skip to main content
10.1145/1940941.1940970acmotherconferencesArticle/Chapter ViewAbstractPublication PagesinfoseccdConference Proceedingsconference-collections
research-article

Training general users on the non-policy side of the IS program

Published: 01 October 2010 Publication History

Abstract

Once an information security program is put in place in an organization, the program needs to be managed and formal training needs to take place in order to get everyone to comply with the policies resulting from the program. Most of the training and education is conducted on these policies, but there is also a need to train users on some general good security practices, password management practices, access control management, and violation reporting that may not be part of the policies laid out by the information security program. This paper will focus on this aspect of the information security program training.

References

[1]
ANTI-PHISHING WORKING GROUP. 2007. Anti-Phishing Working Group. Retrieved June 27, 2010 from: http://www.antiphishing.org/
[2]
D., Sanok. 2005. An analysis of how antivirus methodologies are utilized in protecting computers from malicious code. Information Security Curriculum Development, 142--144. DOI= http://doi.acm.org/10.1145/1107622.1107655
[3]
EBAY. 2006. Spoof email tutorial. Retrieved June 27, 2010 from: http://pages.ebay.com/education/spooftutorial
[4]
FEDERAL TRADE COMMISSION. 2006. How not to get hooked by a phishing scam. Consumer alert news. http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.htm
[5]
General Services Administration, 1996. Telecommunications: Glossary of Telecommunication Terms. Retrieved June 25, 2010 from: http://www.its.bldrdoc.gov/fs-1037/other/a.pdf
[6]
"Information Security." Title 44 U. S. Code, Sec. 3542. (2008), retrieved June 28, 2010 from: http://frwebgate.access.gpo.gov/cgi-bin/usc.cgi?ACTION=RETRIEVE&FILE=¿xa¿busc44.wais&start=1050213&SIZE=2782&TYPE=TEXT
[7]
Internet Crime Complaint Center. 2009 Internet Crime Report. Available from www.ic3.gov/media/annualreport/2009_IC3Report.pdf; accessed 28 June 2010.
[8]
J., Misra, and I., Saha. 2009. A Reinforcement Model for Collaborative Security and Its Formal Analysis. New Security Paradigms Workshop, 6, 101--114. DOI= http://doi.acm.org/10.1145/1719030.1719045
[9]
M., Liron. Windows Automatic Updates. Retrieved June 28, 2010 from: http://www.updatexp.com/windows-automatic-updates.html
[10]
M., Whitman, and M. Mattord. Management of Information Security. Course Technology, Boston, 2010.
[11]
Microsoft, 2010. Create Strong Passwords. Retrieved June 28, 2010 from: http://www.microsoft.com/protect/fraud/passwords/create.aspx
[12]
Microsoft. 2010. Firewalls: Frequently Asked Questions. Retrieved June 29, 2010 from: http://www.microsoft.com/security/firewalls/faq.aspx
[13]
Microsoft. 2010. What is encryption?. Retrieved June 27, 2010 from: http://windows.microsoft.com/en-US/windows-vista/What-is-encryption
[14]
R., Richardson. 2009. CSI Computer Crime & Security Survey 2008. Retrieved June 27, 2010 from: http://i.cmpnet.com/v2.gocsi.com/pdf/CSIsurvey2008.pdf
[15]
The Chinese University of Hong Kong, 2004. The DOs & DONT's checklist for protecting your digital data. Retrieved June 30, 2010 from: http://www.cuhk.edu.hk/itsc/security/gpis/prodatac.html

Cited By

View all

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
InfoSecCD '10: 2010 Information Security Curriculum Development Conference
October 2010
187 pages
ISBN:9781450302029
DOI:10.1145/1940941
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

  • KSU - CISE: KSU Center for InfoSec Education
  • ISSA: The Metro Atlanta Information Systems Security Association

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 October 2010

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. security practices
  2. security training
  3. training
  4. training management

Qualifiers

  • Research-article

Conference

InfoSecCD '10
Sponsor:
  • KSU - CISE
  • ISSA

Acceptance Rates

Overall Acceptance Rate 18 of 23 submissions, 78%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)5
  • Downloads (Last 6 weeks)0
Reflects downloads up to 12 Feb 2025

Other Metrics

Citations

Cited By

View all

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media