Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: key topics to include in security awareness training materials

From: Matthew Gracie <graciem () CANISIUS EDU>
Date: Fri, 6 Feb 2009 08:19:30 -0500
Tim Cline wrote:

Greetings,

I wanted to send a very general email message to start a conversation on
security awareness. For those of you who have something that you
currently use for security awareness training and dissemination of
information, whether developed in-house or third-party courseware
management platform, could you send a reply and let me know what are the
key topics that you are covering?


* Choosing a good password, and not sharing it.

* Recognizing and avoiding phishing scams.

* IT will never ask for your password over the phone or in an email. Honest.

That covers the vast, vast majority of potential problems. One of the
issues with doing security training is scope creep -- you feel that with
the campus community listening, you should tell them about _everything_
they need to know in information security. Don't. Instead, focus on a
few simple things, because bombarding end users with information just
guarantees that they won't retain any of it.

--Matt

--
Matt Gracie                         (716) 888-8378
Information Security Administrator  graciem () canisius edu
Canisius College ITS                Buffalo, NY
http://www2.canisius.edu/~graciem/graciem_public_key.gpg
Previous By Date Next
Previous By Thread Next

Current thread: