|
SECURITY AWARENESS PROGRAMS
NIST
800-50: Security Awareness and Training Program
This NIST publication provides detailed guidance on designing,
developing, implementing, and maintaining an awareness and training
program within an agency's IT security program.
ENISA: A Users’ Guide: How to Raise Information
Security Awareness
This document illustrates the main processes necessary to plan,
organise and run information security awareness raising initiatives:
plan & assess, execute & manage, evaluate & adjust. Each process
is analysed and time-related actions and dependencies are identified.
The process modelling presented provides a basis for "kick-starting"
the scoping and planning activities as well as the execution and
assessment of any programme. The Guide aims to deliver a consistent
and robust understanding of major processes and activities amoung
users.
NIST
800-16: Information Technology Security Training Requirements
(188 pages)
The overall goal for use of this document is to facilitate the
development or strengthening of a comprehensive, measurable, cost-effective
IT security program which supports the missions of the organization
and is administered as an integral element of sound IT management
and planning. Protecting the value of an organization’s information
assets demands no less. This approach allows senior officials
to understand where, in what way, and to what extent IT-related
job responsibilities include IT security responsibilities, permitting
the most cost-effective allocation of limited IT security training
resources.
Appendix A-D
Appendix E
Building
a Security Awareness Program - CyberGuard
Hackers, worms and viruses grab the headlines, but the real threat
often comes not from outside the organization but within. Social
engineering and unhappy employees pose very real risks to network
security. How do you address the problem? This article offers
a practical approach to setting up an effective security awareness
program that gets everyone in the organization on board.
Security
Awareness Toolbox - The Information Warfare Site
The Security Awareness Toolbox contains many useful documents
and links. The Main Documents section was contributed by Melissa
Guenther. The Toolbox is a rich source of awareness material.
SANS
Reading Room - Security Awareness Section
Most of the computer security white papers in the Reading Room
have been written by students seeking GIAC certification to fulfill
part of their certification requirements and are provided by SANS
as a resource to benefit the security community at large.
University
of Arizona Security Awareness Page
The UA security awareness site contains awareness presentations,
videos and posters. It's a good site to explore.
IIA Tone at the Top
Awareness Newsletter
Mission: To provide executive management, boards of directors, and audit committees with
concise, leading-edge information on such issues as risk, internal control, governance,
ethics, and the changing role of internal auditing; and guidance relative to their roles
in, and responsibilities for the internal audit process.
Security Awareness Tips
Stop.Think.Connect.
The Stop.Think.Connect. Campaign is a national public awareness campaign aimed at increasing the
understanding of cyber threats and empowering the American public to be safer and more secure online.
Cybersecurity is a shared responsibility. We each have to do our part to keep the Internet safe. When
we all take simple steps to be safer online, it makes using the Internet a more secure experience for
everyone.
StaySafeOnline
The Internet is a powerful and useful tool, but in the same way that you shouldn't drive without
buckling your seat belt or ride a bike without a helmet, you shouldn't venture online without taking
some basic precautions.
National Institute for Cybersecurity Studies
(NICS)
To make cybersecurity materials more readily-available, the government developed NICS. It serves as
a national resource for government, industry, academia, and the general public to learn about
cybersecurity awareness, education, careers, and workforce development opportunities.
SANS Securing The Human
Program
The SANS Securing The Human Program provides everything your organization needs for an effective
security awareness program. This site includes free resources to make your security awareness
program a success, including project plans, awareness surveys and execution checklists.
Cyber Security Tips - US-CERT
Cyber Security Tips describe common security issues and offer advice for non-technical home and corporate
computer users. Although each one is restricted to a single topic, complex issues may span multiple tips.
Each tip builds upon the knowledge, both terminology and content, of those published prior to it.
Cyber Security Alerts - US-CERT
Cyber Security Alerts provide timely information about current security issues, vulnerabilities, and exploits.
They are released in conjunction with Technical Cyber Security Alerts when there is an issue that affects the
general public. Cyber Security Alerts outline the steps and actions that non-technical home and corporate
computer users can take to protect themselves from attack.
Security Awareness Tips - Gideon T.
Rasmussen
Security tips are a key component to any awareness program. They should advise of best practices and
reinforce policy.These tips are written with the average person as the intended audience. The site randomly
displays information security tips. Companies can use it internally to educate their user community. The site
and script are free to download.
Security Awareness Posters
Information
Assurance Awareness Posters - Information Warfare Site
These awareness posters were provided as a courtesy by Keesler Air Force Base. You may download the
posters and submit to your graphics department to tailor to your organizations specifications. This page
includes links to posters on other sites as well.
|
|
|
|
|