Welcome to the SecAware blog

I spy with my beady eye ...

31 Mar 2016

Network security awareness

Suppose you decide, or are required, to raise awareness among your employees of the security aspects of networking. What do you want to cover? What are the main things you want to get across? 

Think about that for a moment.

Something that naturally springs to mind is IT network security, Internet security in particular. I guess you were mostly thinking about hackers, malware, firewalls, VPNs, that sort of thing, and fair enough those are certainly significant issues ... but wait, just as there’s more to information security than IT or cyber-security, there's more to network security than IT networks! 

April’s NoticeBored awareness module takes on a wider brief, including classical IT network security (TCP/IP, the Internet, portable/mobile IT devices, VOIP, VPNs and all that jazz), current IT network security challenges (particularly cloud and IoT, plus home-office/private networking), and information security aspects of other forms of networking (social networks, business networks, collaborative working and so on). 

Having said that, it is neither realistic nor necessary for the awareness program to attempt to cover the entire scope of network security in-depth this month. Several of those topics are covered individually through separate awareness modules anyway, so April’s module glosses over certain areas to delve deeper into others, all the while hinting at the full breadth of this topic and finding (we hope) unusual angles to spark employees’ imaginations.

For instance, one of the senior management briefings says (in part):
"Network security is both a technology and a business issue. More than mere information conduits, networks bind ICT (information and communications technology) systems, people, teams, departments, business units, organizations and communities together. They transport telephone conversations, emails, orders and commands around the world at the speed of light … along with viruses, hacks and online frauds. Networks have to a large extent supplanted books for the transmission of knowledge, for entertainment and social contact.  They are part of our lives."
Speaking as a former academic, long-time bookworm and library-lover, I have personally experienced the shift towards online/electronic information sources over the past 15 years or so. I vividly recall snipping/ripping articles out of industry magazines, survey reports, marketing blurb and so on at the turn of the new millennium, systematically filing them away on a wall-mounted filing system for later reference according to the information security topics. I think I still have the the now empty filing racks, their dog-eared contents having long since been recycled. During the interim/transition period, I found myself systematically filing electronic articles, clips and scans in basically the same way, on disk in directories ... but I don't even do that much today.  Instead I Google stuff, usually selecting "Posted within the past month" under the advanced search options. I still read the occasional book, but more for entertainment and contemplation than for information transfer.

Printed materials are so 20th Century. 

The network is it.  

And Google rocks.

Gary (Gary@isect.com)

PS  Am I the only one who gets intensely frustrated at those tedious PDF flip-the-page online magazines and journals?  Zooming in and out and tugging the page around on the screen just to see the bits I want to read is nuts, and goes against the grain. I guess traditional print publishers are (on the whole) still locked into the typesetting mindset, laying out the page as they want it to be, rather than what suits the reader - or rather the readers, because we're all different, as well as our screen sizes and visual acuity. Fixed typesetting is a broken and outdated paradigm, as far as I'm concerned. 

Mind you, thinking that through, I wonder whether our security awareness documents should still be designed and laid out in Word for the printed page rather than the screen? And should our seminar slide decks be sequential one-screen-at-a-time 'slides' after all, even with animated transitions and illustrations?  Hmmm, food for thought.

1 comment:

  1. Excellent blog and very important point raised. While discussing about security we tend to restrict ourselves in one aspect or another and most importantly forget to see the larger picture. As I've also associated with the server security aspects, let me share some important points here. The point I'm going to raise is regarding the data centers and mainly restricting themselves to the firewalls and anti-malware software. One thing most data centers don't give maximum focus to is the need of adequate surveillance (mainly the need of CCTVs), physical security, and limited access. Most data centers don't even maintain the six zone security formula and therefore prise open the chances of data theft. Thanks for opening a new vista of thinking regarding the network security. Kudos.