Security Basics mailing list archives
RE: Security Awareness inhouse - Tips and Tricks?
From: <lalit.gupta () bt com>
Date: Wed, 11 Apr 2007 06:01:21 +0100
Hi, I faced the same situation in one of my previous jobs. I had exactly 60 minutes for these non-IT people to be made aware of security awareness. I started with organizations security objectives, some policies / do'es & don'ts of security policy. Then I shared some real-life examples about hacking, phishing, sniffing, good & bad passwords, good & bad practices on internet, spam mails & their consequences, incident types and their effects etc. Most of these sessions became very inter-active, with people sharing their own experiences, and mostly I had to stretch beyond 60 minutes on audience request. Another benefit I had of these sessions were, people became pro-active fro information security and my life became easy :) I am not sure, how much this will help in your particular scenario, but thought it would be better to share my experience. Regards, Lalit Gupta +91-9910634863 -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Petter Bruland Sent: Tuesday, April 10, 2007 11:05 PM To: WALI; security-basics () securityfocus com Subject: RE: Security Awareness inhouse - Tips and Tricks? Good luck! :-) Make sure you have a good IT policy in the Employee Handbook, so that the employees sort of know what they can and cannot do at work. Make sure you speak their language, and don't use any technical terms, that's when they start drifting off. If you can find a "fun" way to tell them about certain vulns, hacks etc, that will help keep them focused. Showing them how an intruder is able to break in might be cool, but I don't believe that it will help you getting the point through to them. Anyway good luck! -Petter -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of WALI Sent: Saturday, April 07, 2007 9:30 AM To: security-basics () securityfocus com Subject: Security Awareness inhouse - Tips and Tricks? So, part of my new job profile is to undertake security awareness training within our (over a dozen) departments ranging from Mechanical Engineers, to civil and telecommunications, HR. Finance etc. The maximum slot that I can squeeze from their head of departments (attendance to be made mandatory) would be about 60 minutes. I have set up a website (Intranet) with latest threats and FAQ's (like, is my online browsing monitored etc), but for this 60 minutes session, I was wondering, what are the best ways to make it engaging and interesting for these non-IT guys, so that they return next time. Would Bluetooth hacking, password sniffing etc hold them to their seats? Phishing demo/Credit card fraud etc. Can anyone help me with stuff to go about it? All and any inputs are appreciated fir I know there would be lots of guys around here who have been there and done that but this would be my first time. Regards
Current thread:
- Security Awareness inhouse - Tips and Tricks? WALI (Apr 10)
- RE: Security Awareness inhouse - Tips and Tricks? Petter Bruland (Apr 10)
- RE: Security Awareness inhouse - Tips and Tricks? lalit.gupta (Apr 11)
- Message not available
- Fwd: Security Awareness inhouse - Tips and Tricks? kevin fielder (Apr 11)
- RE: Security Awareness inhouse - Tips and Tricks? Murda Mcloud (Apr 12)
- RE: Security Awareness inhouse - Tips and Tricks? Petter Bruland (Apr 10)
- <Possible follow-ups>
- Re: Security Awareness inhouse - Tips and Tricks? security (Apr 11)
- Re: RE: Security Awareness inhouse - Tips and Tricks? icsdm05028 (Apr 13)