Cyber Security Awareness Month

Cyber Security Awareness Month - 2010
October is Cyber Security Awareness Month, and as we have done the past three years we plan to use our handler diaries throughout the month to conduct a deep dive into various security issues. In 2007 we covered a large range of subjects based on what our readers submitted as ideas. In 2008 we took a closer look at the six steps of incident handling. Last year we examined 31 different ports/services/protocols/applications and discussed some of the major security issues plus passed along reader comments on tips and tricks for securing it. This year we are going to "borrow" an idea from Lance Spitzner and focus on ways to Secure the Human. In other words, we are going to talk about Layer 8, the carbon layer. We're still finalizing our list but here is how we think it will go each day in October. We plan to discuss the actions taken by people, rather than ports, protocols, software, etc. as we've done the past few years. Week One (Oct 1-9) Parents and extended family 1 - Securing the family PC 2 - Securing the family network 3 - Recognizing phishing and online scams 4 - Managing email 5 - Sites you should stay away from 6 - Computer monitoring tools 7 - Remote access and monitoring tools 8 - Patch management and system updates 9 - Disposal of an old computer Week Two (Oct 10-16) Children, schools, and young friends 10 - Safe browsing for pre-teens 11 - Safe browsing for teens 12 - Social media usage 13 - Online bullying 14 - Securing a public computer 15 - What teachers need to know about their students 16 - Securing a donated computer Week Three (Oct 17-23) Bosses 17 - What a boss should and should not have access to 18 - What you should tell your boss when there's a crisis 19 - VPN and remote access tools 20 - Securing mobile devices 21 - Dealing with insane requests from the boss 22 - Security of removable media 23 - Importance of compliance Week Four (Oct 24-31) Co-workers 24 - Using work computers at home 25 - Using home computers for work 26 - Sharing office files 27 - Use of social media in the office 28 - Role of the employee 29 - Role of the office geek 30 - Role of the network team 31 - Tying it all together By the way, Cyber Security Awareness Month has expanded beyond the United States. Since 2007, Canada also recognizes the month of October for cyber security awareness. If you know of other countries that are recognizing October as Cyber Security Awareness Month, please pass them to us via our contact form and we'll update this diary to get a more complete list. Canada: http://www.publicsafety.gc.ca/prg/em/cbr/index-eng.aspx United States: http://www.dhs.gov/files/programs/gc_1158611596104.shtm As the month goes on all diaries in this set can be found with the following link: http://isc.sans.edu/tag.html?tag=2010%20cyber%20security%20awareness%20month Marcus H. Sachs Director, SANS Internet Storm Center	Marcus 301 Posts ISC Handler Oct 1st 2010
Thread locked Subscribe	Oct 1st 2010 1 decade ago
Another patronising Cyber security awareness month. Andrew	Anonymous
Quote	Oct 1st 2010 1 decade ago
Patronising? Maybe to you. Submit something that's useful if you're so bored with the topics presented. The human element is an important issue for many people and needs to be addressed. I use the topics presented here as a part of training for my end-users.	Snow 1 Posts
Quote	Oct 1st 2010 1 decade ago
I think these are great topics and I can't wait to read them. We're trying to implement a security awareness campaign at my company and I plan to share some of these tips with our users. I think it's important to teach users overall best practices rather than limiting them to only what they should do at the office. They care more when it's their own information on the line so good habits fostered at home by teaching the person can carry over to protecting corporate systems/data.	Joe 1 Posts
Quote	Oct 1st 2010 1 decade ago
One of the most important things about the community we have here on the ISC site is the war stories. I think that all of us learn more from a tale of someone's concrete problem, its fix or not, and the post mortem. I know that I certainly feel better about a technique or explanation founded in reality over an imaginary one... e.g. and the punch line is "Assume a firehose..."	BezantSoft 14 Posts
Quote	Oct 3rd 2010 1 decade ago
Patronizing: Treat with an apparent kindness that betrays a feeling of superiority. Exactly how is Cyber Security Month or the specific listing of items to be covered patronizing? (It is unclear what you are objecting to.) Further, in what way is your comment constructive, illuminating or germane to the discussion? Or, do you simply enjoy wasting peoples' time with such arrogant burbling? Personally, I find the month's topics generally interesting. It gives me a view as to what issues others are dealing with, and some of their solutions. No matter how much I may know (after forty years in the industry that is a fair amount), there is always something that may be new, overlooked, forgotten or simply intriguing. Sharing knowledge is a hallmark of wisdom. So, I look forward to each day's topics, if nothing else to assure myself that I have not missed something I ought to be aware of, as I am neither perfect nor omniscient.	Rastech 18 Posts
Quote	Oct 4th 2010 1 decade ago
Marcus - This diary page would be more useful as a "jumping off point" if the topics were converted to links as the various items are published.	Ken 40 Posts
Quote	Oct 13th 2010 1 decade ago
All diaries can be found by using the following link. isc.sans.edu/… After the month is complete a summary will be produced which will contain all the links.	Rick 317 Posts ISC Handler
Quote	Oct 13th 2010 1 decade ago