October is National Cyber Security Awareness Month! Some quick links to get you started...
- Related resources include the CSAM Sample Kit and the Cybersecurity Awareness Resource Library, as well as the Security Awareness Quick Start Guide and Security Awareness Detailed Instruction Manual.
- Read these blog posts so you don't have to start from scratch! Prepare for NCSAM 2013 and Are You Ready? NCSAM: October 2013.
- Get involved in the Stop.Think.Connect. awareness campaign.
- Become a Champion of NCSAM. You'll also find free materials on NCSA's StaySafeOnline.org website!
- Data Privacy Day occurs each year on January 28. Think about how you might use NCSAM resources to promote this international celebration on your campus, too.
We have collected information from over 190 higher education institutions about 2013 NCSAM Campus Events!
Also on this page: What is Cyber Security Awareness?, Why is Cyber Security Awareness Important?, Critical Success Factors for Awareness Activities, What is National Cyber Security Awareness Month?, How Do We Plan for NCSAM?, and additional Resources (including links to state/regional and international efforts).
2013 Campus Events
Below is a comprehensive list of 2013 higher education NCSAM events. We collected over 190 links this year (a new record)! It's never too early to start planning your 2014 activities. Please continue to share the URL or plans for your NCSAM-related initiatives with the participants of the Security Discussion Group or send an e-mail to: security-council@educause.edu.
- Adams State University
- Anne Arundel Community College
- Adelphi University: Initiatives include student and faculty outreach consisting of graphic posters, website banners, and news announcements, as well as security presentations to various student and staff groups on campus. Additionally, Adelphi has launched a social media campaign on Twitter and Facebook promoting cyber security awareness to the campus community.
- The Alamo Colleges
- Albright College
- Arizona State University
- Appalachian State University
- Armstrong Atlantic State University
- Auburn University: Students are invited to send Vine or Instagram videos about Mobile Data Security, Copyright Infringement, Social Media Safety, & Phishing Scams to @AuburnOIT and they could be featured in this year's Auburn NCSAM campaign. New promotional materials are also available for their 2013 campaign (previous campaigns, 2007-2012, are also available).
- Ball State University: NCSAM promotions include a cybersecurity poster contest, a phishing carnival booth at LATENIGHT, awareness day on October 29, and an IT Concierge desk in the library offering bookmarks and other information on identity theft, phishing, and mobile security. An online safety survey is aslo being offered through November 1 (with a chance to win prizes).
- Baylor University
- Bellevue University: With the Better Business Bureau (BBB) Foundation, Bellevue is hosting a free Cyber Security Reality Check Summit for businesses located in the metro Omaha and metro Lincoln areas on October 16.
- Boise State University
- Boston College
- Boston University: BU Information Security is hosting the second annual Information Security Awareness Week, October 7-11. One of the sponsored activities this year is free document shredding for all BU faculty, staff, and students.
- Brown University: The Information Security Group will host three Brown Bags, as well as provide online awareness materials and quizzes throughout the month.
- Bryn Mawr College
- Bucknell University
- Butler University
- California State Polytechnic University, Pomona: Hosting the Cyber Security Fair, From Hacker...to Security Professional, October 24. The event includes speakers, hands-on activities, and door prizes.
- California State University, Channel Islands
- Cape Fear Community College: CFCC's inaugural Cyber Security Awareness Day on October 17 includes 7 speakers and a Cyber Security clinic. The event is free and open to faculty, staff, students, and the community.
- Capitol College
- Cardinal Stritch University: The Office of Information Services will conduct several training sessions (offered online and in person) covering a wide range of topics. Session attendees have a chance to win an iPad.
- Carnegie Mellon University: The Information Security Office is hosting two events on October 3: Vendors will demonstrate security and privacy features available for mobile devices. This will be followed by a presentation and discussion session with administrative and technical staff.
- Central Washington University: The Security Services Department is hosting several events and activities throughout the month of October, to include a presentation by the FBI Cyber Task Force on October 17. In addition, the Security Services Department and the Department Information Technology Administrative Management (ITAM) are jointly hosting an information security awareness event on October 11, with pizza provided.
