Another Security Awareness Resource

[Melissa Guenther <mguenther () COX NET>]

See also: Security Awareness Toolbox
http://iwar.org.uk/comsec/resources/sa-tools/index.htm

*******************************************************

ENISA: European Network and Information Security Agency:
(http://www.enisa.europa.eu)

http://www.iwar.org.uk/comsec/resources/ENISA/index.htm

Time for Europe’s business to wake up - ENISA publishing Awareness Raising
Guide

ENISA is publishing 'A Users’ Guide: How to Raise Information Security
Awareness'. The Guide is featuring step-by-step practical advice for Member
States on how to "kick start" planning, organizing and running information
security awareness raising campaigns targeted at different audiences (e.g.
home users and SMEs), including a series of steps and recommendations.

The Executive Director of ENISA, Mr Andrea Pirotti, is commenting on the
Guide:

- Security incidents across Europe have a significant economical impact
every year. It is time for European business to wake up when it comes to
Network and Information Security. Only in the UK, an average large business
is suffering from security incidents costing up to 193.000 €/year, but
spends only 4-5 % of its IT budget on security. (Source: DTI ISBS 2006)
- I am confident that this Guide will be a powerful tool for the EU and its
Member States to prepare and implement awareness raising initiatives. This
Guide is an excellent receipt of ENISA collecting and spreading models for
raising awareness in security among SME across Europe.
The Guide is emphasising three key recommendations for success:

1. Effective Communication Planning. A communication strategy is at the
centere of any awareness programs, based on communication goals and
principles, and aligned with target group needs;

2. A Change Management Approach (i.e. targeted communications, involvement,
training and evaluation). Applying a change management approach is crucial
for awareness raising initiatives as it helps closing the gap between a
particular issue and human responses to the need to change;

3. Measurement of the value of awareness programs. Campaign evaluation is
essential for understanding effectiveness and making adjustments. Four main
categories have been identified against which to measure security awareness:

* Process Improvement
* Attack Resistance
* Efficiency and Effectiveness
* Internal Protections


----- Original Message -----
From: "Shirley Payne" <payne () VIRGINIA EDU>
To: <SECURITY () LISTSERV EDUCAUSE EDU>
Sent: Friday, August 11, 2006 2:51 PM
Subject: [SECURITY] Registration Open for 2006 VA SCAN Conference


> The Virginia Alliance for Security Computing and Networking (VA SCAN) will
> be hosting its third annual conference October 26-27, 2006 at George Mason
> University's Prince William Campus. Don't miss this opportunity to hear
> leaders in the higher education security field discuss current issues and
> to share ideas on effective security practices with colleagues.
>
> Who should attend? IT managers, security professionals, technical staff,
> and auditors from Higher Education, K-12, Government, and Law Enforcement.
>
> Keynote Speakers:
>
> - Marcus J. Ranum is a world-renowned expert on security system design and
> implementation. He is recognized as the inventor of the proxy firewall and
> implementer of the first commercial firewall product. Marcus has served as
> a consultant to many FORTUNE 500 firms and national governments, as well
> as serving as a guest lecturer and instructor at numerous high-tech
> conferences.
>
> - Ira Winkler is recognized as one of the world's experts in Internet
> security, information warfare, information-related crime investigation,
> and industrial espionage. He is a specialist in penetration testing, where
> he infiltrates companies, both technically and physically, to find and
> repair an organization's weaknesses. In Spies Among Us (2005), Ira Winkler
> reveals his security secrets, disclosing how companies and individuals can
> protect themselves from even the most diabolical criminals. He is also the
> co-author of the bestseller, Through the Eyes of the Enemy, detailing the
> intelligence aspect of the cold war.
>
> Conference Program: The keynote speakers and security and audit
> professionals from various colleges and universities will be presenting on
> Thursday, October 26th. The following day two concurrent workshops will be
> conducted. The full-day, hands-on technical workshop will focus on some of
> the more common freeware attack and penetration tools and will conclude
> with a “capture the flag” exercise. The half-day management workshop will
> address identity management systems, roles/rights management, ERPs, and
> inter-relationships.
>
> Conference Fee: Registration is $75 ($100 after October 13th) and
> pre-registration is required. In addition to the conference program, the
> fee includes parking, a Thursday evening reception, and lunches and breaks
> for both days.
>
> To obtain more detailed conference information and to register, see
> www.vascan.org/2006securityconference.html.
> ---------------------------------------------------------------------------------------------------------
>
> The mission of VA SCAN, a collaboration of George Mason University, James
> Madison University, the University of Virginia, Virginia Commonwealth
> University, and Virginia Tech, is to strengthen information technology
> security programs within the Commonwealth of Virginia. http://vascan.org.