October is National Cyber Security Awareness Month! Some quick links to get you started...
- Read this blog post so you don't have to start your plans from scratch! Let's Get Ready for NCSAM 2014.
- View related resources including the NCSAM Sample Kit, Cybersecurity Awareness Resource Library, Security Awareness Quick Start Guide, and Security Awareness Detailed Instruction Manual.
- Find a guest speaker using our Speakers Bureau.
- Get involved in the Stop.Think.Connect. awareness campaign.
- Become a NCSAM Champion. It's free and easy to sign up. You'll also find free materials at StaySafeOnline.org, including this handy "Ways to Get Involved" infographic.
- Data Privacy Day occurs each year on January 28. Think about how you might use NCSAM resources to promote this international celebration on your campus, too. (Details about 2015 activities will be available in the fall.)
We are currently updating the list below with 2014 activities. Please let us know about your campus plans! (In 2013, over 190 higher education institutions hosted NCSAM campus events!)
Also on this page: What is Cyber Security Awareness?, Why is Cyber Security Awareness Important?, Critical Success Factors for Awareness Activities, What is National Cyber Security Awareness Month?, How Do We Plan for NCSAM?, and additional Resources (including links to state/regional and international efforts).
2014 Campus Events
Below is a list of almost 200 campuses supporting NCSAM 2014 with activities and events.. Please continue to share the URL or plans for your NCSAM-related initiatives with the participants of the Security Discussion Group or send an e-mail to: security-council@educause.edu. You can also see a list of colleges and universities that have signed up as NCSAM Champions at StaySafeOnline.org.
- Adams State University
- Adelphi University: The Office of IT will focus on how to protect your identity and files online. Posters on the security home page were designed by two Adelphi students.
- Algonquin College
- American University
- Anne Arundel Community College
- Appalachian State University
- Arizona State University
- Armstrong State University
- A.T. Still University
- Auburn University: This year's theme is "One Phish, Two Phish, Scammed Phish, Duped Phish" and Auburn provides posters, web graphics, a screensaver, and a t-shirt design, as well as information about phishing (warning signs, examples, how to avoid becoming a victim, using a phishing filter, and how to report suspicious e-mails). Promotional materials for their previous campaigns (2007-2013) are also available.
- Ball State University
- Baylor University
- Boise State University
- Boston College: Students who complete an online cyber security quiz will be entered to win a drawing to win a BC Bookstore gift card.
- Boston University: Hosting the 4th annual Information Security Awareness Week, October 6-10. Activities include free shred events, security tips and tweets, and online resources.
- Bridgewater College
- Brown University: Screening the film Code 2600, as well as offering three Brown Bags throughout the month and appearing at the "Be Safe Brown!" Campus Safety Resource Fair. The Information Security Group will also focus its efforts on phishing with a month-long theme of SPOT the Phish to STOP the Phish, part of Brown's new Phish Bowl campaign.
- Bryn Mawr College: Hosting the first ever Cyber Ninja Challenge, a campus-wide online quiz game focusing on information security topics. They are asking community members to sign a Pledge for Information Security, which lists best practices and other tips for keeping themselves and others safe online and beyond. They are also giving away toothbrushes engraved with the slogan, "Passwords and toothbrushes. Don't Share. Be Aware." All month long, they'll be posting InfoSec tips and resources on Bryn Mawr's Information Services' Facebook and Twitter accounts, including this video featuring staff and student actors that encourages folks to "take a closer look" to avoid falling victim to Phishing emails.
- Bucknell University: Sharing blogs and resources throughout the month.
- Butler University
- Cal Poly Pomona University: Hosting the 9th annual Cyber Security Fair with the theme "Don't Be a Target" with an emphasis on women in cybersecurity. The event includes a poster contest, along with presentations and hands-on hacking workshops. (October 23, 2014 in Pomona, CA)
- California State University: Partners with DHS through the Stop.Think.Connect. program by co-branding materials with the STC logo, handing out pins and posters, and offering some brown bag lunch events. The "It's Just Lunch" efforts have been very successful. Staff are invited to "speed date" the Information Security Team by rotating through tables in small groups with 5-7 mini presentations on topics such as phishing, SQL injection (for the layperson), and cyberbullying.
- California State University, Channel Islands
- California State University, Sacramento
- Cape Fear Community College
- Capella University
- Capitol College
- Cardinal Stritch University
- Carnegie Mellon University
- Case Western Reserve University
- CBT College
- Central Michigan University
- Chippewa Valley Technical College
- Cincinnati State Technical and Community College
- Clemson University
- Coahoma Community College
- Colorado School of Mines
- Columbus State University
- Community College of Rhode Island: Offering a free campus event on October 30: "Building a Culture of Security Awareness."
