Episode VI: How to create a security awareness and education program

Sir Jack had a light bulb beaming in his head. It was burning brighter than the new morning light shining over the horns of the gargoyle outside his eastern window. He quickly sought out his quill and his quire.

Well educated and with a mind that was nimble and quick, Jack was also street smart. He had taken his lumps (fallen down, broke his crown), been burned (pesky candlestick) and climbed to enormous heights (beanstalk). That special combination would serve Sir Jack well in creating an unrivaled and unprecedented security awareness and education program that he could, eventually, even license to other kingdoms.

Jack knew that his program would need to be comprehensive, ongoing and tailored to each audience. There were the high royals who cared little about logs and firewalls and cared only about the bottom line and fine wine.

Dukes, maidens, barons and earls, held accountable for the activity of their burgesses, peasants, serfs and contract personnel, had a vested interest in facilitating responsible behavior.

Noble system administrators and desktop support folks were a different audience altogether. Their training would be focused more on daily tasks, handling incidents and being able to recognize compromising configurations, activity and/or sticky notes. And, of course, special arrangements would be set to provide personal training for Princess Bloomie, who'd had serious problems with security in the past.

This was not going to be Security 101 or

    Requires Free Membership to View

400, for that matter. To Jack, catch phrases were passe. Flyers should take a flier. CBT was as good as DOA. No, Jack was convinced that people's attentions would be best captured and their habits best formed by telling a story. A story that mimicked their world so they could relate, humor their souls so they would recall and command their respect so they would follow.

The tedium of how and why would be replaced with reason and common sense. The program would impart the consequences of noncompliance and neglect, in equal proportion to the benefits of adherence and attention to detail. Additionally, a "security-conscientious subject of the month" parking space would be provisioned and awarded.

For the next 40 days and 40 nights the fine, forward-thinking fellow fabricated a fanciful and fervent framework for familiarizing all the folk of the fatherland. When he emerged with his works and returned to the castle NOC, he was not a minute too soon for Sir Pokeahole.

Sir Pokeahole, who discovered and remediated vulnerabilities and threats daily, was convinced that user awareness would make his life easier. "Sir Jack! Your presence is most welcome. We are besieged by the curse of the evil "11 Uns of Oblivion" and need your program ASAP!!"

The "11 Uns" were furtively thought to be a spell cast upon the kingdom by a scorned former royal intern. They were as follows: unacquainted, unconcerned, unconscious, unenlightened, unfamiliar, uninformed, uninstructed, unknowing, unmindful, unsuspecting and unwitting. "Don't you worry" said Jack. "The 'Uns' are toast!"

Sir Pokeahole was glad to have that hole plugged so he could turn his sights on the ever-increasing holes of a more tangible nature. He would call in Dame Domaine to help formulate a plan to seek out and plug every weakness and every hole.

About the author
Bill Kirkendale, CISSP, has been an IT professional for 14 years and is a former United States Marine. He is a senior consultant at BearingPoint.

Last episode: To be enumerated or fumigated: That is the question
Next episode: The "hole plugging" problem is...that there's not enough King's horses, not enough King's men to make Impervious impervious again!

This was first published in May 2004

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.