Security Education, Awareness and Training: From Theory to Practice

For almost three decades now, security educators have worried and fussed over the vulnerabilities to organizational assets created by this wonderful, new-fangled electronic age. Computers are everywhere, it seems, having moved out of those air-conditioned, vaultlike rooms in the basement to perch on everyone's desks and even keep our organization's travelers company in their hotel rooms and cramped airplane seats. We've done a lot of work eliminating vulnerabilities and combating threats, but we haven't spent nearly enough time exploiting the opportunities particularly the opportunities a computerized environment presents for security education.
This chapter is going to provide a hodgepodge of ideas for you to think about as you decide how to exploit those opportunities. A few of them might be just the ticket for your security education program; others may be completely worthless. It all depends on how computers fit into the life of your organization. As we go through the list, we'll assume that the folks reading this book are a typical mix of security professionals. Some of you are probably genuine experts on computers; others barely know how to turn the gadgets on. Many of you are perfectly comfortable whizzing around the electronic world; others try to avoid those horridly complicated machines as much as they can. Some of you work in organizations where just about everyone uses computers constantly and zips around the Internet at will; others work in organizations where only a few people, in a few parts of the activity, use computers at...