Author :
Endicott-Popovsky, Barbara ; Orton, Ivan ; Bailey, Kirk ; Frincke, Deb
Abstract :
NIST special publication 800-50 outlines standards for the development and implementation of security awareness training by Wilson, M. and Hash, J. (2003). Recognizing that the "peoplefactor" is the weakest link, NIST recommends that all users of any information system be made aware of their roles and responsibilities in maintaining security by Wilson, M. and Hash, J. (2003). Further, to be effective, any awareness event should be designed for the intended audience, built around a message and desired outcomes and gain attention by Wilson, M. and Hash, J. (2003). Such a security awareness event was conducted for the business community leadership in Seattle, Washington. The purpose was to alert them to the risks of identity theft through misuse of online search engines. The means adopted for focusing attention, was a Google-hacking contest. Based on observations of this trial, the authors suggest that a security awareness program, based on NIST standards, can be effective, not only for organizations, but for specifically defined communities, as well. This paper describes the event, the outcomes and the authors\´ conclusions. The approach presented in this paper could be repeatable in any community for a variety of purposes.
Keywords :
Internet; computer science education; information systems; search engines; security of data; standards; training; Google hacking contest; NIST standards; business community leadership; community security awareness training; information system; online search engines; security maintenance; Cities and towns; Credit cards; Data security; IP networks; Information security; Kirk field collapse effect; Management training; National security; Search engines; Standards development;
