NCSAM Resource Kit

Last reviewed: October 2015

2015 Campus Events

• Abilene Christian University: Offering weekly training sessions and blog posts, as well as sharing daily social media posts.
• Adams State University
• Adelphi University
• Aims Community College
• Appalachian State University
• Arizona State University
• Athens State University
• Auburn University: This year's campaign encourages users to "Stop. Think." before they "Connect. Post. Buy. Move. Promote." You can also view previous campaigns from 2007 to 2014.
• Ball State University
• Baltimore City Community College
• Barry University
• Baylor University
• Bellevue University
• Berry College
• Boise State University
• Boston College
• Bridgewater College
  
• Brown University: Offering events, quizzes and resources through the new security awareness website http://brown.edu/go/bearaware.
• Bryn Mawr College
• Bucks Community College
• Cal Poly Pomona: Hosting the 10th annual Cyber Security Fair with the theme "Trick or Treat: Why Your Choices Matter" and an emphasis on women in cybersecurity. (October 29, 2015 in Pomona, CA)
• California State University, Channel Islands
• California State University, San Marcos
• Capella University
• Capitol Technology University
• Carleton College (in collaboration with St. Olaf College): Employees are invited to an "InfoSec 101" course in Moodle with a mix of SANS Securing The Human and local content.
• Carnegie Mellon University: Focusing awareness efforts on data classification and data protection during the month of October. 
• Central Washington University
• Chippewa Valley Technical College
• The Citadel
  
• Clark University
• Columbus State University
• Community College of Spokane
• Connecticut College
• County College of Morris
• Cornell University
• Dakota State University
• Dean College
• Delta College
• Dickinson College: Sharing weekly stories and hosting public events on campus.
• East Carolina University
• Eastern New Mexico University
• Edmonds Community College
• Elon University
• El Paso Community College
• Florida Atlantic University
• Florida Center for Cybersecurity at the University of South Florida: Hosting a conference, October 13-14, in Tampa, FL.
• Florida State University: Individuals can sign a cyber pledge during the month of October (booths will be available around campus twice a week). Users can also put on a cape and mask and tweet their photo with the hashtag #beacyberhero to enter a weekly giveaway. Prizes include selfie sticks and Mozy portable cell phone chargers. Follow FSU Cybersecurity to see the new awareness campaign.
• Fordham University
• Forsyth Technical Community College
• Fort Hays State University
• Fredonia (State University of New York): During the month of October, the Professional Development Center is hosting a series of events based on the 2015 weekly NCSAM themes. All events are open to the public.
• Frostburg State University
• George Washington University
• Georgia College and State University
• Hagerstown Community College
• Immaculate University
• Indiana University of Pennsylvania
• Ivy Tech Community College
• Johnson & Wales University
• Kennesaw State University
• Kent State University
• Lansing Community College
• Lee College
• Lehigh University
• Liberty University
• Lone Star College
  
• Louisiana State University
• Longwood University
• Loyola University Chicago
• Maricopa Community Colleges
• Marist College
• Marymount University
• McNeese State University
• Millersville University
• MIT: Offering free events throughout the month.
• Montgomery County Community College
• Mount Holyoke College
• Mt. Sierra College
• National Cybersecurity Institute at Excelsior College
• New Jersey City University
• North Carolina State University
• North Central College
• North Dakota State University
• Northeast Alabama Community College
• Northern Arizona University: NAU created a new video, The Lurker, a fun 30-second clip about locking your computer and protecting your data. The central IT Department will be sharing social media posts with weekly themes and hosting some presentations for student clubs and other campus departments.
• NWACC Network & Information Security Workshop (September 29 - October 1, 2015 in Portland, OR)
• Old Dominion University
• Ohio State University: Holding a Security Awareness and Training Day on campus. (October 15, 2015 in Columbus, OH)
  
• Our Lady of the Lake University
• Parker University
• Pepperdine University
• Pinellas Technical College
• Quinnipiac University
• Regis University
• Roanoke College
• Rochester Institute of Technology: Hosting the 2015 Rochester Security Summit. (October 6-7, 2015 in Rochester, NY)
• Roosevelt University
• Rose-Hulman Institute of Technology
• Rutgers 
• Ryerson University
• Sacred Heart University
• Salisbury University
• Saskatchewan Polytech
• Savannah College of Art and Design
• Seton Hill University
• South Texas College
• St. Edward's University
• St. Norbert College
• St. Olaf College (in collaboration with Carleton College): Employees are invited to an "InfoSec 101" course in Moodle with a mix of SANS Securing The Human and local content.
  
