Security Awareness Blog

Security Awareness - Top Ten Topics

One of the challenges organizations face with an awareness program is determining which topics to teach. Once you start researching all the different behaviors you want to change, you can develop quite a long laundry list. It would be great if we could teach end users everything we want, but that is often not practical. End users can only be trained and remember so much. You only have so many resources and time to communicate. These and often other factors limit the number of topcis you can have in your awareness program. Over the next couple of weeks I'll be covering what I feel are the ten most important topics, why I feel they are important and some of the key behaviors we want to change for each topic. My goal is to create a starting point for organizations, a way you can quickly jump start your awareness program that is both compliant and reduces risk. Based on my experience, I feel these are the top ten topics, and in this order.

  1. You Are The Target
  2. Social Engineering
  3. Email and IM
  4. Social Networking
  5. Browsers
  6. Passwords
  7. Encryption
  8. Smartphones / Mobile Devices
  9. Monitoring / AUP
  10. Hacked

Next post I'll start with You Are The Target. I'll explain what this is, why I feel it is so important and the key lessons we want to teach. I'm also very interested in the community's feedback, especially if you disagree on a certain topic and why.

3 Comments

Posted November 16, 2010 at 12:06 PM | Permalink | Reply

Ben Woelk

Hi Lance,
I like the focus on human vulnerability to social engineering types of attacks. It certainly fits our experiences. We emphasize human susceptibility to social engineering in our training sessions for faculty and staff and it's highlighted in our introductory Cyber Self Defense coursework for IT majors.
Ben Woelk
Policy and Awareness Analyst
Rochester Institute of Technology

Posted November 29, 2010 at 3:15 PM | Permalink | Reply

Tim Harwood

Hi Lance et al,
Great course here in London over the weekend. I would still like people's thoughts on the gap between Generation Y and us oldies and whether a different approach is required for each community receiving the awareness?

Posted November 30, 2010 at 6:12 PM | Permalink | Reply

lspitzner

Tim, great question! I would say definitely. My impression is tools such as online videos and Facebook are much more effective for the newer generation, while more traditional methods such as presenting in person work better for older generations. However I do not have any metrics to prove this theory. I am very interested to see what others have to say.