Threat Level: green Handler on Duty: Adrien de Beaupre

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Cyber Security Awareness Tip #2: Multimedia Tools, Online Training, and Useful Websites

Published: 2007-10-02
Last Updated: 2007-10-03 13:41:33 UTC
by Robert Danford (Version: 3)
0 comment(s)

Today marks Day 2 of Cyber Security Awareness month. Today's topic off the agenda we compiled from over a hundred excellent submissions from readers.
Agenda: http://isc.sans.org/diary.html?storyid=3429

Multimedia Tools, Online Training, and Useful Websites

User education and awareness training requires creativity. There are a number of good sources for public materials and many sites end up tailoring their own.
This is a multi-part call for input. The first question would be what sources have you found most useful?
What public materials do you see lacking?
And for folks that create their own materials or awareness and training programs what have you found most useful to get points across?

Here's a few links to resources to get things started:
http://www.dhs.gov/xprevprot/programs/gc_1158611596104.shtm
http://www.educause.edu/7479
http://www.staysafeonline.info/

Sharing of URLs is helpful, but it would provide even more benefit to describe experiences using some of these sites and materials or providing feedback on what is lacking in this space.

Many schools have been providing computer security and cyber-ethics education starting at a young age. Maybe our kids can teach us cyber security after they reset the clock on the DVD player and get the wireless router working.

So send us your tips, stories, suggestions and we'll update this diary for Day2 of Cyber Security Awareness Month.

Update #1

Theresa sent us these suggestions:

The following are handy and can help the general user.  I had linked to some as additional resources on an organization's Intranet and for a security awareness program that has not yet gotten off the ground (can't say I haven't tried...)

1.  SiteAdvisor  quizes - spam and spyware.
http://www.siteadvisor.com/analysis/   (see quizes links)

2.  Internet security advice from the RCMP (Canada, eh?)
http://www.rcmp-grc.gc.ca/qc/infos_gen/publications/cybercrime/sec_web_e.htm 

3.  Internet safety advice from the Government of Canada
http://www.safecanada.ca/topic_e.asp?category=3

4.  CNet news Personal security dashboard (okay, a little advanced for the general user)
http://www.news.com/2009-1009-6038680.html

Update #2

Dave sent us this link:

http://www.nsi.org/

Paul sent us these:

http://www.sarc.com

http://www.microsoft.com/technet/security

Roseman sent us this note:

Teach end-users to spot Phishing scams with the "Anti-Phishing Phil" game:

http://cups.cs.cmu.edu/antiphishing_phil/ 

"Anti-Phishing Phil is an entertaining and fun way to inform your employees or customers about phishing attacks and how to avoid them."

(From Carnegie Mellon University)

Found the link thanks to ComputerWorld article:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9039758

Update #3

More submissions arrived overnight, including this from Hank:

As long as we are looking for useful training material we should not forget http://www.IOSS.mil  We always seem to overlook the need for good OPSEC depending upon our line of work.

Andrew sent us this list:

Here is a list that I have compiled for a Cyber Security Awareness program.

http://www.computersecurityday.org/

http://www.fishnetsecurity.com/SecureSkills+Training/Security+Awareness+DVD+Series/default.aspx

http://www.netsmartz.org/index.htm

http://csrc.nist.gov/ATE/

http://www.nsa.gov/ia/academia/acade00001.cfm

http://www.nsa.gov/ia/industry/indus00004.cfm

http://www.us-cert.gov/cas/tips/

http://www.us-cert.gov/reading_room/

http://onguardonline.gov/index.html

http://www.securityanalogies.com/index.php/Main_Page

The last link, security analogies, is pretty useful to put risks into terms that users can understand and relate to.

Nicolas sent us his list of favorite sites:

1.(http://www.securitywizardry.com/radar.htm)

This site is great if you are serious about security and need a lot of real time information on one page, like say for work. It gives you real time updates to your key security tools(Snort/NMap/Kismet/Wireshark/Metasploit/etc.)real time updates to your IDS/IPS(Juniper/Cisco/IntruShield/etc.)real time security news, and security vulnerabilities.

2.(http://www.siteadvisor.com/)

 I use this on my main web browsers(IE/Fx) it is the best tool for anyone...especially the average pc user because once installed, it give a red/green/or yellow mark with complete details to your search engine listing for searches. It tells you before you click on any link what type of sites are connected to that site whether they are malicious or not. Very useful tool, it can be installed on IE, Firefox, and even outlook express client.

3.(http://centralops.net/co/)

 I use this tool daily, it is the best for quickly resolving a suspicious ip address or canonical name with multiple  choices(I look up domain whois record/network whois record/DNS records). Very powerful, and free(up to 50 searches per day).

4.(http://www.domaintools.com/)

 I use this daily as well. Great power tools on top of the Who Is Source, Reverse IP/ Domain History searches very useful when trying to get as much information in a short period of time for effective network analysis.

5.(http://www.trustedsource.org/)

 Great new site for researching trustworthiness of a suspected malicious site. I don't know if any one site is enough when looking for accurate information, so use these powerful tools along with your knowledge/experience/and don't forget the most powerful tool of them all...GOOGLE:)

 

Keywords:
0 comment(s)
Diary Archives