Dear Dashti,
There are some special trainings where you can learn more about how to build
an efficient information security awareness within your organisation, but
these are some basic tips:
- try to align the awareness program to your company information security
policies,
- adjust the training to the specific incidents or risks that are most
common to your organisation,
- use graphs, statistics, films, posters, banners etc - try to make a
dynamic but also an ongoing process,
- do not forget to measure the efficiency of the whole program,
- I would personally start from the top management.
Try different consultants and awareness vendors, for sure they can help you
with some ideas. My friends at infosecuritylab used to offer three months
free awareness training - so you can train your staff for free by a computer
supported environment and see, if this is applicable for you. Sometimes it
is easier to do face-to-face training. Also I would recommend you to see the
video that was prepared and shows the entire process:
http://www.infosecuritylab.com/downloads/walkthrough/walkthrough.wmv.
One of my students recently managed to get all the information from a bank
account in less then 6 hours spent on the phone, by using specific topics of
social engineering. It is a long story, but you would not believe, how
simple it can be. Bank employees are specially vulnerable to those attacks,
therefore try to do some awareness in the most simple areas of information
security.
Be secure,
A.
P.S.: Try to measure whatever you do, so you can improve the process in the
future!
Dear all ...
Can someone help me on how to build good IT Security Awareness
program ..
Thanx
May A Dashti
IT Security Officer
Risk Management
Kuwait Real Estate Bank
Tel. (965) 888 999 - Ext. 3144
