Introduction to Symantec Corporate Security Awareness Program

Article:TECH101119  |  Created: 2005-01-08  |  Updated: 2005-01-18  |  Article URL http://www.symantec.com/docs/TECH101119
Article Type
Technical Solution


Environment

Issue



This document provides an introduction to the Symantec Corporate Security Awareness Program and its features.


Solution



Overview
  • The Symantec Corporate Security Awareness Program is a collection of tools that are designed to train corporate employees to be aware of and to practice good corporate security procedures.
  • The Corporate Security Awareness Program is organized into a series of Security Awareness Campaigns. These are designed to be released to your employees over the course of one year.
  • The campaign topics flow in a logical sequence to most effectively build security knowledge in the work force. The constant delivery of security messages over a 12-month period is designed to boost retention and to encourage appropriate employee behavior.
  • The Symantec Corporate Security Awareness Program uses an innovative communication method to engage the work force on multiple intellectual levels over a long period of time. This approach provides the best opportunity for improved security to become part of the organization's culture and provides long-lasting benefits for your company.


Elements of the Corporate Security Awareness Program
The Symantec Corporate Security Awareness Program provides a complete set of tools to implement a comprehensive, measurable, and sustained employee Security Awareness Campaign.

The following are the primary elements of the Corporate Security Awareness Program:
  • Technology-based training (TBT)
    The technology-based training (TBT) is the foundation of the Corporate Security Awareness Program. It consists of 11 modules that you make available to the work force on a suggested interval of four weeks. This ensures that your employees can participate in the TBT without disrupting their regular work responsibilities. The TBT is designed to provide employees with the information that they need to know to better protect your company's information assets. This element both helps employees to see how they can contribute to overall corporate security and it also explains why they should contribute. Through this approach, your company's employees see where they fit in to supporting the overall security strategy.
  • Pamphlets
    Pamphlets are provided on the Print Files CD for distribution to your work force as a reminder of the messages that the TBT conveys. Your company's work force can retain the pamphlet in a handy location for future reference.
  • Information Cards
    These information cards, which are provided on the Print Files CD, have bulleted reminders statements on them to help the work force remember the key messages in the campaign. These cards can be hung on walls or used with the recommended windowed mouse pad. See Chapter 5 of the Symantec Corporate Security Awareness Program Implementation Guide for further information on recommended materials.
  • Posters
    Posters are provided on the Print Files CD to use with the specific awareness campaigns to gain attention and re-emphasize the campaign's messages. Place these colorful and eye-catching posters at strategic points within the company.
  • Tools CD
    The Tools CD contains an electronic version of the Symantec Corporate Security Awareness Program Implementation Guide and other tools to help you to implement this program, such as a sample announcement letter.
  • Job aids
    The last element in the program is the use of recommended job aids. These are promotional items that were chosen and recommended to reinforce the campaign messages. These include pens, notepads and buttons with security reminders printed on them. Job aids are another way to remind the employees of their responsibilities in protecting the company's information assets. For more information on how to use the recommended items, read Chapter 5 of the Symantec Corporate Security Awareness Program Implementation Guide.
Corporate Security Awareness Program campaigns
The Corporate Security Awareness Program provides twelve campaigns to address important security topics. The campaigns are designed to be delivered over the course of one year. Each campaign addresses a different area of corporate security, and the topics follow a logical sequence to build security awareness among your employees.
  • Announcement Campaign
    The Announcement Campaign for the Corporate Security Awareness Program introduces the new programs to the enterprise work force. It is designed to generate interest and build anticipation for the campaigns that will follow.
  • Protecting Company Information
    This campaign communicates the need to protect business information and the precautions that the work force should take to properly protect vital corporate information. The foundation of this campaign is a technology-based training module and a pamphlet to be used for future reference, as well as recommended job aids. The recommended job aid for this campaign is a "windowed" mouse pad. Employees can place information cards from each of the following campaigns in the window. Different cards will be distributed for subsequent security topics throughout the year-long awareness campaign, each featuring a printed message that reinforces a key security concept for that topic.
  • Social Engineering
    This campaign makes the work force aware of various social engineering ploys, how they are implemented, why they are implemented, and ways to avoid them. The foundation of this campaign is a technology-based training module and a pamphlet to be used for future reference, as well as job aids. The standard job aid for this campaign is an information card that can be used with the recommended job aid from campaign 2 (the mouse pad), with a message that reinforces a key point of the Social Engineering Awareness Campaign. In addition to the information card, the campaign recommends a retractable badge holder for the work force to use to help discourage some of the social engineering ploys described in the campaign.
  • Mobile/Remote Worker Security