• Saint Louis University
• Stony Brook University
• Syracuse University
  
• Temple University
• Tennessee College of Applied Technology, Jacksboro
• Tennessee College of Applied Technology, Shelbyville
• Texas A&M University: Texas A&M Information Technology is hosting a large-scale security awareness campaign. This year's theme is Aggie LIFE. It is an online game that incorporates the themes from the Game of Life into an environment where students, faculty, and staff can learn about online security and identity protection. Participants will answer security-related questions for a free iced coffee and a chance to win an Apple Watch. Last year, TAMU had over 7,000 participants and they expect those numbers to grow with this new "Aggie" centric campaign. Previous campaigns include: http://fightback.tamu.edu/ and http://whatsyourstatus.tamu.edu/. Learn more about TAMU's awareness campaigns during the October 7 EDUCAUSE Live! webinar, "Creating a Culture of Cybersecurity and Safety on Your Campus and in Your Community."
• Texas A&M University, Kingsville
• Texas Social Media Research Institute at Tarleton University
• Union University
• United States Naval Academy: Educating users on various security awareness topics.
• University of Alabama in Huntsville: Hosting several awareness events including a fact of fiction game, password cracking challenge, and spot the phishing email game. The final event on October 20 will cover topics ranging from the history of the first cyber-espionage attacks to current trends in cybersecurity.
• University of Arizona
• University of Arkansas, Fort Smith
• University of Baltimore
• University of California, Santa Cruz
• University of Central Oklahoma
• University of Delaware: Hosting a security contest through November 15 for any faculty or staff member who has enrolled in two-factor authentication (2FA) for their campus account. The security team will also host tables at the IT Tech Fair on October 28 to demo tools like Identity Finder and 2FA. 
• University of Findlay
• University of Florida
• University of Guelph-Humber: Offering 6 modules of IT Security training on Safe Everyday Computing, Security Credential Management, Safe Data Management & Storage, Cloud Services, Governing Laws & Policies, and Incident Response.
• University of Hawaii: Events are being offered at several campuses, and there will be games to play.
• University of Illinois at Chicago
• University of Illinois at Springfield
• University of Maryland, Baltimore
  
• University of Maryland, Eastern Shore
• University of Miami: Hosting a Cybersecurity Conference on October 22 with keynotes Joe Sullivan (Uber CSO) and Pete Nicoletti (Hertz CISO).
• University of Michigan: Hosting the 11th annual Security at University of Michigan IT (SUMIT) Conference. (October 22, 2015 in Ann Arbor, MI)
• University of Minnesota Duluth
• University of Nebraska, Omaha
• University of Nevada, Las Vegas
• University of New Hampshire
• University of North Carolina at Chapel Hill
• University of North Carolina at Pembroke
• University of North Carolina at Wilmington
• University of Northern Colorado
• University of Pennsylvania
• University of Phoenix
• University of Pittsburgh
• University of Rochester: Hosting the 2015 Rochester Security Summit. (October 6-7, 2015 in Rochester, NY)
  
• University of San Diego
• University of Scranton
• University of South Carolina
  
• University of Tennessee Health Science Center
• University of Tennessee Knoxville
• University of Texas at Austin
• University of Texas Health Science Center at San Antonio
• University of Utah: The University Information Technology department will focus on a different topic each week in October, including university regulations and cloud storage. This local article describes their plans to reach students.
• University of Virginia: Hosting the 12th annual VASCAN Conference with the theme "They Will Get In. What Are We Doing About It?" on October 1-2, 2015 in Charlottesville, VA. UVA is also hosting a free event on campus October 20 with a speaker from FireEye.
• University of Washington: Offering online training courses and other activities throughout the month. 
• University of Wisconsin
• Utica College
• Valparaiso University: Hosting two events, including a Password Management workshop on October 6 and a Parenting in the Digital Age lunch & learn on October 15 (co-sponsored by IT and the Staff Employee Advocacy Council). Also sending weekly e-mails, posting daily on social media, distributing posters, and showing slides on the campus digital messaging screens. 
• Villanova University
• Vincennes University
• Virginia Tech
• Wellesley College
• Wentworth Institute of Technology
• Westchester University
• William and Mary: Focusing on phishing and password safety during the month of October.
• Williams College
• Xavier University
• York University

What is Cyber Security Awareness?

