Security Awareness is THE MOST EFFECTIVE solution to most information security problems. Security needs to become a part of our home and work-based culture. We all want to do the right thing, and I believe that if people are aware of the threats that they face in an environment, how to identify them, provided tools, ideas and direction for dealing with them, they are likely to deal with those threats more effectively.
Today more than ever it is critical that the general public and employees consider the threats that the Internet brings right into their home and work lives. Every one of us works hard enough for the money that we earn. To have someone unfairly interfere with, or deprive us of, our wages or jobs is simply unacceptable. We don’t all have to become certified experts at information security, but every single one of us MUST be prepared to work and play safely in the online environment.
Do you believe that you have a solid grasp of the basics of Information Technology and Security? Do you know how to explain concepts like DNS and DHCP? Can you spot a phishing attack? Do you understand malware? Can you identify the many threats to your network and home PC? Can you identify the steps that should be taken to eliminate those threats? If you think you can, step right up and take a few pop quizzes, online for free. Knock off one or two a day, research the areas that you are unsure of, and before you know it, you will be contributing to the ongoing security culture within your own organization, and keeping your home and work PCs safe from scammers and criminals.
These general items could be reviewed, adapted, and used as a foundation for building your own Security Awareness Program. A real Security Awareness Program should be tailored to your specific organization, the identified threats and vulnerabilities that your organization faces, and adapted to reflect your specific policy and regulatory environment.
<Shameless Plug> By the way, this is one of the many areas that I can help you with. Be the first on your block to make me a job offer!</Shameless Plug>
General Technology & Security 101:
- General Security Awareness Quiz http://www.staysafeonline.org/content/self-assessment-quiz
- Computer Security 101: Quiz 1
- Computer Security 101: Quiz 2
- Computer Security 101: Quiz 3
- Computer Security 101: Quiz 4
- Computer Security 101: Quiz 5
- Computer Security 101: Quiz 6
- Computer Security 101: Quiz 7
- Computer Security 101: Quiz 8
- Computer Security 101: Quiz 9
- Computer Security 101: Quiz 10
- Computer Security 101: Final Exam
Common Security Subjects:
- Top 10 consumer threats to the enterprise
- Password Security http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci957024,00.html
- Malware Basics http://www.securitynewsdaily.com/think-you-know-computer-viruses-take-our-quiz-0550/6
- Malware Technical http://www.dhamipublishing.com/?p=583
- Spam Basics Phishing and Spam IQ Quiz
- Phishing Basics http://www.microsoft.com/canada/athome/security/quiz/phishingbasics1.mspx
- Phishing Advanced http://www.onguardonline.gov/games/phishing-scams.aspx
- Spyware Basics http://www.e-learning-computing.com/is02cg/page_09.htm
- Spyware Basics http://www.onguardonline.gov/games/beware-spyware.aspx
- Spyware Basics http://www.microsoft.com/canada/athome/security/quiz/spywarebasics1.mspx
- Identity Theft http://www.abcfraud.ca
- Identity Theft http://money.howstuffworks.com/personal-finance/banking/identity-theft-quiz.htm
- Identity Theft http://www.onguardonline.gov/games/id-theft-faceoff.aspx
- Social Networking Tips http://www.us-cert.gov/cas/tips/ST06-003.html
- Social Networking http://www.onguardonline.gov/games/friend-finder.aspx
- Social Networking http://www.grovo.com/security/social-networking-safety
Advanced Security Topics
- Firewall Basics http://searchcio.techtarget.com/sDefinition/0,,sid19_gci947416,00.html
- Authentication Methods http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci901726,00.html
- Identity and Access Management Architecture http://searchsecurity.techtarget.com/general/0,295582,sid14_gci1195845,00.html
- Online Privacy http://searchsmb.techtarget.com/sDefinition/0,,sid44_gci1082047,00.html
- Web Attack Prevention http://searchsecurity.techtarget.com/generic/0,295582,sid14_gci1096040,00.html
- Common Vulnerabilities http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci875285,00.html
- Vulnerability Management http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1043849,00.html
- Build A Risk-based Compliance Program http://searchsecurity.techtarget.com/generic/0,295582,sid14_gci1296645_tax309647,00.html
- US Department of Defense Information Systems Security Awareness Computer Based Training from October 2007
- Behaviour Change SA Tool – A tool to utilize when using a Strategic Plan Model in your Security Awareness efforts. This tool helps you determine the desired future state, assess the current reality and identify the gaps between the two.
- Information Asset Classification Matrix – A sample Classification Matrix that can be used as a starting place to design your own matrix and facilitate the protection of information and employee responsibilities at three levels.
- Motivating the Workforce to Support Security Objectives: A Long-Term View – The security objective of due diligence and business enablement has positive potential for good motivation. Reward due diligence, not just unpredictable risk awareness.
- Principles of Effective Security Awareness (SA) Communication – A Communication Plan is based on the principles of effective organizational communication.
- RUA Formula for Security Awareness – A three-step process to help all employees recognize potential security threats and deal with them before they become a security breach.
- Security Awareness Benchmarking and Metrics – “What does not get measured, does not get done,” or at best, ‘does not get done right.’
Did I mention that I really like FREE things, offered as an informational benefit to the community at large? Kudos to those that develop, post and host these resources. Companies and individuals like yourselves deserve recognition and support. Thank you!