security awareness: taking the medicine and liking it shirley c. payne director for security...

Security Awareness: Taking the Medicine and Liking It

Shirley C. PayneDirector for Security Coordination

University of Virginia

EDUCAUSE ConferenceOctober 4, 2002

Copyright Shirley C. Payne, 2002. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational

purposes, provided that this copyright appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to

republish requires written permission from the author.

Additional Contributor:

Scott Crittenden Publications & Communications Group

Information Technology & Communication Dept.University of Virginia

Agenda

U.Va.’s target audiences

Key components of security awareness program

Lots of examples

Publication tips

Critical success factors

TargetAudiences

StudentsFaculty

Healthcare Professionals

Local Citizens

Researchers

Staff

State/Local Govt.

Local Businesses

And, U.Va.’s Executive Management

U.Va.’s Security Awareness Program Consists of Many Components

Handbooks & Online Quiz

Security Topic Incorporated Into Various Courses

System Administrator Security Education

Meeting Presentations

Role-based Security Website

Virus & Worm Alerts

Articles, Web Ads & Handouts

Brochure Sample

Postcard Sample

Security Awareness Month Initiative

Video

Many Components Working in Concert

Builds a Security Aware Community

Publication Tips

Take the message to your audience

Put the message everywhere

Write to short attention spans

Make it real

Make ‘em laugh

Repetition is good

WebsitesUniversity Cable ChannelLocal Broadcast TVRadioBus CardsStudent NewspaperFaculty/Staff NewspaperLocal NewspaperHelp DeskDining HallsInformation Tables

Critical Success Factors

Place computer security in broader context of general security and safety issues

Partner with other institutional entities, e.g. Police, HR, student organizations, hospital, etc.

Be consistent in your message, but tailor it for varied audiences

Ensure awareness program is supported by effective security policies

More Critical Success Factors

Tackle greatest vulnerabilities first

Obtain input from front-line technical staff

Target all levels of the institution, and perhaps beyond institutional boundaries

Capitalize on expertise throughout the institution and on the institution’s partners

Don’t stop

Additional Information & Assistance:

Security Awareness Program Toolkit

Shirley Payne(434) 924-4165

payne@virginia.edu