25-Minute Basic Security Awareness Class

All users with a networked computer should be required to attend a short seminar on basic security awareness. Table B.1 is an example awareness class that can be easily taught to large and small audiences:

Table B.1. Topics for Basic Security Awarness Class

Recommended Topics to Cover

Estimated Time

Begin by presenting some of the fascinating statistical projections about security: how much damage has been done to the world by hackers, how much organizations are expected to lose, how many hackers are out there, etc.

Here we want to simply get the audience's attention and show how big an issue information security is.

3 minutes

Discuss how a hacker enters an organization:

  • Through the Internet connection

  • Attached modems

  • Unsecured servers

  • Unsecured desktops

  • Installed malicious applications

  • Walk-in

Here we are looking to apply the security problem to the local facilities and make end-users understand that this is a real threat to the organization.

3 minutes

Discuss how hackers can gain information about an organization:

  • Through friends employed at the organization

  • Cold-call and email solicitations

  • Dumpster-diving

  • Walking around and looking for written passwords

  • Probing systems, networks, and sniffing communications

3 minutes

Discuss what hackers can do to an organization:

  • Take down a system or desktop

  • Read confidential information and emails

  • Manipulate information, forge documents, etc.

3 minutes

Discuss how end-users can help in security:

  • Maintain good password protection

  • Be sensible about downloading files or receiving attachments or disks

  • Do not install unauthorized software on a desktop

  • Remove modems and other external devices

  • Keep desktop software and operating systems up-to-date

  • Stay on the lookout for hackers and potential security issues

  • Question people who sit down at a local computer or who are found wandering through the building unescorted

  • When in doubt, ask the local security team /expert

10 minutes

Discuss how an end-user should handle an incident:

  • Give the reporting chain and contact list detailing who to call during a suspected incident

  • Explain the need for silence until the matter is investigated

3 minutes



Inside the Security Mind(c) Making the Tough Decisions
Inside the Security Mind: Making the Tough Decisions
ISBN: 0131118293
EAN: 2147483647
Year: 2006
Pages: 119
Authors: Kevin Day

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net