6. First seen
1991
‘to raise community awareness to confidentiality
and possible legal requirements in treatment
of sensitive University information’.
7. First seen
2000’s
‘The central goal of any security awareness
program is to influence people to change
their behavior and attitudes’
‘A strong IT security program can not be put
in place without significant attention given to
training users on agency IT security'.
9. Several channel to raise awareness..
• Books
• Blogging
• Social media
• Discussion forums
• Academic and governmental initiatives
• Private initiatives (from organization to its employees)
• Inter-organizational community projects
• CERTs, CIRTs, WARPs
• Educational and informational coalitions
10. A few initiatives
• PCI Security Standard Council
• Best Practices for Implementing
a Security Awareness Program
20. We can reach our customers… and a bunch of other people
• Access to educational material built into a software package
• Informational apps for mobile devices
• ‘Tips’ web sites and blogs
• Discussion forums
• Consumer-oriented informational newsletters
• Podcasts, videos and so on
• Sponsored books
21. We are not the solution, we are just part of it.
23. … that awareness works, that users can learn how to protect themselves
from cyber threats.
… that we can raise awareness from an Information Security company…
… but we should be careful on how we do it.
… that the problem is not how good we are but who are we reaching with
our initiatives.
… that it is not possible to reach the masses without other society actors
like the government.
… that we ‘must start ethical computer education at a much earlier age.
We strongly believe…
24. … that it is too early to think that awareness does not work.
… that we are raising awareness in quite a good way.
… that we can do it better.
We strongly believe…
25. If you believe that, do not waste your time
discussing whether it works.