End-user awareness education for company newsletter

Tags:
Application security
backdoors
Career Development
Current threats
Database
Encryption
Hacking
human factors
Instant Messaging
Microsoft Exchange
Secure Coding
Security
Spyware
Training
Trojans
Viruses
worms
I have been given the task of developing user awareness 1-pager fact sheets to be distributed on a monthly basis in our company newsletter and posted on our intranet. I can write these from scratch but was hoping not to have to reinvent the wheel. Help?

Answer Wiki

Thanks. We'll let you know when a new response is added.

What is the area of discussion, or topic(s)? Information security awareness?

Discuss This Question: 11  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • CalendarGirl
    Sorry. I only sent this out to security people, so yes...IT security. I'm thinking topics would include education on phishing, social engineering, what kind of e-mail not to open, why strong passwords are important -- that sort of thing. If you know of any good online resources, I'd be grateful. Thanks!
    0 pointsBadges:
    report
  • Bobkberg
    I just did a Google search for "user-awareness training", and came up with quite a few relevant hits. There are companies out there producing training materials. For subject basics, I'd suggest the following areas as a starter... - How to avoid viruses, worms, trojans and such (be careful what you download and open - things are not always what they seem to be) - Copyright versus copying (Peer to peer, pirated software, etc.) - Social Engineering (Not giving out unnecessary information, polite challenging and verification) - Protecting confidentiality (Emailing in the clear, sharing drives/folders, authorized, need-to-know, locking screens, legal compliance) - Patching (explain vulnerabilities at multiple levels, network, web pages/servers/browsers, applications, etc. Hope that helps, Bob
    1,070 pointsBadges:
    report
  • CalendarGirl
    Thanks Bob!
    0 pointsBadges:
    report
  • DrillO
    I generally use articles from some of the better known Anti-virus/Sercurity companies.......users seem to like it. You might consider subscribing to some newsletters. good luck Paul
    15 pointsBadges:
    report
  • ItDefPat1
    I would be real careful to keep it simple. One idea is to report on what the mainline media (e.g. CNN, ABC, etc.,) reports. This will keep the topics simple enough for almost any audience. CNN has a good security/privacy newsletter that is pertinent and easy to read. Also, you might get more attention if you mix InfoSec with news, like ID fraud, and privacy issues. The latter are more personal and focused. If you are doing for your enterprise, you'll want to tie the topics to business issues. Compliance organizations (e.g. http://www.itcinstitute.com/ and many others) might also give other facets for discussion. Your efforts aren't training, you want awareness. If you can instigate discussion, then you are probably succeeding. Look for anecdotal stories (real events and experiences) more than just facts. You might glean some from sources like Computer Security Institute, which annually collaborates with the FBI (these reports mostly show that insiders are the bigger, worse problem . . . ;-). Also look at the ISC2 CISSP BOK and ISACA CISM BOK. ISC2 materials will describe this under Awareness, OpSec, Security Managment; ISACA describes in Governance, Security Program Mangement. Feedback if you need more . . .
    15 pointsBadges:
    report
  • CalendarGirl
    Paul, That's a good idea...what about copyright? Do you just rephrase/refocus or do you know of a company who gives the content away for free? I must confess I was hoping to find some .org or .gov site that would supply me with content for free (and all I'd have to do was organize it or add a couple sentences to align it with our company policy) but have been unable to find much free stuff. Like Bob said, above, there's plenty of companies willing to sell me stuff but I have no budget for this.
    0 pointsBadges:
    report
  • Eddieb61
    Here is a nice site that may give you some tips and ideas...hope it helps! http://www.infosyssec.net/infosyssec/secpol1.htm
    0 pointsBadges:
    report
  • Stanslad
    Perhaps if you put something in that would help users with their home pc/internet use in addition to corporate messages they would be more inclined to read it.
    0 pointsBadges:
    report
  • Poppaman2
    You might also wish to look at some of the stuff that the SANS Institute puts out - I realize it's a bit on the geeky side for a general information type of newsletter, but it might be good to have a "Dummies" style link to additional information if someone wants to see a more in depth discussion of a particular issue. Check here: http://www.sans.org/newsletters/ especially their "Ouch!" newsletter. Check with them for reprint permissions (I don't know whether you'll need them or not). You might also be interested in their "Newsbites" newsletter: it has lots of good useable stuff in it... Check with The Register as well: Simon Trafaglias VERY irreverent BOFH series might make an amusing addition on occasion...
    0 pointsBadges:
    report
  • Solutions1
    If you implement a blog and/or an internet news aggregator, you can then enroll in RSS feeds from various publications, vendors or other sources. RSS will feed stories into your blog and then you can pick which one to publish in the newsletter. Yahoo, Google and others provide free blog and news aggregator capabilities.
    0 pointsBadges:
    report
  • Spywarebiz
    There are tons of great Articles out there for free reprint. I write articles to promote by Business and i submit em to about a zillion great article sites. Take Care
    90 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following