- Cornell University
- Dartmouth College
- Davenport University
- Delta College
- Duke University
- Eastern Kentucky University
- Eastern New Mexico University - Ruidoso
- El Paso Community College
- Elon University
- Emerson College
- Excelsior College National Cybersecurity Institute
- Florida Atlantic University
- Florida International University
- Florida State University
- Fordham University
- George Mason University
- George Washington University
- Georgia Highlands College: Partnering with the Northwest Georgia Information Sharing and Analysis Center to host a special presentation by cyber security expert Walter Tong on October 14.
- Georgia Regents University: Hosting a Cyber-Education Summit on the Health Sciences Campus. (October 23 in Augusta, Georgia)
- Glendale Community College
- Harvard University School of Public Health
- Henderson Community College
- Idaho State University: ISU's "NIATEC" program students offer tips and information about cyber safety through local radio station KISU.
- Indiana State University
- Indiana University and IU's Center for Applied Cybersecurity Research
- Indiana University of Pennsylvania
- Institute for Advanced Study
- Ithaca College
- Joliet Junior College
- Johns Hopkins University
- Johnson & Wales University
- Juniata College
- Kennesaw State University: Hosting a Cyber Security Awareness Day with guest speakers from sectors including corporate, education, and law enforcement. (October 16, 2014 in Kennesaw, Georgia)
- Kent State University
- Kentucky Community & Technical College System
- Lee College
- Lehigh University
- Lewis and Clark College
- Lone Star College
- Louisiana State University
- Loyola University Chicago
- Macalester College
- Maricopa Community Colleges
- Marymount University
- McMaster University
- McNeese State University
- Miami University
- Michigan State University
- MIT: Hosting a few events, including a table in the Student Center to help students with questions and determine their knowledge of security issues through quiz cards, a talk on the Tor Project, and a shredding day when the MIT community can drop off paper and electronics for secure disposal.
- Mohave Community College
- Montgomery College: Focusing on a "Vintage Data" campaign.
- Montgomery County Community College
- Moreno Valley College
- New Jersey City University
- New Mexico State University: Formally participating in NCSAM for the first time in 2014, NMSU has a number of presentations and information tables planned throughout the month.
- Norco College
- North Carolina State University
- North Dakota State University: Sending a cybersecurity tip to the campus each Thursday.
- Northern Arizona University
- Northern Kentucky University
- Northwestern University: Information security news podcasts.
- Nova Southeastern University: Hosting FBI special presentation on "Cyber Security Threats and Trends." (September 30, 2014 in Fort Lauderdale, Florida)
- NWACC Network and Information Security Conference (October 14-16, 2014 in Portland, Oregon)
- Ohio State University: Hosting the third annual Cyber Security Day on October 30. Helen Patton (CISO) will provide the keynote presentation, "Security Year in Review."
- Ohio University: Hosting an IT Security Seminar on October 20, 2014.
- Oklahoma State University
- Owens Community College: Holding a cyber security awareness workshop and a campus security awareness campaign.
- Pepperdine University
- Purdue University
- Quinnipiac University
- Rice University
- Rochester Institute of Technology
- Roosevelt University
- Rutgers University
- Ryerson University
- Saint Joseph's University
- Saint Louis University: Information Booths located across campus with information flyers, giveaways (t-shirts, stickers, magnets, coasters), and games. Posters located across campus and in dorms. Partnership with libraries to set up year round display areas. Lunch and Learn for staff. Small group discussions/presentation with various organizations across campus to recruit ambassadors for their program (students, faculty and staff). NCSAM banners on webpage and digital media signs. Weekly articles.
- Salisbury University
- Sam Houston State University
- Santa Clara University: Hosting a "Shred Fest," where a shred truck is parked on campus so students, faculty, and staff can bring sensitive paper and media. They will also have security awareness games, such as dumpster diving, to draw students for prizes.
- Seton Hall University
- St. Edward's University
- St. Norbert College
- Stonehill College
- Stony Brook University
- SUNY Fredonia
- Swarthmore College
- Symbiosis International University
- Syracuse University
- Temple University
- Tennessee College of Applied Technology Shelbyville
- Texas A&M University: Hosting a "Fight Back" cybersecurity awareness campaign October 20-31, 2014. The campaign will feature four villains representing tech security threats. Campus members can "battle" the villains by taking a short quiz to see how they would fare when faced with these threats in real life. No matter their result, whether they defeat the villain, tie, or lose the battle, all participants will get a free drink from a local coffee shop and be entered to win an iPad mini. Each completed quiz equals another entry in the iPad drawing, which will encourage campus members to "battle" multiple villains. When the battle results are shown, tips for improving their security online will also be displayed.
