Building
a Security Awareness Program - CyberGuard
Hackers, worms and viruses grab the headlines, but the real threat
often comes not from outside the organization but within. Social
engineering and unhappy employees pose very real risks to network
security. How do you address the problem? This article offers
a practical approach to setting up an effective security awareness
program that gets everyone in the organization on board.
NIST
800-50: Security Awareness and Training Program
This NIST publication provides detailed guidance on designing, developing, implementing, and maintaining
an awareness and training program within an agency's IT security program.
NIST 800-16:
Information Technology Security Training Requirements (188 pages)
The overall goal for use of this document is to facilitate the development or strengthening of a
comprehensive, measurable, cost-effective IT security program which supports the missions of the
organization and is administered as an integral element of sound IT management and planning. Protecting
the value of an organization’s information assets demands no less. This approach allows senior officials
to understand where, in what way, and to what extent IT-related job responsibilities include IT security
responsibilities, permitting the most cost-effective allocation of limited IT security training
resources. Appendix A-DAppendix E
Security
Awareness Tips - Gideon T. Rasmussen
Security tips are a key component to any awareness program. They
should advise of best practices and reinforce policy.These tips
are written with the average person as the intended audience.
The site randomly displays information security tips. Companies
can use it internally to educate their user community. The site
and script are free to download.
Security
Awareness Toolbox - The Information Warfare Site
The Security Awareness Toolbox contains many useful documents
and links. The Main Documents section was contributed by Melissa
Guenther. The Toolbox is a rich source of awareness material.
SANS
Reading Room - Security Awareness Section
Most of the computer security white papers in the Reading Room
have been written by students seeking GIAC certification to fulfill
part of their certification requirements and are provided by SANS
as a resource to benefit the security community at large.
NoticeBoard
Newsletter
NoticeBored offers a free awareness newsletter covering a different
information security topic each month. The newsletter provides
an introduction to the monthly topic, describes the information
security risks and outlines the remaining security awareness materials
delivered to NoticeBored customers.
Security
Awareness Group - Yahoo Groups
The security awareness group provides a forum to discuss awareness program methodologies and share
security awareness tips. Those interested in learning more about information security will benefit from
the exchange of tips and the opportunity to ask questions.
Security Awareness Posters
Attentus Healthcare Company in cooperation with DasSign has provided
security awareness posters in the interest of public education.
These posters can be used and distributed freely without obligation.
Security
Awareness Posters - Information Warfare Site The Information Assurance Awareness posters were provided
as a courtesy by Keesler Air Force Base. You may download the
posters and submit to your graphics department to tailor to your
organizations specifications. This page includes links to posters
on other sites as well.
