Re: Security Awareness - Best Ways

["Yousef Syed" <yousef.syed () gmail com>]

When I worked at a particular Investment Bank, even though I was
working for an external consultancy, we had view various interactive
videos on subjects ranging from insider-trading, Anti-Money Laundering
and KYC (Know Your Customer) etc.
This was mandatory for all bank staff/consultants etc.
Since it was also interactive with Q&A, the bank could keep tabs on
those people that had gone through the training and how well they had
done.
Those training videos were rarely longer than 10-15mins, so they
weren't invasive either.
Nor were they taxing on the brain.
You need to bare in mind that most people that will work for your
company are unlikely to be techies. Thus your training needs to be
geared toward such people. Also, you shouldn't take too much for
granted, but don't dumb the classes down, too much, either.

It all depends upon the nature of your business, your data assets,
their value etc.

I'd personally start with basic/general issues. i.e. Laptop Theft =
Loss of corporate asset + company/customer private data (if you're in
the EU, you'll also need to notify the [I think] Data Commissioner
about the data loss), public embarrassment for the company etc...
Make the course topical with examples from the news:
http://www.theregister.co.uk/2007/05/09/printing_security_flap/
http://www.theregister.co.uk/2007/03/28/hospital_laptop_theft/
http://www.theregister.co.uk/2007/02/14/nationawide_fined/
At the end of the lesson, you can point them to the Laptop Usage
policy (which should be a short and simple document that can link to
further documents)
Similar courses relating to Email Policy, Internet Usage, Data Privacy etc.

Thanks,
ys

--
Yousef Syed
"To ask a question is to show ignorance; not to ask a question, means
you remain ignorant" - Japanese Proverb