Tuesday, May 31, 2011

Getting the IT security word out there to the rest of the world

Src: http://goo.gl/X2OQG

Published: 2011-05-31,
Last Updated: 2011-05-31 14:15:31 UTC
by Chris Mohan (Version: 1)



Here in Australia we're in the middle of National Cyber Security Awareness Week [1], which is an Australian Government initiative to help spread the word about the security issues faced every day by those using technology.  It’s a shame I’ve only just found out about this now as I would have been letting as many people know as possible this was on and herding them to sitting in or be part of the events. The IT security community needs to get everyone, including itself, to good quality, relevant talks, presentations and debates on what’s happening in and around IT security.
I'm a firm believer that the more informed people are in what the problems and risks are facing us using technology, the better off we’ll all be. Of course the information has to be in a clear, concise and non-jargon polluted manner to be digestible to the non-technical folk to make it relevant and actionable. Having someone other than you communicate what IT security is all about and why it’s important can help push others to believing you're not some crazy person making this stuff up, because, to most, some of the cyber attacks that take place today can seem to be the stuff of sci-fi movie plots
If you don’t believe user awareness is a key defence measure, then you might be one of those charming sales folk attempting to sell me the next Big Thing to protect my company from EVERYTHING bad*. If you haven't already read Kevin Liston's recent Diary entry, Managing CVE-0 [2], take a moment and go read it. Attackers will continue to innovate on getting us humans to unknowingly bypassing technological safeguard measures the defenders have put in place, as this blog piece from Sophos lab shows [3]. 
Find good quality events to send out your management, co-workers and friends and family to learn from someone else why it’s important to understand at least the basics of IT security principles. From vendor events to talks at retirement homes or schools, match up the ability level of the talk to the attendee. Spare a though for having likeminded people in the audience as those attending in order put them to their comfort zone, so don’t send your Grandmother off to a meeting filled with CEO’s. If you can’t find event to send them to, offer them easy to understand tips on keeping safe. SANS’ tip of the day site [4] is a marvellous place to harvest tips from.
Nothing written here is earth shattering or ground breaking, but I feel a bit miffed when I miss an opportunity to get others to see for themselves why IT security has to be understood and practiced by everyone, especially if it's a free event. If events like National Cyber Security Awareness Week are coming up in your area, use whatever medium – be it social media to bits of coloured paper stuck on the wall -  to let everyone, including your fellow IT security professionals, know it's happening ahead of time. I know I won’t be the only gratefully one if you do. 
*Well, apart from all the stuff it doesn’t protect you from. You do get a soft toy, badge and pen that breaks after 20 uses included in the price. Support and maintain is extra. Yes, we told you up front. Well, it was in the fine print. On the back of the page we didn’t send you the first eight times you asked. Perhaps cyber mutant chickens ate the fax with those details then. Oh and our product doesn’t protect against those cyber mutant chickens either. That’s just silly. Our Executive deluxe add-on widget does that. It's an additional cost. When do you want sign the contract? 
Chris Mohan --- Internet Storm Center Handler on Duty - http://goo.gl/X2OQG