Security Awareness: Taking the Medicine and Liking It Shirley C. Payne Director for Security Coordination University of Virginia EDUCAUSE Conference October 4, 2002 Copyright Shirley C. Payne, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.
Additional Contributor: Scott Crittenden Publications & Communications Group Information Technology & Communication Dept. University of Virginia
Agenda U.Va.’s target audiences Key components of security awareness program Lots of examples Publication tips Critical success factors
Target Audiences StudentsFaculty Healthcare Professionals Local Citizens Researchers Staff State/Local Govt. Local Businesses
And, U.Va.’s Executive Management
U.Va.’s Security Awareness Program Consists of Many Components
Handbooks & Online Quiz
Security Topic Incorporated Into Various Courses
System Administrator Security Education
Meeting Presentations
Role-based Security Website
Virus & Worm Alerts
ArticlesArticles, Web Ads & HandoutsWeb Ads
Brochure Sample
Postcard Sample
Security Awareness Month Initiative
Video
Many Components Working in Concert Builds a Security Aware Community
Publication Tips Take the message to your audience Put the message everywhere Write to short attention spans Make it real Make ‘em laugh Repetition is good Websites University Cable Channel Local Broadcast TV Radio Bus Cards Student Newspaper Faculty/Staff Newspaper Local Newspaper Help Desk Dining Halls Information Tables
Critical Success Factors Place computer security in broader context of general security and safety issues Partner with other institutional entities, e.g. Police, HR, student organizations, hospital, etc. Be consistent in your message, but tailor it for varied audiences Ensure awareness program is supported by effective security policies
More Critical Success Factors Tackle greatest vulnerabilities first Obtain input from front-line technical staff Target all levels of the institution, and perhaps beyond institutional boundaries Capitalize on expertise throughout the institution and on the institution’s partners Don’t stop
Additional Information & Assistance: Security Awareness Program Toolkit Shirley Payne (434)