- Texas State University, San Marcos
- Texas Tech University
- Towson University
- Trine University
- Tufts University
- Tulane University
- Union University
- University at Buffalo
- University College London
- University of Arizona: Hosting a Security Awareness Day with an information booth about keeping data and devices safe, as well as some fun giveaways. (October 10 in Tucson, Arizona)
- University of Baltimore
- University of California, Davis: Sharing resources and rolling out a new information security awareness training program.
- University of California, Santa Cruz
- University of Central Oklahoma
- University of Connecticut: The Comcast Center of Excellence for Security Innovation (CSI) at UConn is sponsoring the first-ever CyberSEED: Cybersecurity, Education and Challenge Week. (October 20-23, 2014 in Storrs, Connecticut)
- University of Delaware: Hosting the annual IT Tech Fair for faculty and staff. (October 28 in Newark, Delaware)
- University of Findlay: Hosting the 13th Annual Information Assurance Forum, Big Data: Who's Watching You? (October 22, 2014 in Findlay, Ohio)
- University of Florida
- University of Georgia
- University of Hawaii System
- University of Illinois
- University of Illinois at Chicago
- University of Illinois Springfield
- University of Kentucky
- University of La Verne
- University of Maine at Fort Kent
- University of Maryland, Baltimore
- University of Maryland, Baltimore County
- University of Maryland, Eastern Shore
- University of Massachusetts Amherst: John Sileo, a nationally recognized identity theft speaker, will be speaking to UMass Amherst students, faculty, and staff. (October 23 in Amherst, Massachusetts)
- University of Massachusetts Medical School (Worcester campus)
- University of Massachusetts President's Office
- University of Michigan: Hosting SUMIT (Security at University of Michigan), an annual symposium. (October 14, 2014 in Ann Arbor, Michigan)
- University of Missouri System
- University of Missouri - St. Louis
- University of Nebraska
- University of Nebraska-Lincoln
- University of Nebraska-Omaha
- University of New Hampshire
- University of New Mexico
- University of North Carolina - Chapel Hill
- University of North Carolina - Wilmington
- University of North Florida
- University of Pennsylvania
- University of Pittsburgh
- University of Rochester
- University of Saskatchewan
- University of South Carolina: This year's efforts have been expanded, with nearly twice as many events offered at the flagship campus in Columbia, South Carolina, as well as other system campuses throughout the state.
- University of Tennessee-Knoxville
- University of Texas at Arlington
- University of Texas at Austin: Hosting several events in October, including a screening of the movie "Hackers."
- University of Texas Health Science Center at San Antonio
- University of Texas System
- University of Virginia
- University of Washington
- University of Wisconsin-Madison
- University of Wisconsin-Milwaukee
- University of Wisconsin-Stout
- Utica College
- VA SCAN Conference (October 9-10, 2014 in Richmond, VA)
- Valparaiso University: Planning weekly emails to campus, daily Facebook posts, weekly workshops on security topics, information posted on the institution's website, posters distributed to residence halls, and custom workshops offered to groups on campus.
- Wayne State University
- Wellesley College: Highlights include two showings of the documentary Code 2600 (participants will be entered into a raffle for an iPad mini); students who complete the SANS Securing The Human training by October 31 will be entered into a second raffle for an iPad mini; and Library and Technology student workers are acting as "Security Gnomes." The student workers are patrolling the public spaces and looking for unattended laptops and mobile devices, and leaving security alert cards with helpful security resources. When they find someone practicing good physical security for their belongings, they leave behind a 3-D printed security gnome.
- Wentworth Institute of Technology
- West Virginia University
- Whitman College
- Xavier University
- York University
What is Cyber Security Awareness?
The Oxford English Dictionary defines awareness as "The quality or state of being aware; consciousness." Aware is defined as "Informed; cognizant; conscious; sensible."
The purpose of cyber security awareness presentations is simply to focus attention on cyber security. Awareness presentations are intended to allow individuals to recognize information technology security concerns and respond accordingly.
- The learner is the recipient of information
- The information reaches broad audiences
- Attractive packaging techniques are used
We can characterize a user's cyber security awareness level by describing it as the actions a user takes in a given security situation. Do they know about any policies governing that activity? Do they follow the policy? What happens when they are confronted by a new situation that is not addressed by the policy?
Why is Cyber Security Awareness Important?
