Some great resources are provided below, Enjoy, Dan  _________________________   _______________________________________________________________

Have you done anything recently to raise the security awareness & understanding within your organization? (i.e. how can you have effective security if management and staff do not understand what is required?)

 

I want to point out a truly excellent source of guidance, ideas, tools, etc, to support

your ongoing (endless?) educational awareness efforts; that is; Gary's web site and

his various products and services. A great place to start (in studying Gary's vast effort) is his "freebies" section, i.e. http://www.noticebored.com/html/freebies.html

 

Check it out. (i.e. why start from scratch).

 

I'd also welcome hearing about your sucess stories and the favorite resources that helped you succeed (in raising security awareness and understanding) within your organization.

 

Finally, there are many leading resource available and I've provided a few favorites below.

 

HAGWE.

 

Dan

__________________________________________________________________________

References and recommended reading

1. ·     "Managing an Information Security and Privacy Awareness and Training Program" book by Rebecca Herold
2. ·     "Spies Among Us" book by Ira Winkler
3. ·      "Information Security Policies, Procedures, and Standards" book by Tom Peltier
4. ·     "The Art Of Deception" book by Kevin Mitnick
5. ·     "Building An Information Security Awareness Program" book by Mark Desman
6. ·     "Building an Information Technology Security Awareness and Training Program" NIST Special Publication 800-50
7. ·     ISO/IEC 27001 and 27002 ISO standards for information security management systems
8. ·     www.Neupart. com and www.NoticeBored. com websites describe the information security management intranet system and awareness content service respectively
9. ·     "The True Value of Information Security Awareness" paper by Gary Hinson
10. ·     "Implementing User Security Awareness Training" paper by Kelly Allison
11. ·     "Security Awareness – Are Your Users 'clued in' or 'clueless'?" paper by Robert Held
12. ·     "Implementing a Security Awareness Training Program in Your Environment for Every Day Computer Users" paper by Kelly Nichol
    _____________________________________________________________________

Hi Dan.

I finally found time to put a link to the IT audit article on our website, along with a promotion for EDPACS.

http://www.noticebored.com/html/freebies.html

If there's space, I'll put something very similar in our next newsletter too.

Every little helps!

Kind regards,
Gary

Gary Hinson
Passionate about security awareness
www.NoticeBored.com Creative awareness materials

www.ISO27001security.com ISO/IEC 27000 standards
_____________________________________________

 

Welcome to U.S. Security Awareness!

This site is dedicated to increasing security awareness among the general population and the technology community. The Basic Security section is focused to the average person. The Advanced Security section will be of interest to technologists, senior management and legislators.

http://www.ussecurityawareness.org/

 

Security Awareness Program Development Guidance
This guidance material includes a white paper Key Considerations for Developing Effective Information and Training Programs that outlines how to successfully and effectively address an information security awareness and training program. Included is an accompanying information security awareness presentation titled The Role of Information Security in Everyday Business. This presentation provides content that can be leveraged for effective security awareness presentations to organizations' entire workforces, and also can be used to serve as an official launch of the information security awareness and training program in your organization. Also included is an End User Security Awareness presentation template and video, providing material to help articulate what is involved with building an information security awareness and training program to your management and peers within your company.

http://www.microsoft.com/technet/security/understanding/awareness.mspx

 

Security breach lists are an interesting read and can be useful for:
* Identifying trends in emerging security threats.
* Providing examples of why a control is necessary.
* Citing real world compromises in presentations, etc.
http://www.efortresses.com/refdocs/2006-Breaches-Matrix.pdf
http://www.privacyrights.org/ar/ChronDataBreaches.htm
http://www.cybercrime.gov/cccases.html

 

Security awareness for governance, risk, compliance and business
Information security is a vital element of corporate and IT governance and risk management. It minimizes risks to valuable information assets and maximizes compliance with laws, regulations and standards such as ISO 17799/ISO 27001, HIPAA, SOX, data protection/privacy, software copyright and intellectual property protection, banking industry regulations and many more. 

Secure organizations may confidently pursue new business opportunities that would be considered too risky by their insecure peers. Simply put, good security is good business. 

NoticeBored helps build a genuine security culture through security awareness

http://www.noticebored.com/index.html

 

CERT Launches Podcast Series
The CERT^® Program is pleased to announce the launch of its first podcast series, "Security for Business Leaders," available at http://www.cert.org/podcast. The series will provide both general principles and specific starting points for business leaders who want to launch enterprise-wide security efforts, or who want to ensure that their organizations' existing security program is as effective as possible. New podcasts will be available every two weeks.

 

The newest podcast features Rich Pethia, Director of the CERT Program. Other podcast topics include "Why Leaders Should Care about Security," "The ROI of Security," "Proactive Remedies for Rising Threat," and "Compliance vs. Buy-in."

 

Podcasters can listen to entire conversations, download PDF transcripts, and

investigate additional references in show notes.
"Security for Business Leaders" is the first podcast series for the SEI.

___________________________________________________________

---

Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.

Messages in this topic (1) Reply (via web post) | Start a new topic

Messages | Files | Photos

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Forward
=======
Feel free to forward this email to your colleagues. They may use the
following link for subscription:
https://finance.groups.yahoo.com/group/FinProS/join

or send an email to:

finpros-subscribe@yahoogroups.com

Questions/Comments
==================
We welcome your questions or comments. Please send an email to finpros@yahoo.com.

Cancel subscription
===================
Send an email to finpros-unsubsribe@yahoogroups.com


Remember
========
- Please avoid all your personal emails on groups.

- Where jobs are being advertised, please send your cv at specified email/mailing address considering required qualification into account.

Notice
======
This email is provided for information purposes only. The information
contained does not represent a commitment / agreement on the part of FINPROS Owner/Moderators in the future.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Change settings via the Web (Yahoo! ID required)
Change settings via email: Switch delivery to Daily Digest | Switch format to Traditional
Visit Your Group | Yahoo! Groups Terms of Use | Unsubscribe

•  58
  New Members
•  2
  New Files

Visit Your Group