Educause Security Discussion mailing list archives
Another Security Awareness Resource
From: Melissa Guenther <mguenther () COX NET>
Date: Fri, 11 Aug 2006 15:31:33 -0700
See also: Security Awareness Toolbox http://iwar.org.uk/comsec/resources/sa-tools/index.htm ******************************************************* ENISA: European Network and Information Security Agency: (http://www.enisa.europa.eu) http://www.iwar.org.uk/comsec/resources/ENISA/index.htm Time for Europe’s business to wake up - ENISA publishing Awareness Raising Guide ENISA is publishing 'A Users’ Guide: How to Raise Information Security Awareness'. The Guide is featuring step-by-step practical advice for Member States on how to "kick start" planning, organizing and running information security awareness raising campaigns targeted at different audiences (e.g. home users and SMEs), including a series of steps and recommendations. The Executive Director of ENISA, Mr Andrea Pirotti, is commenting on the Guide: - Security incidents across Europe have a significant economical impact every year. It is time for European business to wake up when it comes to Network and Information Security. Only in the UK, an average large business is suffering from security incidents costing up to 193.000 €/year, but spends only 4-5 % of its IT budget on security. (Source: DTI ISBS 2006) - I am confident that this Guide will be a powerful tool for the EU and its Member States to prepare and implement awareness raising initiatives. This Guide is an excellent receipt of ENISA collecting and spreading models for raising awareness in security among SME across Europe. The Guide is emphasising three key recommendations for success: 1. Effective Communication Planning. A communication strategy is at the centere of any awareness programs, based on communication goals and principles, and aligned with target group needs; 2. A Change Management Approach (i.e. targeted communications, involvement, training and evaluation). Applying a change management approach is crucial for awareness raising initiatives as it helps closing the gap between a particular issue and human responses to the need to change; 3. Measurement of the value of awareness programs. Campaign evaluation is essential for understanding effectiveness and making adjustments. Four main categories have been identified against which to measure security awareness: * Process Improvement * Attack Resistance * Efficiency and Effectiveness * Internal Protections ----- Original Message ----- From: "Shirley Payne" <payne () VIRGINIA EDU> To: <SECURITY () LISTSERV EDUCAUSE EDU> Sent: Friday, August 11, 2006 2:51 PM Subject: [SECURITY] Registration Open for 2006 VA SCAN Conference
The Virginia Alliance for Security Computing and Networking (VA SCAN) will be hosting its third annual conference October 26-27, 2006 at George Mason University's Prince William Campus. Don't miss this opportunity to hear leaders in the higher education security field discuss current issues and to share ideas on effective security practices with colleagues. Who should attend? IT managers, security professionals, technical staff, and auditors from Higher Education, K-12, Government, and Law Enforcement. Keynote Speakers: - Marcus J. Ranum is a world-renowned expert on security system design and implementation. He is recognized as the inventor of the proxy firewall and implementer of the first commercial firewall product. Marcus has served as a consultant to many FORTUNE 500 firms and national governments, as well as serving as a guest lecturer and instructor at numerous high-tech conferences. - Ira Winkler is recognized as one of the world's experts in Internet security, information warfare, information-related crime investigation, and industrial espionage. He is a specialist in penetration testing, where he infiltrates companies, both technically and physically, to find and repair an organization's weaknesses. In Spies Among Us (2005), Ira Winkler reveals his security secrets, disclosing how companies and individuals can protect themselves from even the most diabolical criminals. He is also the co-author of the bestseller, Through the Eyes of the Enemy, detailing the intelligence aspect of the cold war. Conference Program: The keynote speakers and security and audit professionals from various colleges and universities will be presenting on Thursday, October 26th. The following day two concurrent workshops will be conducted. The full-day, hands-on technical workshop will focus on some of the more common freeware attack and penetration tools and will conclude with a “capture the flag” exercise. The half-day management workshop will address identity management systems, roles/rights management, ERPs, and inter-relationships. Conference Fee: Registration is $75 ($100 after October 13th) and pre-registration is required. In addition to the conference program, the fee includes parking, a Thursday evening reception, and lunches and breaks for both days. To obtain more detailed conference information and to register, see www.vascan.org/2006securityconference.html. --------------------------------------------------------------------------------------------------------- The mission of VA SCAN, a collaboration of George Mason University, James Madison University, the University of Virginia, Virginia Commonwealth University, and Virginia Tech, is to strengthen information technology security programs within the Commonwealth of Virginia. http://vascan.org.
Current thread:
- Another Security Awareness Resource Melissa Guenther (Aug 11)