Re: key topics to include in security awareness training materials

[Gary Flynn <flynngn () JMU EDU>]

Tim Cline wrote:
> Greetings,
>
> I wanted to send a very general email message to start a conversation on
> security awareness. For those of you who have something that you
> currently use for security awareness training and dissemination of
> information, whether developed in-house or third-party courseware
> management platform, could you send a reply and let me know what are the
> key topics that you are covering?


For new people:

  1. The importance of information security
  2. Electronic communications ( threat environment and
     trustworthiness )
  3. Malware
  4. Security updates
  5. Passwords
  6. Appropriate Use
  7. Responsibilities to JMU and constituent data. Data
     classification and handling.

At least once every six months, a refresher is provided
covering timely topics. Current content consists of:

  1. JMU WILL NEVER ASK FOR YOUR PASSWORD ;)
  2. Portable storage ( i.e. USB storage devices )
  3. Copyright violation take down notices and file sharing
     program risks
  4. Sensitive Data
     a. Why you should be concerned
     b. Storage
     c. Risk reduction measures
  5. SPAM
  6. Password and security awareness policy explanation


Previous content topics:
---
Mistakes and security
  Protecting yourself from other people's mistakes
  Protecting yourself from your own mistakes
Recent incidents and issues
---
Protecting Mobile data and devices - deletion, confidentiality, wireless
Recent incidents and issues
  - ecards, facebook policy changes, JMU targeted phish
---
Data breaches in the headlines
"Hey, is that your picture on facebook"
  phish/malware
  privacy
  facebook terms of service
3rd party software security updates
Non-administrator accounts
--
phishing
instant messaging malware spread
keyloggers


--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature