Sign up to our newsletter
The latest security news direct to your inbox
Here are one or two resources some of you might find useful and interesting.
Infragard and the Center for Information Security Awareness have a Security Awareness in the Workplace program that looks worth a closer look. It consists of 14 separate lessons addressing key information security issues "that can impact in the workplace". The free lessons are presented as web-based Flash movies. People who complete the course can also register to be examined for a certificate. This isn’t free, but a nominal $24.95 doesn’t sound unreasonable. It ain’t CISSP or a GIAC qualification, but as a reward for working on security awareness, it might be a good investment.
The US-CERT Current Activity page is a regularly updated summary of high impact security incident reports. To give you an idea of the sort of information you can find there, the current page includes:
Of course, the page gives more information than this, and includes links.
Finally, the Anti-Phishing Working Group (check the web site: some pretty useful resources there). A project I’ve just caught on to is an education initiative called the AWPG/CMU Phishing Education Landing Page program. The intention is to catch potential victims who’ve clicked on a known phish link by redirecting them to an informational web site.
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
Author David Harley, ESET