Hi,
We do a series of social engineering tests on the users and disclose the
results during the Information Security Training program. We stress on
psychological aspects and how Social Engineers use this to compromise
information through human beings.We have seen that this adds a new angle
to the training and makes it interesting.
Apart from this we do the regular password, email, Internet usage
guidelines etc.
Warm Regards,
Anup
Dan Jacob wrote:
For one major client, we developed a web-based Information Security
knowledge assessment, which we deployed instead of a refresher course.
It consists of 24 interactive quesions covering about 10 disciplines.
End-users receive immediate feedback--whether they answer each
question right or wrong--and it enabled my clients to identify areas
of recurring knowledge gaps (which, presumably, they're remediating
offline).
Hope this helps.
Dan Jacob
On 5/17/06, *Buowari, Dagogo (IMT/521)* <Dagogo.Buowari@nlng.com
<mailto:Dagogo.Buowari@nlng.com>> wrote:
Hi List,
My company has had a very successful Information Security
awareness program for the last two years and I'm looking at
reviewing the entire process to enable us continue with the gains
made so far without the annual program becoming monotonous and
people's expectations changing in the negative direction.
Basically, what we used to do is sensitive staff during the week
by way of email, quizzes, etc. Holding Information security
awareness clinics where they attend a one-hour program to watch
video on Information Security, they ask questions and are told of
new events in the IT industry.
Any advise?
Thanks.
Regards,
Dagogo Buowari
Disclaimer Notice This e-mail, any attachments thereto and
response string is intended solely for the attention and use of
the addressee(s) named herein and may contain legally privileged
and/or confidential information. In the event that you are not the
intended recipient(s) of this e-mail and any attachments thereto,
be notified that any dissemination, distribution or copying of
this e-mail and any attachments thereto, is strictly prohibited.
If you have received or otherwise encountered this e-mail in
error, please immediately notify the sender and permanently delete
the e-mail, any attachments and response string as well as any
copy printout in connection therewith.
--
Dan Jacob
917.647.0880
www.hcAnalytics.com <http://www.hcAnalytics.com>
--
Warm Regards,
Anup Narayanan
CISA, CISSP
Founder & Sr. Consultant
First Legion Consulting,
2nd Floor, Melka Tower,
Cheruparampath Road,
Kochi, Kerala, India, Pin - 682020
www.firstlegion.net
Information contained and transmitted by this e-mail is confidential, proprietary, and legally privileged data of First Legion Consulting Pvt. Ltd, that is intended for use only by the addressee. If you are not the intended recipient, you are notified that any dissemination, distribution, or copying of this e-mail is strictly prohibited and you are requested to delete this e-mail immediately and notify the originator. Opinions, conclusions and other information in this message that do not relate to official business of the company shall be understood to be neither given nor endorsed by First Legion Consulting. The recipient should scan this email and any attachments for viruses as First Legion Consulting is not liable for the presence of viruses in this email. First Legion Consulting does not accept liability for any errors or omissions as the internet communications cannot be guaranteed to be timely, secure, error or virus-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete.
To know more about First Legion Consulting, please visit
http://www.firstlegion.net
