Security Basics mailing list archives
RE: RE: Annual Security Awareness program
From: "Jason Hurst" <Jason.Hurst () PandaRG com>
Date: Thu, 19 Mar 2009 13:39:10 -0700
Hi everyone, It's important not to confuse an Awareness Program with a Training Program. Quote from the NIST Special Publication 800-16: "Awareness is not training. The purpose of awareness presentations is simply to focus attention on security. Awareness presentations are intended to allow individuals to recognize IT security concerns and respond accordingly. In awareness activities, the learner is the recipient of information, whereas the learner in a training environment has a more active role. Awareness relies on reaching broad audiences with attractive packaging techniques. Training is more formal, having a goal of building knowledge and skills to facilitate the job performance." An effective awareness program would focus on flyers, posters, brief messages, and other activities where the general idea is simply to promote the idea that security is important. It MAY be specific, such as a poster on virus protection or not writing down credit card numbers. The first step to creating such a program would be to download the NIST SP800-50: Building an Information Technology Security Awareness and Training Program. Jason Hurst Sr. Network Security Administrator Panda Restaurant Group jason.hurst () pandarg com Please consider the environment before printing this email -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of viveksilla () gmail com Sent: Tuesday, March 17, 2009 10:06 PM To: security-basics () securityfocus com Subject: Re: RE: Annual Security Awareness program User awareness is an essential component of security and all orgaizations should take steps to reduce the risk from People element. To my knowledge, security awarnesss is a part of induction program in most of the organizations. Many organizations do conduct periodic awareness programs, but when it is an essential point for regulatory compliance, all organizations have to. Though classroom kind of sessions could be most effective, the practicality of conducting such sessions atleast once in a year should also be seen considering the headcounts. Though probably less effective, but more practical method could be the use of Computer Based Trainings, which many organizations do adopt to ensure compliance. Though there might not be any silver bullet, but a mix of Periodic broadcasts, Eye Catching posters at key locations, Security wall papers on all machines, periodic floor sessions as well as CBTs might result in effective user awareness while ensuring regulatory compliance. Regards Vivek Silla a.k.a V1cky 8@8@ ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized certs available, online computer forensics training available. http://www.infosecinstitute.com/courses/computer_forensics_training.html ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized certs available, online computer forensics training available. http://www.infosecinstitute.com/courses/computer_forensics_training.html ------------------------------------------------------------------------
Current thread:
- Annual Security Awareness program Nick Duda (Mar 17)
- RE: Annual Security Awareness program Corey Bobb (Mar 17)
- RE: Annual Security Awareness program G Michael Runnels (Mar 19)
- <Possible follow-ups>
- Re: Annual Security Awareness program vupadhyaya (Mar 19)
- Re: RE: Annual Security Awareness program viveksilla (Mar 19)
- RE: RE: Annual Security Awareness program Jason Hurst (Mar 19)
- Re: RE: Annual Security Awareness program Meenal Mukadam (Mar 24)
- RE: RE: Annual Security Awareness program Jason Hurst (Mar 19)