- Cincinnati State Technical and Community College
- Clemson University
- Colorado School of Mines
- Colorado Technical University
- Columbia College Chicago: Several workshops will be offered in October on topics such as Password Management and Computer Attacks.
- Columbia College (Missouri)
- Community College of Rhode Island: Offering a free campus event on October 30: "Building a Culture of Security Awareness."
- Connecticut College
- Coppin State University
- Cornell University: Sharing resources on Cornell's social media pages, as well as the IT@Cornell news blog.
- Dartmouth College
- Davenport University
- Drexel University
- Duke University: In conjunction with the Duke Medicine Information Security Officer, the IT Security Office is running a "Phishing Tournament." All throughout the month of October, a phishing awareness quiz will be hosted. A drawing will be held for all quiz participants and winners will receive an iPad Mini.
- Eastern Kentucky University: Smart Computing at EKU is publishing daily news and articles about staying safe online and off.
- Elon University
- Emporia State University: Hosting a Shred Day for documents on October 14.
- Florida Atlantic University: The Office of Information Technology (OIT) is sponsoring cyber security awareness presentations at FAU throughout October. Presentations will be held at the Boca Raton campus and via videoconference to the campuses in Fort Lauderdale and Jupiter. All presentations are open to students, faculty, staff, and the general public.
- Florida International University
- Florida State University: IT Services invites faculty, staff, and students to sign an online Cyber Security Pledge. FSU also hosts the Florida Government Technology Conference (FGTC) in Tallahassee, October 21-23.
- George Mason University: The IT Security Office will be hosting 4 lunchtime seminars in October.
- George Washington University: The Division of IT is offering a series of cybersecurity seminars on October 10, 17, 23, 28, and 30.
- Georgia Gwinnett College
- Georgia Highlands College
- Georgia Regents University, Augusta
- Harvard University: The School of Engineering and Applied Sciences (SEAS) is offering two events on October 10 and October 31.
- Honolulu Community College
- Idaho State University
- Illinois State University
- Indiana University: The REN-ISAC and SANS are teaming up to target developers for NCSAM. They will host a webcast on Securing the Developer on October 28.
- Indiana University of Pennsylvania
- Institute for Advanced Study
- Ithaca College
- Johns Hopkins University
- Kennesaw State University: Hosting the 5th Annual Cyber Security Awareness Day on October 9. The event is free to all KSU students, faculty, staff, and the community.
- Lee College
- Lewis & Clark
- Loyola University Chicago
- Massachusetts Institute of Technology (MIT also includes NCSAM information in their knowledge base)
- Maryland Cybersecurity Center: Saturday Cybersecurity Awareness Workshops will be held on the University of Maryland, College Park campus.
- Mercy College
- Miami University: Information booths will be hosted throughout the month. A feature presentation on the 4th Amendment and Computer Searches: Selected Issues will also be offered on October 22.
- Michigan State University
- Mississippi State University
- Montgomery College: Test your password IQ with an online game or find educational resources.
- Montgomery County Community College
- New Jersey City University
- New Paltz, SUNY
- The New School
- North Carolina State University: Various cybersecurity activities will be offered throughout the month of October, including a lunchtime presentation, "How to Take Control of Your Digital Life."
- North Dakota State University
- Northern Arizona University: The Information Security team will host a booth at the University Union to answer questions and provide information about security topics affecting the campus and its students, faculty, and staff.
- Northern Virginia Community College
- Northwest University
- Nova Southeastern University: The NSU Graduate School of Computer and Information Sciences is hosting a series of events October 3, 10, 17, and 24. All events are free and open to the community.
- Old Dominion University: Hosting the 2013 VASCAN Conference, October 3-4. The conference theme is "Securing the Infrastructure."
- Ohio University: Hosting the IT Security Seminar 2013: Managing personal and institutional risk online and on the job.
- Ohio State University: Offering online resources (including a fun desktop background) and tweets from the Office of the CIO.
