- slide 1 of 5
Information Security Awareness
Security awareness entails sharing information with people. It can be done formally or informally, but the important thing is to communicate a message. The scope of any security awareness campaign is to persuade computer users to listen and act on measures to avoid, deter, detect, and defend against information security threats and/or data security breaches. The objective of information security awareness is aimed at preventing incidents, threats, attacks, and loss or disclosure of data committed by unlawful hacking.
Security awareness presentations provide security information, show reports and findings and explain many of the security concerns that exist. It's an excellent way for people to come together to share information or personal experiences with others. The main benefit of security awareness is to reinforce good security practices.
People must know that the information they posses, whether it's on a computer or in some other communication system, risks being lost, stolen, damaged, or corrupted; so, achieving a basic understanding of information security is a primary goal. People can not only learn about security issues but can learn to mitigate or remove a vulnerability or specific threat.
The best way to promote information security awareness is by user training and education or through policies and procedures. Alternatively, an assessment can be used as it provides the essential elements of the process for information security awareness. In order to carry out such an assessment, and for it to be successful, there must be a plan or strategy with common goals and principles. Several security issues need to be addressed, and users need to understand them as well as know how to respond to them.
Information security is an ongoing learning process. Awareness training is the perfect occasion to address InfoSec concerns.
- slide 2 of 5
Ideas, Tips, and Strategies for Information Security Awareness
IdeasA good idea to learn about information security (InfoSec) is through awareness activities like training videos and computer-based training programs; these can help people understand information security. Another great way to learn InfoSec is to participate in online forums, workshops, events, programs, or campaigns. Another good idea for people to be aware of InfoSec is to create pamphlets, brochures, signs, posters, or something else to read.
Tips to suggest to users
- Use of hard-to-guess, frequently-changed passwords (like one that uses upper and lowercase letters and/or selected characters). Password cracking often occurs on systems with weak passwords.
- Use antivirus software. It will help protect data.
- Do not to give personal information online to an untrusted site or person. It's likely a phishing scam.
- Never leave a computer logged in when you need to be away from it. Make it a habit to either log off the computer, shut it down, or lock it up (by simply pressing CTRL + ALT + DELETE and hitting "Enter"). These choices provide the safest means to protect the information on the computer.
- Avoid giving out or posting online a private email address as it could lead to receiving spam email. Having a secondary email account is good idea to help resolve this problem.
- "Save" data and perform backups (either frequently or at regular intervals). It's the only way to safely store information to a disk or drive without loosing it.
- Safeguard personal data by installing security software. It helps keep computer and personal information safe from intruders.
- Control secured spaces (by blocking access with locks, alarms, or security guards). It will help to prevent access to unauthorized personnel.
- Avoid network and host intrusions by using intrusion detection systems (IDSs). They help in detecting suspicious computer-related activities.
- Diminish potential risks of identity theft and fraud by not giving out personal information online.
- Prevent cyber crimes by blocking spam, using an anti-virus software, setting up a computer firewall, and utilizing encryption.
- Perform security updates regularly.
A good strategy is to begin researching factual information on current information security issues (like incidents, threats, and attacks). Then, plan how to communicate the information to both adults and kids. The most effective way to train and educate people of all ages is to show a PowerPoint presentation. Visually showing to the audience helps address a point, even if complicated. Be prepared for questions. If the lecturer is unsure if he/she will be able to respond to all questions or have all the knowledge on a subject, a clever idea is to have present a subject matter expert (SME). Another idea is to share personal experiences and lessons learned.
- slide 3 of 5
Information Security Awareness: Share the Facts
Computer crimes are a big concern, law officials say. Reports show that each year computer crimes are on the rise. The best thing to do about it is to report it. Here's how:
- Report computer crimes to local law officials that have in place a Computer Crimes Task Force as well as Cyber Action Teams.
- Report cyber crimes to the FBI or make a complaint with the Internet Crime Complaint Center (IC3).
Each year, the Internet continues to grow in number of users worldwide. It's the place people can go to communicate, send, receive and share information, and do much more. It has its benefits, but it also has its drawbacks; yes, the Internet is also a place that is vulnerable to threats.
Each year Internet threats multiply, and in order for computer users to safely navigate the Web, they must protect themselves.
Idea: The Symantec Internet Security Threat Report provides insights on Internet threat activity, malicious code, and known vulnerabilities.
- slide 4 of 5
Useful Web Sites
NoticeBoard (Why Awareness?): http://www.noticebored.com/html/why_awareness_.html
SANS Security Awareness Tip of the Day: http://www.sans.org/tip_of_the_day.php
ICT Security Awareness: http://www.ballarat.edu.au/is/ict/security/security_aware.shtml
Ideas to Promote Information Security Awareness
The best way to ensure everyone understands the importance of information security is through awareness.