Last reviewed: September 2017
The Higher Education Information Security Council is pleased to present this compilation of cybersecurity awareness resources for colleges and universities. We hope that you will find them useful in your efforts to raise awareness within your community. If you would like to contribute additional materials to this library, please contact us.
Raising the information security consciousness of our students, faculty, and staff is a difficult challenge that must be met in order to successfully achieve our information security goals. The resources in this section provide an overview of how to get started in establishing a security awareness program at your institution.
- 2017 Campus Security Awareness Campaign New!
- "Engage! Creating a Meaningful Security Awareness Program", presented by Cherry Delaney, Purdue University and Ben Woelk, RIT (2012) Download presentation
- National Cyber Security Awareness Month (NCSAM) Resource Kit and Sample Kit
- Security Awareness Quick Start Guide and Security Awareness Detailed Instruction Manual
- Get involved in the Stop.Think.Connect. awareness campaign.
- Become a Champion of NCSAM. You'll also find free materials on NCSA's StaySafeOnline.org website!
- Data Privacy Day occurs each year on January 28. Think about how you might use NCSAM resources to promote this international celebration on your campus, too.
Higher Education Resources
The resources contained in this section are an effort to compile materials that have been created by colleges and universities for use at individual institutions. It is our hope that you will be able to adapt the materials for use at your institution or that the creativity behind these resources will inspire you to develop your own original materials.
- NCSAM Banners created by NCSA (2017)
- Auburn University Banners (2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016)
- University of Connecticut Husky Hunt Banner (2012)
- HEISC "Recommended Reading" List (via Pinterest)
- RIT's Cyber Self Defense Reading List (via GoodReads)
- Missouri State University Information Security Bookmarks - Front and Back (2011) *Note: These were printed on 100% recycled paper. The goal was to have bookmarks available on a security table in the Student Union and to have the Bookstore insert one in books purchased during the month of October.
- American University 4 P's of Security Brochure (2014)
- University of Connecticut Husky Hunt Brochure (2012)
- Purdue University "Security Alert" Cards (2012): These cards are left by the security team while someone is away from their computer, phone, or belongings. The card alerts the user that their behavior put them at risk for someone else to steal their computer or identity. Tips to protect your identity and data are also included.
- University of California, Berkeley "Mobile Phone" Cards (2013): These cards should be printed on paper about the same size as a typical smart phone and handed out as a reminder about device safety and privacy.
- Wellesley College "Security Gnome" Cards (2014): Library and Technology student workers acted as "Security Gnomes." The student workers patrolled the public spaces looking for unattended laptops and mobile devices, and left security alert cards with helpful security resources. When they found someone practicing good physical security for their belongings, they left behind a 3-D printed security gnome.
Campaigns - Online or Print
- Auburn University: 2017 campaign - TBA. Note: Auburn University has a new NCSAM campaign each October since 2007. The first year was influenced by the 2005 IU campaign highlighted in this sample kit. Since then, Auburn has developed original themes and artwork every year: 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, and 2016. Colleges and universities are welcome to use Auburn's artwork. Please be sure to add the credit line: "Auburn University Office of Information Technology."
- Brown University: BEar AWARE: How safe are you online? (2016)
- Florida State University: Be a Cyberhero! (2016)
- Texas A&M University: What's Your Status (2013); Fight Back (2014); Aggie LIFE (2015); Football Fever (2016) Note: The 2016 game features an Aggie football theme where players battle SEC opponents by correctly identifying phishing attempts. If players sack the cyberattacks, they can take the Aggies to the championship. Falling for too many online scams will result in a losing season. Texas A&M promoted the game via signage in computer labs, e-mail, and social media. This year they experimented with animated GIFs both in social media and in e-mail headers. They also created a video to promote the game. Scroll through the Texas A&M Facebook page to view the different ways the campaign is being promoted or watch the "hype video" on YouTube.
- Learn more about their annual planning process in the EDUCAUSE Review Security Matters guest blog, "Bridging the Gap Between Students and Security: 7 Steps to Creating a Successful Cybersecurity Campaign."
- University of California Office of the President: 2017 NCSAM Toolkit for the UC Community and Archive of the 2016 NCSAM Toolkit for the UC Community Note: You may request editable versions of the posters available on the UCOP website (contact info is listed there), but some images may not be replicated.
- University of Toronto: Information Security Awareness & Education Initiative at U of T (2017)
- Dartmouth Security Awareness Cartoons (created in collaboration with a local artist, Gabby Schultz at the Center for Cartoon Studies) Note: These cartoons can be printed as posters, sent as e-mails, posted on websites, and published in local newspapers.