- Oklahoma State University: Offering free information security awareness seminars, October through December 2013.
- Paradise Valley Community College
- Penn State: The Security Operations and Services (SOS) unit is sponsoring the 2013 Penn State Security Conference, October 28-29.
- Pepperdine University: The Information Security Office is hosting a student contest in October (prizes: one of three iPad minis). Faculty and staff will also receive monthly phishing tests, October through April.
- Purdue University
- Rice University
- Rochester Institute of Technology: RIT InfoSec offers online safety tips via their website and Facebook page. Full-time RIT students who like or follow RIT InfoSec on social media sites between August 12 and October 1, 2013, will be entered into a random drawing for a $100 Barnes & Noble gift card (see contest info).
- Rockland Community College, SUNY
- Roosevelt University
- Rutgers University: Videos will be aired on RU-TV, and visits to each Rutgers campus are planned. The visits will feature giveaways and an opportunity to ask questions about information security.
- Sacramento State University
- Saint Edward's University: Tweeting resources and tips throughout the month of October.
- Saint Joseph's University
- Saint Louis University
- Saint Michael's College
- Saint Norbert College
- Sam Houston State University: IT@Sam employees will host cybersecurity awareness games and provide giveaways. They will also host a few cyber-related contests for SHSU social media followers.
- Seton Hall University
- Stonehill College
- Stony Brook University: The Division of Information Technology will be holding several events in an effort to educate the campus community on cybersecurity in a fun and engaging way. An article on passwords was sent via e-mail to the entire campus (42,000+) on October 1. A new e-mail will be sent each week in October focused on a different theme. The Training & Development team is offering a "DoIT Cyber Security Mini Byte" webinar each Tuesday in October that will focus on the weekly themes. Two campus security experts provided interviews that will be featured in 4 short videos (see the Week One NCSAM Password Security video). On october 9, a table will be set up in the Student Activities Center where students, faculty, and staff will be challenged to take the Online Identity Risk Calculator quiz (anyone who scores better than a "Medium" risk will win a Starbucks gift card). They are also spreading the word through various social outlets like Twitter, Facebook, Tumblr, and Google+.
- Syracuse University: Information Technology and Services InfoSec team will be hosting two events on campus (specifically a "Fly Phish" event and an IT workshop with live hacking demonstration and lunch) to spread the message on cyber security across the campus.
- Tallahassee Community College: Hosting an event on October 24 with Dr. Shuyuan Ho, assistant professor in the School of Library and Information Studies at Florida State University.
- Temple University: Computer Services is offering several events, including an Information Security Booth in various campus locations throughout the month. Resources will also be shared on campus plasma screens. Trivia Tuesday will be hosted on Facebook each week, and daily tips will be shared via Twitter.
- Tennessee College of Applied Technology Shelbyville
- Texas Christian University
- Texas State University-San Marcos: Hosting a full Cyber Security Awareness Day on October 8. The IT Security department is also partnering with Computer Science to offer a "Capture the Flag" security challenge.
- Texas Tech University
- Thompson Rivers University
- Tufts University
- Tulane University
- University at Buffalo: The Information Security Office is sharing information via Facebook.
- University of Alabama, Birmingham
- University of Alabama, Huntsville: The UAH Awareness Calendar of Events includes a month-long poster campaign and a "Trunk or Treat" event.
- University of Arizona
- University of Arkansas
- University of Baltimore
- University of British Columbia
- University of California, Berkeley
- University of California, Merced
- University of California Office of the President
- University of California, Santa Cruz: Resources include weekly articles, an annual computer security message from the Vice Chancellor of IT, awareness training sessions, campus banners, and shuttle bus posters.
- University of Cape Town
- University of Central Oklahoma
- University of Cincinnati
- University of Colorado, Colorado Springs
- University of Connecticut: The Information Security Officer is sponsoring HuskyHunt, a scavenger hunt game, which will run from September 16 through November 3.
