Training Your Pigs to Dance on a Shoestring - How to Run a Security Awareness Programme
No ratings
Presented at AUScert 2010 by
The presentation is split into three parts: 1. A short amount of time will be spent discussing the importance of breaking down the daunting task of 'educating users' into the three streams of awareness, training and education. A plan for an ongoing series of awareness campaigns will then be shared, explaining how such a plan can be customised for any organisation. 2. An expose of awareness materials created by the Inland Revenue Information Security team. The presenter will share posters, web pages, podcasts, surveys, fact sheets, competitions and interactive activities covering a range of topics including information classification, malware, passwords, portable storage and more. As the various resources are shared, the presenter will describe how they were produced using largely open source and /or free materials. This section will be littered with humorous anecdotes. 3. The third part will cover some of the important lessons learned along the way including the importance of making the programme relevant to your organisation’s culture, the value of building and maintaining relationships, the need to have a sound policy base, why you shouldn’t take yourself too seriously, and remembering that the key is to make it easy for employees to comply. Intended Audience: Anyone with responsibility for planning and or implementing a security awareness programme, or anyone considering doing so. Objectives: Participants will: - Leave with a bundle of tips and templates for creating engaging and interactive awareness activities in-house. - Take away lessons learned from experience such as the importance of sticking to corporate identity guidelines, and the value of offending just the right number of people. - Take a first step towards planning an awareness campaign for their own organisations. Assumptions: The presentation is not designed to argue the case for an awareness programme. It is assumed that participants already consider awareness a crucial component of any security programme.