Last reviewed: October 2016
October is National Cyber Security Awareness Month! Some quick links to get you started...
- First, take a few minutes to complete this 8-question NCSAM Planning Guide worksheet (PDF or Word) to help you think about what resources and materials may be required.
- Visit our toolkits to find sample materials and free, adaptable resources: NCSAM Sample Kit, Cybersecurity Awareness Resource Library, Security Awareness Quick Start Guide, and Security Awareness Detailed Instruction Manual.
- Find a guest speaker using our Speakers Bureau.
- Download free materials at StaySafeOnline.org or Stop.Think.Connect.
- Keep reading to learn more about security awareness, why security awareness is important, critical success factors for awareness activities, National Cyber Security Awareness Month, how we plan for NCSAM, and additional resources (including links to state, regional, and international efforts).
- Make plans for a year-round security awareness and education campaign by using our annual Campus Security Awareness Campaign framework, whether you promote topics monthly or quarterly.
Wait! Are you a #CyberAware Champion Yet?
Become a Champion of National Cyber Security Awareness Month (NCSAM). It's free and easy to sign up!
2016 Campus Events & NCSAM Champions
Almost 130 institutions have signed up as NCSAM 2016 Champions so far – and there's still time to register! Also, please share your plans for 2016 activities and events with us.
- Adelphi University
- American Public University System
- American University
- A.T. Still University
- Auburn University
- Austin Peay State University
- Ball State University
- Baylor University
- Bellevue University
- Berry College
- Binghamton University
- Boise State University
- Boston College
- Brock University
- Brown University
- Bryn Mawr College
- Bucknell University
- Burman University
- Cal Poly Pomona University
- Carleton and St. Olaf Colleges
- Carleton University
- Carnegie Mellon University
- Central Washington University
- Clark University
- College of Charleston
- Columbia College
- Columbus State University
- Connecticut College
- Cornell University
- Dallas County Community College District (DCCD)
- Davidson College
- Delta College
- Drew University
- Duquesne University
- Eastern New Mexico University-Ruidoso
- Elon University
- Emporia State University
- Florida Atlantic University
- Florida State University
- Forsyth Technical Community College
- Frostburg State University
- The George Washington University
- Harper College
- Hunter College
- Indiana Tech
- Indiana University of Pennsylvania
- Ivy Tech Community College
- Jackson College
- Johns Hopkins Bloomberg School of Public Health
- Kennesaw State University
- K.J. Somaiya College of Arts, Commerce, and Science
- Lansing Community College
- Lehigh University
- Liberty University
- Longwood University
- Maricopa Community Colleges
- Marist College
- Marquette University
- Marshall University
- Millersville University
- Mount Royal University
- North Carolina State University
- North Central College
- Northeastern University
- Northern Arizona University
- Northern Virginia Community College
- Northwest Florida State College
- Norwich University
- Nova Southeastern University
- Old Dominion University
- Parkland College
- Pepperdine University
- Pinellas Technical College
- Quinnipiac University
- Radford University
- Rochester Institute of Technology
- Roosevelt University
- Rose-Hulman Institute of Technology
- Saint Joseph's University
- Saint Louis University
- Salve Regina University
- SANS Institute
- Saskatchewan Polytechnic
- Scripps Research Institute
- Smith College
- Southern New Hampshire University (SNHU)
- Spokane Falls Community College
- Stony Brook University
- SUNY Sullivan
- Swarthmore College
- Temple University
- Tennessee College of Applied Technology, Shelbyville
- Tidewater Community College
- Towson University
- University of Antelope Valley
- University of Arizona
- University of California, Davis
- University of California, Santa Cruz
- University of Central Florida
- University of Exeter
- University of Findlay
- University of Illinois at Chicago
- University of Illinois at Springfield
- University of Kentucky
- University of Memphis
- University of Nebraska at Kearney
- University of North Carolina at Chapel Hill
- University of North Carolina School of the Arts
- University of North Carolina, Wilmington
- University of North Florida
- University of Northern Colorado
- University of Phoenix
- University of Pittsburgh
- University of San Diego
- University of Tennessee Health Science Center
- University of Texas at Austin
- University of Texas Health Science Center at San Antonio
- University of Texas Rio Grande Valley
- University of Toledo
- University of Toronto
- University of Virginia
- University of Wisconsin-Stout
- Utica College
- Valparaiso University
- Vincennes University
- Walsh College
- Washington State University
- Western Illinois University
- Widener University
- Williams College
What is Cyber Security Awareness?
The Oxford English Dictionary defines awareness as "The quality or state of being aware; consciousness." Aware is defined as "Informed; cognizant; conscious; sensible."
The purpose of cyber security awareness presentations is simply to focus attention on cyber security. Awareness presentations are intended to allow individuals to recognize information technology security concerns and respond accordingly.