- University of Delaware
- University of Florida: Throughout October members of the information security staff will be visiting college and administrative units, sharing materials that focus on the importance of strong passwords and protecting restricted data. In addition, an event will be hosted at the university's library on October 22 and cross-promoted with the Academic & Professional Assembly (APA), an organization supervised by UF's VP of Human Resources Services that promotes professional development across the university campuses.
- University of Georgia: Special activities and events include a weekly tips email focusing on NCSAM weekly themes, a basic computer security "boot camp" class, and free laptop checkups for UGA students, faculty, and staff during the Computer Health and Security Fair. UGA was also named a champion of NCSAM.
- University of Hawaii: The UH Information Security Team will hold informational workshops (October 2 and 17) and promote online articles to highlight the importance of practicing secure computing habits in cyberspace.
- University of Houston Downtown
- University of Idaho
- University of Illinois at Chicago: Resources focusing on weekly themes (including: phishing, software Updates, password safety, and personal data security) will be posted online. On October 1, 11, 16, 21, and 31, the Academic Computing and Communications Center (ACCC) Security will host a security booth at different locations on campus with bookmark and message pen giveaways. Participants will also be invited to spin a prize wheel and test their security knowledge corresponding to one of the weekly themes. Winners will be entered into a weekly raffle to win a pair of tickets to the Art Institute of Chicago. Additionally, ACCC Security will host Security Education & Awareness presentations for various department offices, including Campus Housing. Finally, weekly campus e-mails and twitter messages will inform the campus of the new weekly theme and location for the security booth.
- University of Illinois at Springfield
- University of Illinois, Urbana-Champaign
- University of Iowa
- University of Kansas
- University of Kansas Medical Center: The KUMC Blog includes information about upcoming Lunch 'n Learn sessions, contests, and prizes, as well as weekly blog posts and a Tip of the Day.
- University of Maryland: Hosting the 12th annual Cyberethics, Cybersafety, and Cybersecurity (C3) Conference in College Park, October 3-4.
- University of Maryland Baltimore
- University of Maryland Baltimore County: Hosting the 2013 CyberMaryland Conference in Baltimore, October 8-9.
- University of Massachusetts Amherst: OIT is sponsoring several activities in October, including a Cyber Security Awareness Video & Poster Contest for students, computer device registration, and hosted information tables with a Plinko game.
- University of Massachusetts Dartmouth: Hosting IT Security Week, which includes a keynote presentation, "Getting Proactive on Privacy and Security," and security information tables with flyers, giveaways, and videos.
- University of Miami
- University of Michigan: Hosting SUMIT_2013 Symposium in Ann Arbor, October 15. Videos and slides are available after the event.
- University of Minnesota: Sponsoring the third annual Cyber Security Summit 2013 in Minneapolis, October 22-23.
- University of Missouri: Offering several security-related events on campus, as well as a ShredIT Event on October 30.
- University of Nebraska-Lincoln: Resources include several "Reality Check" posters that can be printed and shared across the campus.
- University of Nebraska-Omaha
- University of New Hampshire: Publishing articles in the campus newsletters and providing security information via Twitter.
- University of North Carolina at Chapel Hill: In addition to sending out a weekly e-mail to faculty, staff, and students, UNC-CH is planning 2 outdoor events with games and prizes. They will also sponsor a video contest for students based on the campaign Stop. Think. Connect. (winners receive an iPad), hang posters around campus, and host a Cyber Security Town Hall meeting that ties in with the theme Education & Digital Literacy.
- University of North Carolina Charlotte: The College of Computing and Informatics is hosting the 14th annual UNC Charlotte Cyber Security Symposium on October 9.
- University of North Carolina Wilmington: A lineup of security presentations that will be provided throughout the month of October. UNCW's IT Security department will give away free annual subscriptions of LoJack PC/Mac theft recovery service at each event.
- University of North Florida
- University of North Texas Health Science Center
- University of Northern Iowa: Providing licensed access to the SANS Security The Human course via Blackboard. Poster submissions from the 2013 student video and poster contest will also be displayed on digital signage throughout the campus.
- University of Notre Dame: Tweeting security tips throughout the month of October.
