| Anchor | ||||
|---|---|---|---|---|
|
Last reviewed: January 2016June 2017
| Tip | ||
|---|---|---|
| ||
If you're just getting started with a Security Awareness Program and you just need the basic information, check out the Security Awareness Quick Start Guide. Other resources of interest might include the Cybersecurity Awareness Resource Library and , the NCSAM Resource Kit, and the new Annual Campus Security Awareness Campaign framework and materials. |
Detailed Instruction Manual (Advanced)
...
Another approach is outlined in the new annual campus security awareness campaign, which is a framework designed to support security professionals and IT communicators as they develop or enhance their own security awareness plans. Materials include a printable 2016 calendar with monthly security topics and 12 blog posts on the monthly topics with ready-made content for your campus communications channels. (Two dozen guest blogs were developed as part of the 2016 and 2017 campaign materials. Twelve new blogs for the 2018 campaign will be available in the fall.)
You can use these resources to create a steady stream of privacy and security awareness information for faculty, students, and staff. Adapt the content to make it work with your current plans and campus needs--promote each suggested topic monthly or use a 90-day awareness plan to promote a group of topics quarterly.
Guard Your Privacy Online #Privacy
Securing Mobile Devices #MobileSecurity
Don’t Get Hooked #Phishing
Prevent Device Theft #PhysicalSecurity
Tunnel Your Way into Secure Computing with VPN #VPN
What’s Your Personal Backup Plan? #StolenDevice
Make Your Browsing Productive and Safe #SafeBrowsing
Will Your Password be Unbroken? #StrongPasswords
Passwords Information Security: Everyone’s Responsibility #CyberAware
It Could Happen to You #IdentityTheft #IDTheft
Managing Your Online Reputation #SocialMediaSafety
For additional suggested themes and For additional suggested themes and ideas see the NCSAM Sample Kit or Cybersecurity Awareness Resource Library.
...
As the Security Awareness Quick Start Guide mentions, leverage the work of other EDUCAUSE institutions that make their work available, in addition to other non-higher ed resources, such as sites by the National Cyber Security Alliance and the U.S. Federal Government (e.g., OnGuardOnline.gov or Stop.Think.Connect.). You can find great topics and plenty of reusable content - either to link to or repurpose on your site.
...
Since the emergence of YouTube, and its popularity, Purdue has created short informational videos that were played on its television network system, providing another means to deliver the message to be careful while on the internet.
Short informational videos are also popular and can be shared via websites, social media, or TVs on campus.
- Utah State University videos: You Are Your Own Best Defense, Don't Become a Victim, and Don't Be Fooled
- Purdue University videos
- Purdue videos: Spammy, Social Networking, Keep Romance Alive, and Spam Guard
- Find additional Purdue videos on YouTube: Anti-Virus PSA, Delete Unsolicited Messages, and Privacy on Social Networks
Additional materials could include postcards, bookmarks, flyers, screensavers, etc.
- Talk like Like a Pirate Day (September 19)
...
New Mexico State University developed in-house IT Compliance and Security Awareness training for faculty, staff, and students. More details about NMSU's approach are detailed in the EDUCAUSE Review article, "IT Compliance Framework for Higher Education."
Partner with your institution’s learning and development team so your training materials incorporate best designs and techniques for adult learning and engagement. If you are interested in learning more about instructional design, consider reading 7 Things You Should Read About Innovative Approaches to Instructional Design.
Outsourcing
Learn more about third-party security awareness training tools, who might use these tools and why, as well as the benefits and risks to consider when using these tools. This resource also includes a list of technologies or tools that an institution might consider using for security awareness training efforts (e.g., PhishMe, SANS, TeachPrivacy, Wombat).
...
One critical task for IT or information security departments is communicating about campus policies and procedures. This includes highlighting the most important components of those policies, communicating with students, faculty, and staff through training or other in-person educational events, and following up with students, faculty, and staff to ensure their understanding. Also be sure to include training on how and where the client can easily look up less frequently discussed policies and standards.Longwood University started to summarize the institution's most important policies and procedures. This includes the Acceptable Use of Information Technology Resources and Systems policy, which is also available in a more user friendly 1-page Acceptable Use policy summary (PDF). up less frequently discussed policies and standards.
Additional policy website examples:
...
Brown University provides the Phish Bowl, a central repository for reports of or questions about phishing incidents.
Princeton University also hosts a Phish Bowl on the information security office's website that shows the latest phishing alerts.
RIT maintains an Information Security Alerts and Advisories website about recent job scams, phishing attacks, and vulnerabilities.
The University of Rhode Island posts warnings to its Information Security Alerts page.
The University of Arizona has a web page dedicated to phishing alerts. (For reference, see the Top 10 Phishing Lures of 2015 and the Top 10 Phishing Attacks of 2014 recent scam alerts from the FTC.)
Longwood University provided an identity theft scam alert in 2013 and an eBay data breach alert in 2014.
...
- APWG News
- CERT (shares recent vulnerabilities on their home page)
- Cybersecurity Nexus (ISACA Threat Watch)
- MS-ISAC Cyber Security Tips Newsletter
- SANS Awareness Tip of the Day
- SANS Internet Storm Center
- SANS OUCH Newsletter
- US-CERT Alerts
- US-CERT Tips
- Security Discussion Group: Subscribe to this EDUCAUSE community listserv to stay informed about information security issues in higher education.
REN-ISAC: Join the Research and Education Networking Information Sharing and Analysis Center (please see the membership page for instructions on how to join).
...