National Cyber Security Awareness Month

National Cyber Security Awareness Month

Cyber Security Awareness Planning Toolkit

October is known as National Cyber Security Awareness Month, or NCSAM. Organized and run by the National Cyber Security Alliance (NCSA), October is dedicated to creating awareness about cyber security. To help you and your organization make the most of this October, SANS Securing The Human has created this NCSAM Planning Toolkit. This kit contains the resources you need for a high-impact October including a planning matrix on what to do, communications templates and resources such as newsletters, posters, tips and other materials. The kit is designed to work on its own or supplement anything you may already have planned. OUCH! newsletters and posters fall under the Creative Commons BY-NC-ND 4.0 license. You are free to distribute them within your organization or to your customers as part of October, however you cannot modify them. If you have any questions or suggestions on this community resource, please contact us at sth-community@sans.org.

Where To Start

Start with the Planning Matrix below, this gives you a high level overview of what you can do each week and when. Keep in mind, you are in no way limited to what is just listed here. You are welcome and encouraged to add other materials and events. Each week of October has a specific theme determined by NCSA (listed below) with our materials mapped to each weekly theme. The key we have learned to a successful security awareness month is effective communication. Make sure you have a defined process or relationship with your communications team so they help you communicate each week's activity. You want to be working with them now to lay that groundwork since communication is key. To learn more about making the most of the NCSAM Planning Kit, view our recorded webcast. Some additional key points and resources:

2016 Weekly NCSAM Themes

Here is an overview of the weekly themes. You can find a detailed description of each week's theme at NCSA's website.

  • Week 00: Sep 26-30: This is the last week of September. This is when you want to start communicating about October to your organization and what people should expect. This is when you need to build excitement and buzz.
  • Week 01: Oct. 03-07: Basic steps to online safety and security.
  • Week 02: Oct. 10-14: Creating a culture of cybersecurity in the workplace.
  • Week 03: Oct. 17-21: Recognizing and combating cybercrime.
  • Week 04: Oct. 24-28: Continuously connected lives, what is your "Apptitude"?
  • Week 05: Oct 31: This is only a single day focusing on Critical Infrastructure / Industrial Control Systems. As this is only one day and very industry specific, we are not including this day in the planning kit. For organizations involved in this industry, we highly recommend the poster Control Systems Are a Target or link to the video Anatomy of a ICS Network Attack.

#NCSAM Planning Matrix

Resource Description Notes
WEEK 0 Preparing for Upcoming Month
Tue, Sep 27 Email template Email announcing activities for that week
Optional Activity Planning Template Shredding Day If you have an activity below that does not work for you, replace it with this one.
WEEK 1 STOP. THINK. CONNECT.: Best Practices for All Digital Citizens
Mon, Oct 3 Email template Email announcing upcoming activities for NCSAM
Tue, Oct 4 OUCH! Newsletter Securing Your Home Network You can distribute this newsletter digitally to your staff or print and distribute physical copies. This newsletter has been modified with the date removed.
Wed, Oct 5 Poster Creating a Cyber Secure Home You can distribute this poster digitally to your staff or print and distribute physical copies.
Thr, Oct 6 Lunch-n-Learn Presentation / Webcast Securing Your Kids These are materials you can use to present your own lunch-n-learn on how staff can secure their kids / family online.
Fri, Oct 7 Online Video Video from RSA Conference Workshop on Securing Kids You can link to this site from your own internal portal or distribute the link to this staff via email or other means.
WEEK 2 Creating a Culture of Cybersecurity in the Workplace
Mon, 10 Oct Email template Email announcing activities for that week
Tue, 11 Oct OUCH! Newsletter CEO Fraud You can distribute this newsletter digitally to your staff or print and distribute physical copies. This newsletter has been modified with the date removed.
Wed, 12 Oct Poster You Are a Target You can distribute this poster digitally to your staff or print and distribute physical copies.
Thr, 13 Oct Online Video Targeted Attacks You can link to this site from your own internal portal or distribute the link to this staff via email or other means.
Fri, 14 Oct Online Feed Tip of the Day Program You can link to this site from your own internal portal or distribute the link to this staff via email or other means.
WEEK 3 Recognizing & Combating Cybercrime
Mon, 17 Oct Email template Email announcing activities for that week
Tue, 18 Oct OUCH! Newsletter Ransomware You can distribute this newsletter digitally to your staff or print and distribute physical copies. This newsletter has been modified with the date removed.
Wed, 19 Oct Internal Event / Lunch-n' Learn Internal event with Guest Speaker For this day you will need to find and coordinate a speaker for your event. This is an amazing way to generate excited and engagement for the month.
Thr, Oct 20 Two Steps Ahead Campaign Enable Two-Step Verification This is one of the most important steps people can take to protect their online digital lives and is part of a nationwide awareness campaign.
Fri, 21 Oct Poster Don't Get Hooked You can distribute this poster digitally to your staff or print and distribute physical copies.
WEEK 4 Our Continuously Connected Lives: What's Your "Apptitude"?
Mon, 24 Oct Email template Email announcing activities for that week
Tue, 25 Oct OUCH! Newsletter Internet of Things You can distribute this newsletter digitally to your staff or print and distribute physical copies. This newsletter has been modified with the date removed.
Wed, 26 Oct STH Blog Dealing with Smart Technologies These blog posts will be availabe the first week of October.
Thr, 27 Oct Planning Template Mobile Device Checkup Event Your security team hosts a booth where employees can ask questions about their mobile devices and your team can collect valuable metrics.
Fri, 28 Oct STH Blog NCSAM Wrap-up These blog posts will be availabe the first week of October.