- University of Oklahoma
- University of Oregon
- University of Pennsylvania: The Office of Information Security will celebrate with "31 Days of NCSAM Tweets" and distribution of Penn-themed posters across campus. Staff members from the Information Security and Privacy offices will also participate in the Penn Employee Resource and Commuter Fair. Shredding trucks will be available at the Fair to securely shred or dispose of data or old electronics (at no charge).
- University of Pennsylvania's Wharton College: Wharton's Chief Security Officer and Senior IT Project Leader will present a "Techfast" with useful security information. A recording of the presentation is available online.
- University of Rochester: Partnering with the Rochester Institute of Technology to offer the 2013 Rochester Security Summit, October 22-23. Keynote speakers include Bruce Schneier and Lance Spitzner.
- University of San Francisco
- University of South Carolina: Five events will be offered on campus, including a screening of Cullin Hobeck's Terms and Conditions May Apply documentary that will be followed by a discussion panel featuring faculty experts.
- University of South Carolina Upstate
- University of South Florida
- University of Tennessee: Hosting the East Tennessee Cybersecurity Summit in Knoxville, October 23-24.
- University of Tennessee, Chattanooga: Read a letter from Dr. Joe DiPietro, President, University of Tennessee, regarding the challenges faced in maintaining data security in the higher education environment.
- University of Texas at Arlington
- University of Texas at San Antonio
- University of Texas Health Science Center, San Antonio
- University of Tulsa
- University of Vermont
- University of Virginia: Four security awareness presentations will be hosted by the Information Security, Policy, and Records Office (ISPRO) in October, with door prizes for attendees.
- University of Washington: The UW Office of the CISO is sponsoring a live demonstration showing how a malware attack works on October 28. Other events, activities, and resources are available online.
- University of Wisconsin-Madison: The UWM Information Security Office is hosting a quiz for faculty, staff, and students. Participants will be entered into a random drawing for an iPad Mini.
- University of Wisconsin-Platteville
- University of Wisconsin-Whitewater: Educating users all month long via Twitter (@UWWICIT).
- University System of Georgia
- Utah State University
- Utica College: During the month of October, Utica College will waive the usual application fee for its bachelors and masters cybersecurity programs. The college will also host a complimentary webinar on October 9.
- Virginia Commonwealth University: Hosting a Cybersecurity Fair, October 22-23.
- Virginia Military Institute
- Wayne State University
- Wentworth Institute of Technology: Blogging and tweeting during the month of October.
- Whitman College
- Wilkes University
- William Paterson University: ADP in partnership with NCSA, Microsoft, ESET, the Council of Better Business Bureaus, the William Paterson University Small Business Development Center, and the Passaic County, New Jersey Department of Economic Development will host the second Small Business Summit on Security, Privacy and Trust. Tailored for small and mid-sized businesses, this interactive event aims to help owners learn how to better safeguard their business, employees and clients by learning more about best practices in cyber security.
- York University: Created a Security Awareness tutorial that is available through October. Students who take the tutorial and help promote it will receive prizes.
What is Cyber Security Awareness?
The Oxford English Dictionary defines awareness as "The quality or state of being aware; consciousness." Aware is defined as "Informed; cognizant; conscious; sensible."
The purpose of cyber security awareness presentations is simply to focus attention on cyber security. Awareness presentations are intended to allow individuals to recognize information technology security concerns and respond accordingly.
- The learner is the recipient of information
- The information reaches broad audiences
- Attractive packaging techniques are used
We can characterize a user's cyber security awareness level by describing it as the actions a user takes in a given security situation. Do they know about any policies governing that activity? Do they follow the policy? What happens when they are confronted by a new situation that is not addressed by the policy?
Why is Cyber Security Awareness Important?
To protect the confidentiality, integrity, and availability of information in today's highly networked systems environment requires that all individuals:
- Understand their roles and responsibilities related to the organizational mission
- Understand the organization's information technology security policy, procedures, and practices
- Have at least adequate knowledge of the various management, operational, and technical controls required and available to protect the IT resources for which they are responsible
Cyber security awareness programs impress upon users the importance of cyber security and the adverse consequences of its failure. Awareness may reinforce knowledge already gained, but its goal is to produce security behaviors that are automatic. The goal is to make "thinking security" a natural reflex for everyone in the organization. Awareness activities can build in these reflexes both for the security professional and for the everyday user.