- PDF or JPG versions are available for 5 cartoons: Sam Gets His Laptop Stolen; Sam's Password Heartache; Sam Walks the Copyright Plank; Sam Beams Up a Virus; Ho Ho, Oh No
- Auburn University Screensavers (2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016)
- The Ohio State University Robot and Bunny Desktop Background (2013)
Digital Messaging Screens
- Valparaiso University campus digital messaging screens (PowerPoint, 2015)
Some campus IT or Information Security departments create their own Facebook page to share updates, provide tips, and connect with users. Here are a few examples. HEISC is also on Facebook.
- Baylor University
- Indiana University
- Ithaca College
- Missouri State University
- Stony Brook University
- University of Connecticut
- University of Rochester
- University of South Carolina
- University of Washington
- Whitman College
- Cal Poly Pomona Cyber Security Fair Flyer (2014)
- Colorado Technical University NCSAM Flyer (2013)
- Northwestern University You're the Key Security Flyers (2008-2015)
- University of San Diego Security Flyer (2010)
- University of South Carolina Think Before You Connect Flyer (2012)
Games & Quizzes
- Florida State University: Be a Cyberhero! Game (2016)
- Georgetown's Jeopardy Game (2011): This PowerPoint presentation includes the game questions used during an "Information Security Jeopardy!" game for faculty and staff. This game provided a chance to discuss the policies relevant to information security, as well as other security topics. You are welcome to reuse and customize the slides for your institution's faculty, staff and/or students.
- Naval Postgraduate School CyberCIEGE Educational Video Game (2010): CyberCIEGE is a serious game designed to teach network security concepts. Its development was sponsored by the U.S. Navy, and it is used as an education and training tool by agencies of the U.S. government, universities, community colleges, and high schools. The game is freely available to the U.S. Government and a no-cost license is available for educational institutions.
- University of Rochester Zombie Survival Game (2013)
- University of Toronto: Patch vs. the Nefarious Code game (2017)
Giveaways & Tchotchkes
- American University reusable coffee/water cup
- Brown University phishing keychain and bags with Swedish fish & tips
- Harvard University security blanket
- Pepperdine University printed anti-phishing information on lens cloths as student give-aways. They used one of the previous student poster contest winners for the design. (2013)
- University of Northern Colorado iPhone 4 Case (2011)
- University of Rochester Scare Fair Security T-Shirt Design: These Halloween-themed shirts are used as give-aways when students play security awareness related games during the annual Scare Fair. (2011)
- HEISC is gathering security awareness materials and other information security resources on our Pinterest boards.
- Northwestern University Information Security News Podcasts (2011-2015)
- University of California Berkeley: Anti-Phishing Postcards (2013)
- University of Northern Colorado P2P File Sharing Postcard (2009), Computer Security Postcard (2010), and Zombie-Mobile Device Postcard (2011)
- Information Security Awareness Poster Contest Winners (2009, 2011, & 2013) Note: Download Zip files with the 2009 or 2011, or 2013 winning posters. You can also view the 2009, 2011, and 2013 poster contest winners on Facebook and Pinterest! If you need a higher resolution version of a poster, please contact email@example.com.
- Auburn University NCSAM Posters (2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016)
- Canisius College Cyber Security Awareness Month Posters (2009) Note: Please contact us if you would like to request the original Scribus source files.
- Florida State University Cyberhero Posters (2016): Cyberdog, Passwords, Phishing E-mails, Wi-Fi, Outdated Apps, Phishing Attacks
- Indiana University privacy and security posters (2005-present)
- RIT Information Security Awareness Posters (2013)
- University of California Berkeley: Anti-Phishing Posters (2013)
- University of Northern Colorado P2P File Sharing Poster (2009), Computer Security Poster (2010), and Zombie-Mobile Device Poster (2011)
- University of Texas at San Antonio Internet Meme Mini-Posters (2013)
- Valparaiso University Our Shared Responsibility Poster (2015)
- University of Cape Town: Create Better Passwords: Easy to Remember, Difficult to Hack (2014)
- University of Hawaii: Making Them Listen! Designing a Security Presentation for a Non-Security Audience (2010)
- University of Hawaii: SAMPLE Presentation - Protecting Yourself in Our Digital World (2010)
- University of British Columbia Digital Tattoo Project: The goal of the Digital Tattoo project and its website is to share resources to encourage you to think about your presence online, navigate the issues involved in forming and re-forming your digital identity and learn about your rights and responsibilities as a digital citizen.
