: Security Awareness inhouse - Tips and Tricks?

["Petter Bruland" <pbruland () fcglv com>]

Good luck! :-)

Make sure you have a good IT policy in the Employee Handbook, so that
the employees sort of know what they can and cannot do at work.

Make sure you speak their language, and don't use any technical terms,
that's when they start drifting off.

If you can find a "fun" way to tell them about certain vulns, hacks etc,
that will help keep them focused.

Showing them how an intruder is able to break in might be cool, but I
don't believe that it will help you getting the point through to them.

Anyway good luck!

-Petter

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of WALI
Sent: Saturday, April 07, 2007 9:30 AM
To: security-basics () securityfocus com
Subject: Security Awareness inhouse - Tips and Tricks?

So, part of my new job profile is to undertake security awareness
training within our (over a dozen) departments ranging from Mechanical
Engineers, to civil and telecommunications, HR. Finance etc.

The maximum slot that I can squeeze from their head of departments
(attendance to be made mandatory) would be about 60 minutes.

I have set up a website (Intranet) with latest threats and FAQ's (like,
is my online browsing monitored etc), but for this 60 minutes session, I
was wondering, what are the best ways to make it engaging and
interesting for these non-IT guys, so that they return next time.

Would Bluetooth hacking, password sniffing etc hold them to their seats?

Phishing demo/Credit card fraud etc.

Can anyone help me with stuff to go about it? All and any inputs are
appreciated fir I know there would be lots of guys around here who have
been there and done that but this would be my first time.

Regards