donald hester april 20, 2010 for audio call toll free 1 - 888-886-3951 and use pin/code 254482 it...
TRANSCRIPT
![Page 1: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/1.jpg)
Donald HesterApril 20, 2010
For audio call Toll Free 1-888-886-3951
and use PIN/code 254482
IT Best Practices for Community Colleges Part 4: Awareness TrainingIT Best Practices for Community Colleges Part 4: Awareness Training
![Page 2: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/2.jpg)
• Maximize your CCC Confer window.• Phone audio will be in presenter-only mode.• Ask questions and make comments using the chat window.
HousekeepingHousekeeping
![Page 3: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/3.jpg)
Adjusting AudioAdjusting Audio
1) If you’re listening on your computer, adjust your volume using the speaker slider.
2) If you’re listening over the phone, click on phone headset.
Do not listen on both computer and phone.
![Page 4: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/4.jpg)
Saving Files & Open/close CaptionsSaving Files & Open/close Captions
1. Save chat window with floppy disc icon
2. Open/close captioning window with CC icon
![Page 5: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/5.jpg)
Emoticons and PollingEmoticons and Polling
1) Raise hand and Emoticons
2) Polling options
![Page 6: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/6.jpg)
Donald Hester
IT Best Practices for Community Colleges Part 4: Awareness TrainingIT Best Practices for Community Colleges Part 4: Awareness Training
![Page 7: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/7.jpg)
Awareness is not training The purpose of awareness presentations
is simply to focus attention on security Awareness presentations are intended to
allow individuals to recognize IT security concerns and respond accordingly
Security awareness efforts are designed to change behavior or reinforce good security practices
7
![Page 8: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/8.jpg)
In awareness activities, the learner is the recipient of information
the learner in a training environment has a more active role
Awareness relies on reaching broad audiences with attractive packaging techniques
Training is more formal, having a goal of building knowledge and skills
8
![Page 9: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/9.jpg)
9
![Page 10: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/10.jpg)
Cycle of Security Training Awareness ProgramCycle of Security Training Awareness Program
Establish a policy Assign responsibility (CIO, Director) Needs assessment Develop Awareness and Training
Materials Implementation of the program Update and monitor program
![Page 11: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/11.jpg)
11
![Page 12: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/12.jpg)
What awareness, training and/or education are needed?
What is currently being done to meet these needs?
How well is it working? Which needs are most critical? NIST SP 800-50 has a Sample Needs
Assessment and Questionnarie
12
![Page 13: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/13.jpg)
13
![Page 14: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/14.jpg)
Availability of Material/Resources• In house or outsourced
Role and Organizational Impact• How ill this help people do their job
• How will this help us reach our overall goals
State of Current Compliance• How informed are staff and students about security
and privacy practices
Critical Project Dependencies • Funding
14
![Page 15: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/15.jpg)
“What behavior do we want to reinforce?” (awareness)
“What skill or skills do we want the audience to learn and apply?” (training)
Watch out for the “we’re here because we have to be here” attitude
An awareness and training program can be effective, if the material is interesting and current
15
![Page 16: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/16.jpg)
One way to get users involved and invested in the training is to make the training cover topics they are interested in
For example a class on “FaceBook” or “MySpace”
Users are interested in what they are interested in, use it to your advantage
16
![Page 17: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/17.jpg)
17
•Password usage and management •Unknown e-mail attachments •Policy•Personal use and gain issues •System and application patching•Personal systems at work
•Web usage•Data backup and storage •Social engineering•Inventory and property transfer •Portable device issues•Laptop security•Physical security•Software licensing•Use acknowledgements
![Page 18: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/18.jpg)
Use marketing skills Get students involved Assignment for class Branding Use Social Media Use Posters Use Email reminders Leverage Safety Awareness Mascots Alerts
18
![Page 19: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/19.jpg)
Website notices RSS Feeds Posters Emails Announcements Logon banners Seminars and classes Games and contests Awards
19
Use real life examples of incidents
Use incidents as an opportunity to teach “what not to do”
The news has stories everyday you can use
The best stories are often those “closest to home”
![Page 20: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/20.jpg)
Upon hire and annually thereafter Must complete before access is granted Serves as notification (legal) What do they need to know to do their job A basic IT security course – often online
20
![Page 21: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/21.jpg)
21
http://blogs.technet.com/askds/archive/2008/02/08/deploying-legal-notices-to-domain-computers-using-group-policy.aspx
Some people question the usefulness of these
warnings
Some people question the usefulness of these
warnings
However it serves at the least as a subconscious
reminder
However it serves at the least as a subconscious
reminder
Legal questions ariseLegal questions arise
![Page 22: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/22.jpg)
22
![Page 23: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/23.jpg)
23
![Page 24: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/24.jpg)
24
![Page 25: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/25.jpg)
25
![Page 26: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/26.jpg)
26
![Page 27: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/27.jpg)
27
Continuous improvement should always be the theme for security awareness and training initiatives, as this is one area where “you can never do enough.”
