My Thoughts - Disclaimer Opinions are those of the author and do not necessarily reflect a position of CTSC or any funding agency.
Stakeholders Parent Institution Helpdesk Staff External Institutions Public Relations Dept Funding Agencies Legal Dept Senior Management Human Resources Deptt PIs and managers IT Staff Cybersecurity Team Internal - end-user (by function) Infrastructure Admins External - end-user (by function) Code developers Contractors/sub-contractors Web designers Anonymous Desktop Admins
Typical Topic Areas ● Security Awareness ● Encryption/Data ● You Are The Target Protection ● Social Engineering ● Mobile Devices ● Email and Instant ● Protect Your Computer Messaging ● Wi-Fi Security ● Using Your Browser ● Social Networking Safely ● Reporting a Security ● Passwords Incident
Why Do We Fail? ● Too many topics ● Too much information ● Infrequent delivery ● Not relevant to daily tasks ● Poor practices ● No management backing ● No consequence for poor security
How Do We Succeed? ● Select only a few topics at a time ● Concentrate on indicators of danger ● Continuous w/ periodic check-ups ● Tailor message to the audience ● Practice what you tell others to do ● Ensure management understands ● Obtain support for consequences
Remember ... Shameless plug ….
CTSC Provides Training for CI Professionals
CTSC has Slides for End-User Training Contact: Jim Marsteller for more information jam@psc.edu The slide deck covers the “typical topics” https://docs.google.com/presentation/d/1bS19nStvQOODmH-PqW8Lro0n49H3L__o2EhfHrY08Go
CTSC Guide Template - Acceptable Use Policy ● ● ● ● ● ●
CTSC Guide Template - Incident Response Policy ● ● ● ●
A Note About Privacy Policies ... ● ● ● … ●
Thank You! We thank the National Science Foundation (grant 1234408) for supporting our work. The views and conclusions contained herein are those of the author and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the NSF.
Recommend
More recommend