Welcome to NBlog, the NoticeBored blog

I may meander but I'm exploring, not lost

Feb 4, 2017

28 days of awareness: day 3

We made slow progress again today.

One of our regular monthly deliverables is a puzzle of some kind. We used to generate crosswords. About a year back we changed to word-search grids instead. The goal is the same either way: to give people a fun challenge and, hopefully, teach them a few new information security related words or terms in the process. We maintain a library of infosec word lists, so it's easy to dig out the malware word list from the last time the malware module was updated ... but things have moved on since then, which means we need to revise the file ... which involves searching for new terms. 

Another of our other regular deliverables is an infosec glossary, a surprisingly useful document that is actively maintained. Every month we work systematically through it, adding or updating the terms and definitions and highlighting whichever entries are relevant to the particular awareness topic. Here's an extract:

All those underlined words are hyperlinks to the corresponding definitions, enabling the reader to explore the subject in the same way as browsing a thesaurus. I just checked: the glossary currently has 278 pages with 1,800 definitions, an average of about 10 hyperlinks each making something like 18,000 hyperlinks in total! It takes hours to check and update the glossary each month but it's worth it as part of the creative process. It stimulates us to consider the topic from different angles and trawl the Web for anything new in the field. It's also a prompt to update the word lists.

Talking of new stuff on the Web, Deborah sent me a link to yet another sorry tale about an organization hit by ransomware - this one a local council that lost a stack of official documentation. The managed to save the data on some of their systems, though, so it's not quite as depressing as most ransomware incidents. That URL is now bookmarked along with others we've been collecting, ready to pick out quotable content for awareness purposes.

We're still thinking about poster ideas and themes for the module. Ransomware and phishing are candidates, for sure, but it would be good to think of something more original, more topical, hotter.


← Day before               Day after