To protect the confidentiality, integrity, and availability of information in today's highly networked systems environment requires that all individuals:
- Understand their roles and responsibilities related to the organizational mission
- Understand the organization's information technology security policy, procedures, and practices
- Have at least adequate knowledge of the various management, operational, and technical controls required and available to protect the IT resources for which they are responsible
Cyber security awareness programs impress upon users the importance of cyber security and the adverse consequences of its failure. Awareness may reinforce knowledge already gained, but its goal is to produce security behaviors that are automatic. The goal is to make "thinking security" a natural reflex for everyone in the organization. Awareness activities can build in these reflexes both for the security professional and for the everyday user.
Critical Success Factors for Awareness Activities
- They are based on the organization's policies
- They have senior management support
- The focus is on people at all levels of the organization
- They are effectively planned:
- Based on user's needs, roles, and interests
- Identifies security problems in the organization that need addressing
- They use appealing materials and methods
Awareness programs usually use repetition to reinforce desired behaviors and attitudes about security.
What is National Cyber Security Awareness Month?
National Cyber Security Awareness Month is an annual effort to increase awareness and prevention of online security problems, spearheaded by the U.S. Department of Homeland Security and the National Cyber Security Alliance (NCSA). The EDUCAUSE/Internet2 Higher Education Information Security Council (HEISC) promotes and participates in the annual campaign each October, joining forces with a range of organizations from the public and private sector to expand cybersecurity awareness on campuses across the country. The Higher Education Information Security Council is offering a range of programs and resources:
- NCSAM Resource Kit and NCSAM Sample Kit
- Information Security Awareness Video & Poster Contest for Students
- Cybersecurity Awareness Resource Library
- EDUCAUSE Security Awareness Resource Page
How Do We Plan for National Cyber Security Awareness Month?
The following worksheet will help you to think about how your institution might go about implementing a plan to take advantage of National Cyber Security Awareness Month.
Indiana University offers a NCSAM Sample Kit with creative materials based on a 1950's horror theme, and outlines plans for their use that you can adapt to your institution's needs quickly. With a bit of a printing budget (or your own high quality printer) and some coordination, you can pick and choose which materials will best help you to increase your community's security awareness. Some of the materials are even provided in Spanish! These materials were created and used at Indiana University for National Cyber Security Awareness Month 2005. Indiana University grants permission for non-profit educational use, as long as the credit line and the copyright statement remain on the materials.
Cal Poly Pomona's 2007 presentation describes the development of their Cyber Security Fair in great detail. Tips for starting your own cyber security fair are offered on such topics as determining the target audience, structuring the event, developing a support network, selecting presentation topics & speakers, as well as the associated costs.
The winning posters and videos from previous Information Security Awareness Video & Poster Contests are available for use in campus security awareness campaigns during student orientation, National Cyber Security Awareness Month, Data Privacy Month, and throughout the year. Note: Videos are also available to view on the Security Awareness Contest YouTube Channel. Posters can be found on the contest's Facebook page or the HEISC Pinterest page.
If your group or institution would be interested in a presentation from an information security or privacy expert, please see our Speakers Bureau. You could also use your LinkedIn connections to invite a local, regional, or national speaker to a campus event.
Resources
- "Building an Information Technology Security Awareness and Training Program," National Institute of Standards and Technology Special Publication 800-50, Oct. 14, 2003
- "Developing Security Education and Awareness Programs" by Shirley Payne
- DHS Stop.Think.Connect. campaign and Online Toolkit & Campaign Materials
- Indiana University National Cyber Security Awareness Month Campaigns and Downloadable Material
- MS-ISAC (Multi-State Information Sharing and Analysis Center) National Cyber Security Awareness Month Toolkit (2013)
- NCSA Resources (2012)
- Presidential Proclamation: National Cybersecurity Awareness Month (2012)
- SANS Securing The Human security awareness program
State and Regional Efforts
- Community Based Security Awareness - Various Efforts
- MS-ISAC list of State and Local Government Proclamations
- NASCIO Cybersecurity Awareness Resource Guide
- State of California (2012)
- State of New York (2012)
- State of Pennsylvania (2012)
International Efforts
- Australia: National Cyber Security Electronic security, or online security. Awareness Week is an annual Australian Government initiative held in partnership with industry, community and consumer organizations and all levels of government.
- Canada: Get Cyber Safe is Canada's national public awareness campaign on cyber security
- South Africa: The Cyber Defence Research Group of the Council for Scientific and Industrial Research (CSIR) hosts a serices of talks on cyber security awareness-related topics
Questions or comments? Contact us.
Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).