Episode VI: How to create a security awareness and education program

Here you'll find the latest installment of Bill Kirkendale's Fractured Security Tales.

Sir Jack had a light bulb beaming in his head. It was burning brighter than the new morning light shining over the horns of the gargoyle outside his eastern window. He quickly sought out his quill and his quire.

Well educated and with a mind that was nimble and quick, Jack was also street smart. He had taken his lumps (fallen down, broke his crown), been burned (pesky candlestick) and climbed to enormous heights (beanstalk). That special combination would serve Sir Jack well in creating an unrivaled and unprecedented security awareness and education program that he could, eventually, even license to other kingdoms.

Jack knew that his program would need to be comprehensive, ongoing and tailored to each audience. There were the high royals who cared little about logs and firewalls and cared only about the bottom line and fine wine.

Dukes, maidens, barons and earls, held accountable for the activity of their burgesses, peasants, serfs and contract personnel, had a vested interest in facilitating responsible behavior.

Noble system administrators and desktop support folks were a different audience altogether. Their training would be focused more on daily tasks, handling incidents and being able to recognize compromising configurations, activity and/or sticky notes. And, of course, special arrangements would be set to provide personal training for Princess Bloomie, who'd had serious problems with security in the past.

This was not going to be Security 101 or 400, for that matter. To Jack, catch phrases were passe. Flyers should take a flier. CBT was as good as DOA. No, Jack was convinced that people's attentions would be best captured and their habits best formed by telling a story. A story that mimicked their world so they could relate, humor their souls so they would recall and command their respect so they would follow.

The tedium of how and why would be replaced with reason and common sense. The program would impart the consequences of noncompliance and neglect, in equal proportion to the benefits of adherence and attention to detail. Additionally, a "security-conscientious subject of the month" parking space would be provisioned and awarded.

For the next 40 days and 40 nights the fine, forward-thinking fellow fabricated a fanciful and fervent framework for familiarizing all the folk of the fatherland. When he emerged with his works and returned to the castle NOC, he was not a minute too soon for Sir Pokeahole.

Sir Pokeahole, who discovered and remediated vulnerabilities and threats daily, was convinced that user awareness would make his life easier. "Sir Jack! Your presence is most welcome. We are besieged by the curse of the evil "11 Uns of Oblivion" and need your program ASAP!!"

The "11 Uns" were furtively thought to be a spell cast upon the kingdom by a scorned former royal intern. They were as follows: unacquainted, unconcerned, unconscious, unenlightened, unfamiliar, uninformed, uninstructed, unknowing, unmindful, unsuspecting and unwitting. "Don't you worry" said Jack. "The 'Uns' are toast!"

Sir Pokeahole was glad to have that hole plugged so he could turn his sights on the ever-increasing holes of a more tangible nature. He would call in Dame Domaine to help formulate a plan to seek out and plug every weakness and every hole.

About the author
Bill Kirkendale, CISSP, has been an IT professional for 14 years and is a former United States Marine. He is a senior consultant at BearingPoint.

Last episode: To be enumerated or fumigated: That is the question
Next episode: The "hole plugging" problem is...that there's not enough King's horses, not enough King's men to make Impervious impervious again!

This was first published in May 2004

Dig deeper on Security Awareness Training and Internal Threats-Information

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close