- The learner is the recipient of information
- The information reaches broad audiences
- Attractive packaging techniques are used
We can characterize a user's cyber security awareness level by describing it as the actions a user takes in a given security situation. Do they know about any policies governing that activity? Do they follow the policy? What happens when they are confronted by a new situation that is not addressed by the policy?
Why is Cyber Security Awareness Important?
To protect the confidentiality, integrity, and availability of information in today's highly networked systems environment requires that all individuals:
- Understand their roles and responsibilities related to the organizational mission
- Understand the organization's information technology security policy, procedures, and practices
- Have at least adequate knowledge of the various management, operational, and technical controls required and available to protect the IT resources for which they are responsible
Cyber security awareness programs impress upon users the importance of cyber security and the adverse consequences of its failure. Awareness may reinforce knowledge already gained, but its goal is to produce security behaviors that are automatic. The goal is to make "thinking security" a natural reflex for everyone in the organization. Awareness activities can build in these reflexes both for the security professional and for the everyday user.
Critical Success Factors for Awareness Activities
- They are based on the organization's policies
- They have senior management support
- The focus is on people at all levels of the organization
- They are effectively planned:
- Based on user's needs, roles, and interests
- Identifies security problems in the organization that need addressing
- They use appealing materials and methods
Awareness programs usually use repetition to reinforce desired behaviors and attitudes about security.
What is National Cyber Security Awareness Month?
National Cyber Security Awareness Month is an annual effort to increase awareness and prevention of online security problems, spearheaded by the U.S. Department of Homeland Security and the National Cyber Security Alliance (NCSA). The Higher Education Information Security Council (HEISC) promotes and participates in the annual campaign each October, joining forces with a range of organizations from the public and private sector to expand cybersecurity awareness on campuses across the country. The Higher Education Information Security Council is offering a range of programs and resources:
- NCSAM Resource Kit and NCSAM Sample Kit
- Information Security Awareness Video & Poster Contest for Students
- Cybersecurity Awareness Resource Library
- EDUCAUSE Security Awareness Resource Page
How Do We Plan for National Cyber Security Awareness Month?
The following NCSAM Planning Guide worksheet (PDF or Word) will help you to think about how your institution might go about implementing a plan to take advantage of National Cyber Security Awareness Month. You can also use the Annual Campus Security Awareness Campaign, which includes a printable 2016 calendar with monthly security awareness topics and 12 blog posts on the monthly topics with ready-made content for your campus communication channels.
Indiana University offers a NCSAM Sample Kit with creative materials based on a 1950's horror theme, and outlines plans for their use that you can adapt to your institution's needs quickly. With a bit of a printing budget (or your own high quality printer) and some coordination, you can pick and choose which materials will best help you to increase your community's security awareness. Some of the materials are even provided in Spanish! These materials were created and used at Indiana University for National Cyber Security Awareness Month 2005. Indiana University grants permission for non-profit educational use, as long as the credit line and the copyright statement remain on the materials.
Cal Poly Pomona's 2007 presentation describes the development of their Cyber Security Fair in great detail. Tips for starting your own cyber security fair are offered on such topics as determining the target audience, structuring the event, developing a support network, selecting presentation topics & speakers, as well as the associated costs.
The winning posters and videos from previous Information Security Awareness Video & Poster Contests are available for use in campus security awareness campaigns during student orientation, National Cyber Security Awareness Month, Data Privacy Day, and throughout the year. 
Note: Videos are also available to view on the HEISC YouTube Channel. Posters can be found on the HEISC Facebook page or Pinterest page.
If your group or institution would be interested in a presentation from an information security or privacy expert, please see our Speakers Bureau. You could also use your LinkedIn connections to invite a local, regional, or national speaker to a campus event.
Note: Data Privacy Day occurs each year on January 28. Think about how you might use NCSAM resources to promote this international celebration on your campus, too.
Resources
- "Building an Information Technology Security Awareness and Training Program," National Institute of Standards and Technology Special Publication 800-50, Oct. 14, 2003
- "Developing Security Education and Awareness Programs" by Shirley Payne
- DHS Stop.Think.Connect. campaign and the Stop.Think.Connect. Resource Guide
- ICANN Security Awareness Resource Locator and Security Terminology blog
- Indiana University Privacy and Security Posters
- MS-ISAC (Multi-State Information Sharing and Analysis Center) 2015 National Cyber Security Awareness Month Toolkit
- NCSA Resources
- NCSAM Planning Guide worksheet (PDF or Word)
- OnGuard Online
- Presidential Proclamation: National Cybersecurity Awareness Month, 2015
- SANS Securing The Human NCSAM resources
State and Regional Efforts
International Efforts
- Australia: Stay Smart Online is the Australian Government's online safety and security website.
- Canada: Get Cyber Safe is Canada's national public awareness campaign about cyber security and online safety.
- Europe: European Cyber Security Month is an EU advocacy campaign that takes place in October.
- South Africa: The South African Cyber Security Academic Alliance includes academic research groups from several institutions.
Questions or comments? Contact us.
Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).