Opinions are those of the author and do not necessarily reflect a position of CTSC or any funding

agency.

My Thoughts - Disclaimer

Parent InstitutionExternal InstitutionsFunding AgenciesSenior ManagementPIs and managersCybersecurity TeamInfrastructure AdminsCode developersWeb designersDesktop Admins

Stakeholders

Helpdesk StaffPublic Relations DeptLegal DeptHuman Resources DepttIT StaffInternal - end-user (by function)External - end-user (by function)Contractors/sub-contractorsAnonymous

● Security Awareness● You Are The Target● Social Engineering● Email and Instant

Messaging● Using Your Browser

Safely● Passwords

● Encryption/Data Protection

● Mobile Devices● Protect Your Computer● Wi-Fi Security● Social Networking● Reporting a Security

Incident

Typical Topic Areas

● Too many topics● Too much information● Infrequent delivery● Not relevant to daily tasks● Poor practices● No management backing● No consequence for poor security

Why Do We Fail?

● Select only a few topics at a time● Concentrate on indicators of danger● Continuous w/ periodic check-ups● Tailor message to the audience● Practice what you tell others to do● Ensure management understands● Obtain support for consequences

How Do We Succeed?

Shameless plug ….

Remember ...

CTSC Provides Training for CI Professionals

Contact: Jim Marsteller for more information

jam@psc.edu

The slide deck covers the “typical topics”

https://docs.google.com/presentation/d/1bS19nStvQOODmH-PqW8Lro0n49H3L__o2EhfHrY08Go

CTSC has Slides for End-User Training

●●●

●●

●

CTSC Guide Template - Acceptable Use Policy

●

●●

●

CTSC Guide Template - Incident Response Policy

●●● …●

A Note About Privacy Policies ...

We thank the National Science Foundation (grant 1234408) for supporting our work.

The views and conclusions contained herein are those of the author and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the NSF.

Thank You!