Barbara E. Endicott-Popovsky, Ivan Orton, Kirk Bailey, Deb Frincke
{"title":"Community security awareness training","authors":"Barbara E. Endicott-Popovsky, Ivan Orton, Kirk Bailey, Deb Frincke","doi":"10.1109/IAW.2005.1495976","DOIUrl":null,"url":null,"abstract":"NIST special publication 800-50 outlines standards for the development and implementation of security awareness training by Wilson, M. and Hash, J. (2003). Recognizing that the \"peoplefactor\" is the weakest link, NIST recommends that all users of any information system be made aware of their roles and responsibilities in maintaining security by Wilson, M. and Hash, J. (2003). Further, to be effective, any awareness event should be designed for the intended audience, built around a message and desired outcomes and gain attention by Wilson, M. and Hash, J. (2003). Such a security awareness event was conducted for the business community leadership in Seattle, Washington. The purpose was to alert them to the risks of identity theft through misuse of online search engines. The means adopted for focusing attention, was a Google-hacking contest. Based on observations of this trial, the authors suggest that a security awareness program, based on NIST standards, can be effective, not only for organizations, but for specifically defined communities, as well. This paper describes the event, the outcomes and the authors' conclusions. The approach presented in this paper could be repeatable in any community for a variety of purposes.","PeriodicalId":252208,"journal":{"name":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IAW.2005.1495976","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7
Abstract
NIST special publication 800-50 outlines standards for the development and implementation of security awareness training by Wilson, M. and Hash, J. (2003). Recognizing that the "peoplefactor" is the weakest link, NIST recommends that all users of any information system be made aware of their roles and responsibilities in maintaining security by Wilson, M. and Hash, J. (2003). Further, to be effective, any awareness event should be designed for the intended audience, built around a message and desired outcomes and gain attention by Wilson, M. and Hash, J. (2003). Such a security awareness event was conducted for the business community leadership in Seattle, Washington. The purpose was to alert them to the risks of identity theft through misuse of online search engines. The means adopted for focusing attention, was a Google-hacking contest. Based on observations of this trial, the authors suggest that a security awareness program, based on NIST standards, can be effective, not only for organizations, but for specifically defined communities, as well. This paper describes the event, the outcomes and the authors' conclusions. The approach presented in this paper could be repeatable in any community for a variety of purposes.
NIST特别出版物800-50概述了Wilson, M.和Hash, J.(2003)开发和实施安全意识培训的标准。认识到“人员因素”是最薄弱的环节,NIST建议任何信息系统的所有用户都要意识到他们在维护安全方面的角色和责任(Wilson, M. and Hash, J. 2003)。此外,为了有效,任何意识事件都应该为目标受众设计,围绕信息和期望的结果建立,并获得Wilson, M.和Hash, J.(2003)的关注。这样的安全意识活动是在华盛顿州西雅图为企业界领导进行的。其目的是提醒他们注意滥用在线搜索引擎导致身份被盗的风险。为了吸引人们的注意力,他们举办了一场谷歌黑客大赛。基于对该试验的观察,作者建议基于NIST标准的安全意识计划不仅对组织有效,而且对特定定义的社区也有效。本文描述了事件、结果和作者的结论。本文中提出的方法可以在任何社区中重复用于各种目的。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