    This campaign discusses the risks associated with working remotely (out of the traditional office environment) and the precautions to protect the company's information while working in this environment. The foundation of this campaign is a technology-based training module and a pamphlet to be used for future reference, as well as job aids. The standard job aid for this campaign is an information card for the recommended job aid, the mouse pad, with a message that reinforces a key point of the awareness campaign. In addition to the information card, the campaign recommends a luggage tag with a security reminder imprinted on it.
  • Virus Protection
    This campaign educates the work force on computer viruses, Trojan horses and worms, and recommended best practices to reduce the risk of infection. The foundation of this campaign is a technology-based training module and a pamphlet to be used for future reference, as well as job aids. The standard job aid for this campaign is an information card for the recommended job aid, the mouse pad, with a message that reinforces a key point of the Virus Protection Awareness Campaign. In addition to the information card, Symantec provides electronic copies of posters that you can print and hang at strategic locations within the company's facilities.
  • Password Protection
    The Password Protection campaign informs the work force why passwords are so important, how to create "strong" passwords, and best practices for password use. The foundation of this campaign is a technology-based training module and a pamphlet to be used for future reference, as well as job aids. The standard job aid for this campaign is an information card for the recommended job aid, the mouse pad, with a message that reinforces a key point of the Password Protection Awareness Campaign. In addition to the information card, the campaign recommends note pads that have "Don't write your Password Here" imprinted on them to remind the work force of good password practices.
  • Web Browser Security
    This campaign informs the work force of the risks associated with using a Web browser to surf the Internet and provides precautions to be taken to reduce the risks. The foundation of this campaign is a technology-based training module and a pamphlet to be used for future reference, as well as job aids. The standard or additional job aid for this campaign is an information card for the recommended job aid, the mouse pad, with a message that reinforces a key point of the Web Browser Security Awareness Campaign. In addition to the information card, the campaign recommends buttons for the work force to wear or collect that have "I practice safe surfing" imprinted on them.
  • Email Security
    This campaign informs the work force of proper email etiquette and reminds them of the risks of virus infection from email attachments. The foundation of this campaign is a technology-based training module and a pamphlet to be used for future reference, as well as job aids. The standard or additional job aid for this campaign is an information card for the recommended job aid, the mouse pad, with a message that reinforces a key point of the Email Security Awareness Campaign. In addition to the information card, the campaign recommends lollipops with the message "Don't open attachments from strangers. Beware of email bearing gifts. When in doubt, scan it." Lastly, Symantec provides electronic copies of posters for you to print and hang at strategic locations within the company's facilities.
  • Instant Messaging Security
    The Instant Messaging Security campaign explains some of the risks associated with instant messaging (IM) communications tools and provides precautions that should be applied to ensure that IM does not jeopardize confidential information.The foundation of this campaign is a technology-based training module and a pamphlet to be used for future reference, as well as job aids. The standard or additional job aid for this campaign is an information card for the recommended job aid, the mouse pad, with a message that reinforces a key point of the Instant Messaging Security Awareness Campaign.
  • Telephone Security
    This campaign communicates the importance of telephone security, the severity of telephone fraud, and security best practices to reduce the risks associated with telephone fraud. The foundation of this campaign is a technology-based training module and a pamphlet to be used for future reference, as well as job aids. The standard or additional job aid for this campaign is an information card for the recommended job aid, the mouse pad, with a message that reinforces a key point of the Telephone Security campaign.
  • Laptop/PDA (Personal Digital Assistant) Security
    This campaign makes the work force aware of the risks associated with the use of laptops and PDAs, and provides ways to reduce those risks. The foundation of this campaign is a technology-based training module and a pamphlet to be used for future reference, as well as job aids. The standard or additional job aid for this campaign is an information card for the recommended job aid, the mouse pad, with a message that reinforces a key point of the campaign. In addition to the information card, Symantec provides electronic copies of posters that you can print and hang at strategic locations within the company's facilities.
  • Year End Event
    It is important for the enterprise to retain the work force's interest in security for the long term and to measure the message retention. Therefore, a "Year End Event" is delivered at the end of the Security Awareness Campaign to reinvigorate and sustain excitement for security awareness. Many companies choose International Computer Security Day, which is held on the last Friday in November. Other companies select their own date and may observe this event for a week or a month.This campaign consists of a contest that incorporates key messages from the previous 10 campaigns. The work force is able to participate in an online quiz that tests and rates their security awareness knowledge based on their passing quiz score, thus providing you the measurement of the message retention. Upon completing the quiz, participants can enter their names into a raffle to win a prize, such as a pen set.







Legacy ID



2005030808473248


Article URL http://www.symantec.com/docs/TECH101119


Terms of use for this information are found in Legal Notices