Security Education

Here are one or two resources some of you might find useful and interesting.

Infragard and the Center for Information Security Awareness have a Security Awareness in the Workplace program that looks worth a closer look. It consists of 14 separate lessons addressing key information security issues "that can impact in the workplace". The free lessons are presented as web-based Flash movies. People who complete the course can also register to be examined for a certificate. This isn’t free, but a nominal $24.95 doesn’t sound unreasonable. It ain’t CISSP or a GIAC qualification, but as a reward for working on security awareness, it might be a good investment.

 The US-CERT Current Activity page is a regularly updated summary of high impact security incident reports. To give you an idea of the sort of information you can find there, the current page includes:

  • May 29 VMware Releases Security Advisory
  • May 28 Microsoft Releases Security Advisory 971778
  • May 27 BlackBerry Security Advisory
  • May 26 Microsoft Releases Service Pack 2 for Windows Vista and Windows Server 2008
  • May 22 Novell Releases Updates for GroupWise
  • May 20 NSD DNS Buffer Overflow Vulnerability
  • May 20 Cisco Releases Security Advisory for CiscoWorks TFTP Vulnerability
  • May 20 Mac OS X Includes Known Vulnerable Version of Java
  • May 19 Microsoft Internet Information Services (IIS) WebDAV Request Vulnerability
  • May 18 Gumblar Malware Exploit Circulating

Of course, the page gives more information than this, and includes links.

Finally, the Anti-Phishing Working Group (check the web site: some pretty useful resources there). A project I’ve just caught on to is an education initiative called the AWPG/CMU Phishing Education Landing Page program. The intention is to catch potential victims who’ve clicked on a known phish link by redirecting them to an informational web site.

Find out more here. But don’t forget the Securing Our eCity initiative, either:

Director of Malware Intelligence


Author David Harley, ESET

Follow us

Copyright © 2017 ESET, All Rights Reserved.