Here are one or two resources some of you might find useful and interesting.
Infragard and the Center for Information Security Awareness have a Security Awareness in the Workplace program that looks worth a closer look. It consists of 14 separate lessons addressing key information security issues "that can impact in the workplace". The free lessons are presented as web-based Flash movies. People who complete the course can also register to be examined for a certificate. This isn’t free, but a nominal $24.95 doesn’t sound unreasonable. It ain’t CISSP or a GIAC qualification, but as a reward for working on security awareness, it might be a good investment.
The US-CERT Current Activity page is a regularly updated summary of high impact security incident reports. To give you an idea of the sort of information you can find there, the current page includes:
Of course, the page gives more information than this, and includes links.
Finally, the Anti-Phishing Working Group (check the web site: some pretty useful resources there). A project I’ve just caught on to is an education initiative called the AWPG/CMU Phishing Education Landing Page program. The intention is to catch potential victims who’ve clicked on a known phish link by redirecting them to an informational web site.
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence