Educause Security Discussion mailing list archives
Re: Information Security Awareness Day, Week
From: Melissa Guenther <mguenther () COX NET>
Date: Thu, 22 Apr 2004 09:08:51 -0700
Thank you so much Davina - I like the tip a day on your calendar - what a wonderful tool!! I still belive that in times of change you can never over-communicate Below are Lessons Learned from various assignments regarding communication and security awareness campaigns - some lessons were from an assignment with a university.(I used the word organization - academia is a business, right?) I also included what that leaders can provide VISIBLE support for the campaign. usually I just asked for visible support - I found I need to describe what that can look like. A big part of any culture change effort, like security awareness, involves communication "You can never communicate during times of change" Organizational Communication is a management process with a specific business purpose and disciplined methods of development, implementation, and measurements. It is accomplished through a strategic communication plan reviewed and approved by senior management. Organizational Communication is a change agent. Its purpose is not just to convey information, but to change behavior. It changes behavior by persuading people to take action toward the organizations objectives. The primary responsibility for organizational communication lies with all managers and supervisors. The Organizational Communication Unit is responsible for designing and delivering the system and tools that enable managers to play their role as communicators. Face to face communication with the immediate manager is the most effective form of communication, and is the way employees prefer to receive information. Communication is a two way process. Listening and encouragement of feedback must be as emphasized and practiced as speaking and providing information and directions. Two-way is the only way for communication to actually exist in the organization. To be effective, communication must be grounded in the interests and language of the receiver. While it seeks to achieve the organizations strategic objectives, it cannot do so effectively unless it uses a receiver-focused approach in both content and context. To be noticed, communication must be compelling. As it must compete for the receivers attention, communication must use highly compelling and creative ways to deliver its message. To be influential, communication must be credible. Without a high degree of credibility, the integrity and believability of the message will be lost, and the whole communication process will be a waste of resources. To be remembered and internalized, communication needs to be continuous and consistent. We can not afford not to communicate . Executives Roles and Benefits: Roles: The organizations executives have several key roles to play : They review, give input to, and approve the Plan, including the strategic objectives to be achieved. They articulate the organizations strategy, interests, and actions in a variety of communication opportunities and media, including town meetings, department meetings, speeches, presentations, memos, and interpersonal interactions with stake-holders. They create and welcome opportunities for them to listen to the ideas, feedback, and issues raised by stakeholders. They act as role models for the essence of the messages conveyed by the process, to enforce the vital credibility aspect of the required behavior change. Benefits: The organizations top leadership will gain the following benefits from the implementation of the Plan: Will enable top management to explain their business strategy and goals to the stake-holders, helping gain their support and alignment. Uncovers hot issues and concerns on the minds of key stakeholders, making it possible to address these issues in timely manner to maintain good relationships with critical constituencies, including customers, investors, employees and the community. Explaining the reasons behind certain executive actions and changes helps gain employee understanding and support for these actions. Effective, open, and credible communication creates a culture of trust, shared values, and accessible knowledge throughout the organization. This facilitates faster action and higher performance. Managers / Supervisors Roles and Benefits: Roles: Employee surveys have shown that people want to get the important information affecting the organization and their jobs from their immediate supervisor. This means that managers and supervisors must fulfill this expectation by acting as the primary communicators of strategy and actions for their direct reports. Managers and supervisors need to support the Plan and its messages, own it as their own plan, and be prepared to explain it and answer staff questions about it. To do this effectively, they need to work closely with the us, including attending meetings or training for this purpose. Ultimately, the managers and supervisors are accountable for the two-way communication process within their areas. Benefits: Managers and supervisors gain the following benefits from the process and plan: They become better able to answer questions from their own staff about business and actions, enhancing their status in the process. Managers and supervisors will build better relationships with their staff by practicing open two-way communication, including raising the issues voiced by their staff to upper management. Armed with the critical information about company strategy and goals, managers and their staff will be better able to contribute effectively to achieving these goals, enhancing their own value to the organization. -------Original Message------- From: The EDUCAUSE Security Discussion Group Listserv Date: 04/22/04 05:28:03 To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Information Security Awareness Day , Week Melissa--to make things more confusing in the educational community (Maryland and expanding to other locations) we are using April and October (kick off April and finish the month--start in October and finish on the Oct 31st) as Cyberawareness months. See: http://www.edtechoutreach.umd edu/cyberawareness.html for the April activities. Davina Melissa Guenther wrote: Ken Thanks for the clear delineation between all the days. It's the best explanation I've heard to date. I especially like that there is no mention of which date or week is correct. It's not a dichotomy in this situation - the more the better! Any chance privacy will be integrated with the awareness efforts? They seem to be intrinsically connected. Melissa -------Original Message------- From: The EDUCAUSE Security Discussion Group Listserv Date: 04/21/04 07:24:29 To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Information Security Awareness Day , Week At the "federal" or US National level it is intended that 9/10 be a day not just for Information Security Awareness, but security and safety awareness overall. We already have "CyberSecurity" Days in the spring and fall with daylight savings time, there is also Computer Security Day from the ACM on November 30. There was a firewall security day earlier this year. The intention is to create a day of observance that is not specific to cyber physical, a vendor or a technology. Just good old fashioned "Be Aware or BeWARE". Add September 10, 2004 to your calendars and lets all increase our awareness every day leading up to it and every day after it. Melissa great work on the materials and sharing. Ken ------ Ken M. Shaurette, CISSP, CISA, CISM MPC Solutions - Security (262) 523-3300 x60486 ------ National Security Awareness Day - September 10, 2004 - Are you aware? ------ -----Original Message----- From: Melissa Guenther [mailto:mguenther () COX NET] Sent: Tuesday, April 20, 2004 9:59 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Informnation Security Awarenes Day , Week Please take time to consider sending a note to your Governor to ask for a proclamation for Security Awareness Day or Week, Governor Napalitano just dedicated the fourth week in April as Information Security Awareness Day - many initiative can be done and I have alot of material I would be willing to donate. Please let me know if you need any additional information Or material Currently - information Security Awareness day on the Federal level is 9/10 - the Week is designated as the fourth week in April - I realize not much time but I have material all ready to use. You just need to let me know if you are interested. Thanks - " you can force them to change their password, but how to you have them change their behaviors?" It takes knowledge (what to do), skill (how to do) and attitude (want to or shy to do) Melissa ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/ ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/ -- Davina Pruitt-Mentle Director Educational Technology Outreach College of Education University of Maryland College Park http://www.edtechoutreach.umd.edu/ (301) 405-8202 The sender believes that this email and any attachments were free of any virus, worm, Trojan horse, and/or malicious code when sent. This message and its attachments could have been infected during transmission. By reading the message and opening any attachments, the recipient accepts full responsibility for taking protective and remedial action about viruses and other defects. The senders employer is not liable for any loss or damage arising in any way from this email or its attachments. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Information Security Awareness Day, Week Melissa Guenther (Apr 22)