Critical Success Factors for Awareness Activities
- They are based on the organization's policies
- They have senior management support
- The focus is on people at all levels of the organization
- They are effectively planned:
- Based on user's needs, roles, and interests
- Identifies security problems in the organization that need addressing
- They use appealing materials and methods
Awareness programs usually use repetition to reinforce desired behaviors and attitudes about security.
What is National Cyber Security Awareness Month?
National Cyber Security Awareness Month is an annual effort to increase awareness and prevention of online security problems, spearheaded by the U.S. Department of Homeland Security and the National Cyber Security Alliance (NCSA). The EDUCAUSE/Internet2 Higher Education Information Security Council (HEISC) promotes and participates in the annual campaign each October, joining forces with a range of organizations from the public and private sector to expand cybersecurity awareness on campuses across the country. The Higher Education Information Security Council is offering a range of programs and resources:
- NCSAM Resource Kit and NCSAM Sample Kit
- Information Security Awareness Video & Poster Contest for Students
- Cybersecurity Awareness Resource Library
- EDUCAUSE Security Awareness Resource Page
How Do We Plan for National Cyber Security Awareness Month?
The following worksheet will help you to think about how your institution might go about implementing a plan to take advantage of National Cyber Security Awareness Month.
Indiana University offers a NCSAM Sample Kit with creative materials based on a 1950's horror theme, and outlines plans for their use that you can adapt to your institution's needs quickly. With a bit of a printing budget (or your own high quality printer) and some coordination, you can pick and choose which materials will best help you to increase your community's security awareness. Some of the materials are even provided in Spanish! These materials were created and used at Indiana University for National Cyber Security Awareness Month 2005. Indiana University grants permission for non-profit educational use, as long as the credit line and the copyright statement remain on the materials.
Cal Poly Pomona's 2007 presentation describes the development of their Cyber Security Fair in great detail. Tips for starting your own cyber security fair are offered on such topics as determining the target audience, structuring the event, developing a support network, selecting presentation topics & speakers, as well as the associated costs.
The winning posters and videos from previous Information Security Awareness Video & Poster Contests are available for use in campus security awareness campaigns during student orientation, National Cyber Security Awareness Month, Data Privacy Month, and throughout the year. Note: Videos are also available to view on the Security Awareness Contest YouTube Channel. Posters can be found on the contest's Facebook page or the HEISC Pinterest page.
Resources
- "Building an Information Technology Security Awareness and Training Program," National Institute of Standards and Technology Special Publication 800-50, Oct. 14, 2003
- "Developing Security Education and Awareness Programs" by Shirley Payne
- DHS Stop.Think.Connect. campaign and Online Toolkit & Campaign Materials
- Indiana University National Cyber Security Awareness Month Campaigns and Downloadable Material
- MS-ISAC (Multi-State Information Sharing and Analysis Center) National Cyber Security Awareness Month Toolkit (2012)
- NCSA Resources (2012)
- Presidential Proclamation: National Cybersecurity Awareness Month (2012)
- SANS Securing The Human security awareness program
State and Regional Efforts
- Community Based Security Awareness - Various Efforts
- MS-ISAC list of State and Local Government Proclamations
- NASCIO Cybersecurity Awareness Resource Guide
- State of California (2012)
- State of New York (2012)
- State of Pennsylvania (2012)
International Efforts
- Australia: National Cyber Security Electronic security, or online security. Awareness Week is an annual Australian Government initiative held in partnership with industry, community and consumer organizations and all levels of government.
- Canada: Get Cyber Safe is Canada's national public awareness campaign on cyber security
- South Africa: The Cyber Defence Research Group of the Council for Scientific and Industrial Research (CSIR) hosts a serices of talks on cyber security awareness-related topics
Questions or comments? Contact us.
Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).