- University of Northern Colorado Computer Security Table Tents (2010) and Zombie-Mobile Device Table Tents (2011)
Training & Tutorials
- Georgetown University's Approach: Building an Effective Training Program on a Tight Budget: Solutions for Training Faculty and Staff on Information Security Practices (2010)
- Ithaca College's Approach: You Are Not Alone: Pooling Regional Resources to Enhance Information Security Training (2010)
- University of Washington: Online training courses on malware, social media, phishing, mobile devices, passwords, and privacy.
Some campus IT or Information Security departments create their own Twitter page to share updates, provide tips, and connect with users. Here are a few examples. Let @HEISCouncil know if we should follow your campus or add a link here!
- Baylor University (@BearAware)
- Carnegie Mellon University (@MySecureCyber)
- Clemson University (@clemsonoisp)
- Indiana University (@ProtectIU)
- Ithaca College (@IC_INFOSEC)
- MOREnet (@MOREnetSecurity)
- RIT (@RIT_InfoSec)
- Rutgers University (@ru_secure)
- Stony Brook University (@SBUDoIT)
- University of Connecticut (@UConnISO)
- University of Idaho (@UIITSecurity)
- University of Massachusetts Lowell (@UML_IT_Security)
- University of Missouri - St. Louis (@UMSL_InfoSec)
- University of Notre Dame (@oitinfosec)
- University of San Francisco (@USFInfoSec)
- University of South Carolina (@UofSCtech)
- University of Virginia (@UVaISPRO)
- University System of Georgia (@USGINFOSEC)
- VA Tech (@VT_IT_Security)
- Information Security Awareness Video Contest Winners (2013, 2011, 2009, 2007, & 2006) Note: Download the 2013 videos via ShareFile or view them on the HEISC YouTube Channel and Facebook page.
- NCSA Video: Don't Be a Billy (2009)
- NCSA Video: When You Least Expect It (2007)
- Cornell University: Essentials to Avoid Online Scams (2015)
- Kansas State University IT Services Cyber Security Awareness Video (2011)
- Naval Postgraduate School CyberCIEGE Movies (2010) Note: These tutorial movies illustrate information assurance concepts explored by the CyberCIEGE game.
- Northern Arizona University: Protect Your Data - Lock Your Computer (2014)
- Portland Community College Videos: How Cyber Secure Are You?, Open House, You've Been Phished, and So Last Year (2016)
- RIT: Practicing Digital Self Defense Lightning Talk (2015)
- Rutgers University RUSecure Videos: Life as a Computer, Safepardy, and Secure vs Insecure
- Sophos: Wi-Phishing video (2016)
- Texas A&M University Videos: 5 episodes in the Don't be a Victim series (2010) Note: These and other videos are available on the TAMUIT YouTube Channel.
- University at Buffalo Personal Computing Security Video: Caught in the Act
- University of Rochester Information Security YouTube Playlist, including "The Top Ten" movie trailer (2015)
- Utah State University Videos: You Are Your Own Best Defense (2015), Don't Become a Victim (2015), and Don't Be Fooled (2015)
- UVA Responsible Computing Video: When I go to UVa...
Federal, state, and local governments also offer information security awareness resources. The following resources are samples developed for government audiences that you may want to consult as you develop materials for your campus.
- Defense Information System Agency (DISA) Information Assurance Support Environment (IASE) Cybersecurity Online Training
- Federal Trade Commission (FTC) Bulk Publication Order Website (free bulk quantities of FTC educational materials)
- Federal Trade Commission (FTC) Identity Theft Resource Page
- MS-ISAC NCSAM Toolkit
- National Cyber Security Alliance
- NIST Computer Security Resource Center (CSRC) Awareness, Training, and Education (ATE)
- NIST Special Publication 800-50: Building an Information Technology Security Awareness and Training Program
In addition to resources developed by institutions of higher education, the providers of IT products and services increasingly offer security awareness to end-users. Below is a sample of some of the cybersecurity awareness resources available from industry.
- American National Standards Institute (ANSI) Education & Training
- Center for Cyber Safety and Education - formerly the (ISC)2 Foundation
- ESET offers free cybersecurity awareness training
- Google Safety Center
- Microsoft Safety and Security Center
- PhishMe offers free computer based training materials
- SANS Institute's Securing the Human program (free resources include the SANS Security Awareness Newsletter OUCH! and the SANS Security Awareness Tip of the Day)
- The Security Awareness Company offers some free materials
- Symantec Security Awareness Program
- Wombat Security
Questions or comments? Contact us.
Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).