...
Not reaching out to end users at the moment, but raising awareness between people from government , (those responsible for funding of the universities). During the 2 day meetings - , DFN always add security related subjects on the agenda (presentation)First reaction - . The first reaction of the participants is mainly positive, but later they claim that security is hard to get commitment Audience commitment.
The audience there is not tech
...
savvy. Maybe a demo or an exercise would help to convince them to take action.
How to speak to someone - presenting It is imporant to think about the target audience - How to present the information they need in a way they understand that they understand.
Rolf Sture (UNINETT): It would be useful to work together on generating ideas on how to communicate to the management. Perhaps the CEO Forum could contribute to this conversation and share their ideas on how to sell security to senior management?
ACTION: Sigita to investigate a possibility to schedule a VC or interview with Chris Hancock & some EU CEO.
SURFnet:
Internal Has an extensive internal security awareness campaign campaign. Theme based: confidential information, being safe on public wifi, what to do when travelling Material - travelling, etc. Materials are mainly from 'Cybersafe yourself' campaign , + testimonials of people from the organisation, videos Posters + , videos, posters, information on the intranet intranet.
To raise even more awareness, this season the campaign will Will have swag useful for the holiday season + leaflet with information information.How effective
It is
...
hard to measure how effective it is.
There are How many people are working on it - 2-3 working on preparation in the security awareness team (incl. communications person) Rolf: Communication ideas - how to talk to the management. CEO Forum - how should we communicate so that you would understand our topics, how to sell security to senior management? - maybe have a VC or interview with Chris Hancock & EU CEO- not full time though.
CERN:
Security awareness efforts ongoing since 2010: https://security.web.cern.ch/security/training/en/index.shtmlOngoing since 2010
Phishing campaigns are organised every year, around 20% people fall for it
...
. However, shortly after a campaign more people
...
report suspicious emails.
NORDUNET:
Phishing campaigns are organised every month , - the same number of people fall for it, but different persons persons.
DeiC:
Offering it Phishing campaigns as a service to the members
University of Munich - course for students on how to set up a security awareness campaign
Inventory of all initiatives + lessons learned
...
members .
David Schmitz (LRZ):
The University of Armed Forces in Munich has a course module, which includes also conduction of security awareness campaigns:
https://www.unibw.de/inf/studium/downloads/mcyb-modulhandbuch-2018.pdf/download
(Page 34 or search for "awareness", unfortunately only available in German):
"... Sie kennen die Phasen und Methoden von Security-Awareness-Kampagnen und koennen diese unter Priorisierung identifizierter Risiken fuer Organisationen konzipieren und durchfuehren. ..."
which may be translated as
"... You know the phases and methods of security awareness campaigins and can design and conduct these based on prioritization of risks for the organization. ..."
At the end of the meeting it was agreed that it would be useful to put together this and other information about the security awareness initiatives on the wiki (materials + lessons learned + contact) to create an Inventory.