NETWORK WORLD NEWSLETTER: M. E. KABAY ON SECURITY 08/17/04 Today's focus: Security-awareness programs can be imaginative and fun
Dear [EMAIL PROTECTED], In this issue: * Innovative ways to reinforce information security * Links related to Security * Featured reader resource _______________________________________________________________ This newsletter is sponsored by SafeNet Network Security Webinar - "How To Integrate High-Performance IPS Systems Into Next-Generation Network Appliances" Join the security experts from SafeNet and Frost & Sullivan on August 19 at 1:00 PM (Eastern), and learn how to integrate advanced IPS and firewall systems into your ASICs, network processors, and appliances to provide powerful yet cost-effective network protection solutions. Register now: http://www.fattail.com/redir/redirect.asp?CID=72642 _______________________________________________________________ Weekly Webcast Newsletter The weekly Webcast Newsletter brings you information on webcasts available on NW Fusion - your 24/7 source for the latest solutions and strategies, complete with links, resources, and the personal answers you need. Covering vital topics like security, applications, wireless, and more, our webcasts are highly focused, single-topic briefings from experts in technology. Sign up today! http://www.fattail.com/redir/redirect.asp?CID=72478 _______________________________________________________________ Today's focus: Security-awareness programs can be imaginative and fun By M. E. Kabay Keeping employees committed to information security is tough. The fundamental problem is that the better our security, the less evidence we have to reinforce it. As weeks and months go by with no security incidents, employees unconsciously reduce compliance with security rules. This natural process is called extinguishment and is well known to behavioral psychologists. To overcome extinguishment, we need reinforcement, and that's where security awareness programs can use imagination and fun. In an information security class in 1993, a student told me about an interesting experiment she had carried out at a large company. Employees were not following company policy about logging off the mainframe systems, and the open sessions were interfering with operations by holding databases open and preventing proper backups. In some cases, operators were able to terminate the sessions remotely, but in others they couldn't. Haranguing people didn't work. You could force employees to contact technical services for a new password, require them to discuss their errors with their managers, and otherwise try to punish them but the compliance rate hovered consistently around 40%. My student did an experiment. She went around at night and found all the terminals in a specific department that were logged off properly. On the keyboards, she left a little chocolate wrapped in silver foil. There was no explanation for the chocolate. At the end of the month, she found that compliance with the logoff policy had climbed to around 80% in that department but remained at 40% elsewhere. Praise and reward can be more powerful than punishment in changing behavior. Talk to any dog trainer for confirmation. My friend and colleague K Rudolph (and yes, she uses the letter K without a period as her first name) of Native Intelligence, is a specialist in making security awareness fun. She has a huge collection of security-awareness materials that are directly in line with the observation that making compliance pleasant is a better approach than focusing on criticism and punishment. You can start with a series of free and very cute, colorful coupons from <http://nativeintelligence.com/freebies/caught-coupons.aspx> These all have a nautical theme with the word "CAUGHT!" with a charming creature such as a crab, an octopus, a dolphin and so on followed by something good; e.g., * Refusing to allow someone to tailgate on your access badge. * Asking for help with security. * Challenging an unknown person in your area. * Verifying that someone requesting information has a need to know. * Using a locking screensaver. * Properly disposing of sensitive media. * Refusing to share your password. You can print these yourself from the PDF files or just buy them on thick card stock. Native Intelligence also has an enormous collection (88 at last count) of security-awareness posters at <http://nativeintelligence.com/posters/security-posters.asp> For example, one of my favorites is, "Passwords are like bubblegum: strongest when fresh; should be used by an individual, not a group; if left laying around, will create a sticky mess." Many of the posters have charming cartoon animals such as dinosaurs, snails, raccoons and rabbits. One poster reads: "You OTTER backup your files!" and has a furry little critter on his back contemplating a floppy disk. There is also a series of 14 posters designed to improve HIPAA compliance ( <http://nativeintelligence.com/posters/hipaa-posters.asp> ). Native Intelligence also offers several Web-based awareness courses: Security Awareness, Classified Data Basics and Personnel Safety. Details are on the Web site at <http://nativeintelligence.com/courses/index.aspx> * * * Note: I have no financial involvement whatever with Native Intelligence's courses and posters. However, K and her team are currently working with me on an improved and fully illustrated version of my Cybersafety booklet; the old version is still available free at <http://www2.norwich.edu/mkabay/cyberwatch/cybersafety.pdf> RELATED EDITORIAL LINKS Windows users put on defensive by SP2 Network World, 08/16/04 http://www.nwfusion.com/news/2004/081604xpsp.html McAfee upgrades security management software Network World, 08/16/04 http://www.nwfusion.com/news/2004/081604epo.html Alcatel switches gain security support Network World, 08/16/04 http://www.nwfusion.com/news/2004/081604alcatel.html Vendors target remote-access security Network World, 08/16/04 http://www.nwfusion.com/news/2004/0816juniper.html _______________________________________________________________ To contact: M. E. Kabay M. E. Kabay, Ph.D., CISSP, is Associate Professor in the Division of Business and Management at Norwich University in Northfield, Vt. Mich can be reached by e-mail <mailto:[EMAIL PROTECTED]> and his Web site <http://www2.norwich.edu/mkabay/index.htm>. _______________________________________________________________ This newsletter is sponsored by SafeNet Network Security Webinar - "How To Integrate High-Performance IPS Systems Into Next-Generation Network Appliances" Join the security experts from SafeNet and Frost & Sullivan on August 19 at 1:00 PM (Eastern), and learn how to integrate advanced IPS and firewall systems into your ASICs, network processors, and appliances to provide powerful yet cost-effective network protection solutions. Register now: http://www.fattail.com/redir/redirect.asp?CID=72641 _______________________________________________________________ ARCHIVE LINKS Archive of the Security newsletter: http://www.nwfusion.com/newsletters/sec/index.html Breaking security news: http://www.nwfusion.com/topics/security.html _______________________________________________________________ "Having It All" Through Successful Network Configuration Management (NCM) Successfully manage complex, distributed networks. Eliminate manual configuration errors. Improve network reliability. Join this exclusive webcast, "Success with Network Configuration Management," to learn more. http://www.fattail.com/redir/redirect.asp?CID=72479 _______________________________________________________________ FEATURED READER RESOURCE WONDERING IF YOUR PAY IS UP TO SNUFF? Check out Network World's 2004 Salary Calculator to see if you're getting paid what you're worth. Using data collected in the 2004 Network World Salary Survey, we've programmed this calculator with several categories that could affect your pay. Answer the questions and find out what the average salary is for your job category. Click here: <http://www.nwfusion.com/salary/2004/calculator.html> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED] ------------------------ Yahoo! Groups Sponsor --------------------~--> $9.95 domain names from Yahoo!. Register anything. http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/BCfwlB/TM --------------------------------------------------------------------~-> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/kumpulan/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