![Page 28: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/28.jpg)
28
![Page 29: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/29.jpg)
Frequency that each target audience should be exposed to material
Documentation, feedback, and evidence of learning for each aspect of the program
Evaluation and update of material for each aspect of the program
Is this working???
29
![Page 30: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/30.jpg)
Training is separate from awareness but there overlapping areas
The goal of training is to produce relevant and needed skills and competencies
It is crucial that the needs assessment identify those individuals with significant IT security responsibilities, assess their functions, and identify their training needs
30
![Page 31: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/31.jpg)
Training plan should identify an audience, or several audiences, that should receive training tailored to address their IT security responsibilities
Each user may need specific training for their job• Network admins may need Windows or Cisco
security training
• Admissions may need special training for handling student records
31
![Page 32: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/32.jpg)
This course falls under training Focus on job roll skills and competencies
• Specifically tailored for managers and decision makers
• Designed to help them (You) with their job function
Online delivery (CCCConfer) Live instructor and recorded archive
32
![Page 33: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/33.jpg)
Sufficient funding to implement the agreed-upon strategy Appropriate organizational placement to enable those with key
responsibilities to effectively implement the strategy Support for broad distribution (e.g., web, e-mail, TV) and posting of
security awareness items Executive/senior level messages to staff regarding security Use of metrics (e.g., to indicate a decline in security incidents or
violations) Managers do not use their status in the organization to avoid security
controls that are consistently adhered to by the rank and file Level of attendance at mandatory security forums/briefings Recognition of security contributions (e.g., awards, contests) Motivation demonstrated by those playing key roles in
managing/coordinating the security program
33
![Page 34: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/34.jpg)
Consider Partnerships• Other community colleges have the same needs – work together
Books• Managing an Information Security and Privacy Awareness and
Training Program ISBN 978-1439815458
Standards and Guidance• NIST SP 800-50 Building an IT Security Awareness and Training
Program
Posters• Monthly subscriptions
http://www.securityawareness.com/postersub.htm
• New York http://www.cscic.state.ny.us/cscorner/events/2008/index.cfm
Social Media Example• http://www.facebook.com/group.php?gid=245570977486
34
![Page 35: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/35.jpg)
Donald E. HesterCISSP, CISA, CAP, MCT, MCITP, MCTS, MCSE Security, Security+
Maze & Associates
@One / San Diego City College
www.LearnSecurity.org
http://www.linkedin.com/in/donaldehester
http://www.facebook.com/group.php?gid=245570977486
Q&AQ&A
![Page 36: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/36.jpg)
Evaluation Survey LinkEvaluation Survey Link
Help us improve our seminars by filing out a short online evaluation survey at:
http://www.surveymonkey.com/s/10SpIT4
![Page 37: Donald Hester April 20, 2010 For audio call Toll Free 1 - 888-886-3951 and use PIN/code 254482 IT Best Practices for Community Colleges Part 4: Awareness](https://reader035.vdocuments.mx/reader035/viewer/2022062618/5514e78955034693478b5a98/html5/thumbnails/37.jpg)
Thanks for attendingFor upcoming events and links to recently archived
seminars, check the @ONE Web site at:
http://onefortraining.org/
IT Best Practices for Community Colleges Part 4: Awareness TrainingIT Best Practices for Community Colleges Part 4: Awareness Training