The Oxford English Dictionary defines awareness as "The quality or state of being aware; consciousness." Aware is defined as "Informed; cognizant; conscious; sensible."

The purpose of cyber security awareness presentations is simply to focus attention on cyber security. Awareness presentations are intended to allow individuals to recognize information technology security concerns and respond accordingly.

• The learner is the recipient of information
• The information reaches broad audiences
• Attractive packaging techniques are used

We can characterize a user's cyber security awareness level by describing it as the actions a user takes in a given security situation. Do they know about any policies governing that activity? Do they follow the policy? What happens when they are confronted by a new situation that is not addressed by the policy?

Why is Cyber Security Awareness Important?

To protect the confidentiality, integrity, and availability of information in today's highly networked systems environment requires that all individuals:

• Understand their roles and responsibilities related to the organizational mission
• Understand the organization's information technology security policy, procedures, and practices
• Have at least adequate knowledge of the various management, operational, and technical controls required and available to protect the IT resources for which they are responsible

Cyber security awareness programs impress upon users the importance of cyber security and the adverse consequences of its failure. Awareness may reinforce knowledge already gained, but its goal is to produce security behaviors that are automatic. The goal is to make "thinking security" a natural reflex for everyone in the organization. Awareness activities can build in these reflexes both for the security professional and for the everyday user.

Critical Success Factors for Awareness Activities

• They are based on the organization's policies
• They have senior management support
• The focus is on people at all levels of the organization
• They are effectively planned:
  • Based on user's needs, roles, and interests
  • Identifies security problems in the organization that need addressing
• They use appealing materials and methods

Awareness programs usually use repetition to reinforce desired behaviors and attitudes about security.

What is National Cyber Security Awareness Month?

National Cyber Security Awareness Month is an annual effort to increase awareness and prevention of online security problems, spearheaded by the U.S. Department of Homeland Security and the National Cyber Security Alliance (NCSA). The Higher Education Information Security Council (HEISC) promotes and participates in the annual campaign each October, joining forces with a range of organizations from the public and private sector to expand cybersecurity awareness on campuses across the country. The Higher Education Information Security Council is offering a range of programs and resources:

• NCSAM Resource Kit and NCSAM Sample Kit
• Information Security Awareness Video & Poster Contest for Students
• Cybersecurity Awareness Resource Library
• EDUCAUSE Security Awareness Resource Page

How Do We Plan for National Cyber Security Awareness Month?

The following NCSAM Planning Guide worksheet (PDF or Word) will help you to think about how your institution might go about implementing a plan to take advantage of National Cyber Security Awareness Month.

Indiana University offers a NCSAM Sample Kit with creative materials based on a 1950's horror theme, and outlines plans for their use that you can adapt to your institution's needs quickly. With a bit of a printing budget (or your own high quality printer) and some coordination, you can pick and choose which materials will best help you to increase your community's security awareness. Some of the materials are even provided in Spanish! These materials were created and used at Indiana University for National Cyber Security Awareness Month 2005. Indiana University grants permission for non-profit educational use, as long as the credit line and the copyright statement remain on the materials.

Cal Poly Pomona's 2007 presentation describes the development of their Cyber Security Fair in great detail. Tips for starting your own cyber security fair are offered on such topics as determining the target audience, structuring the event, developing a support network, selecting presentation topics & speakers, as well as the associated costs.

The winning posters and videos from previous Information Security Awareness Video & Poster Contests are available for use in campus security awareness campaigns during student orientation, National Cyber Security Awareness Month, Data Privacy Day, and throughout the year. Note: Videos are also available to view on the HEISC YouTube Channel. Posters can be found on the HEISC Facebook page or Pinterest page.

If your group or institution would be interested in a presentation from an information security or privacy expert, please see our Speakers Bureau. You could also use your LinkedIn connections to invite a local, regional, or national speaker to a campus event.

Note: Data Privacy Day occurs each year on January 28. Think about how you might use NCSAM resources to promote this international celebration on your campus, too.

Resources

• "Building an Information Technology Security Awareness and Training Program," National Institute of Standards and Technology Special Publication 800-50, Oct. 14, 2003
• "Developing Security Education and Awareness Programs" by Shirley Payne
• DHS Stop.Think.Connect. campaign and the Stop.Think.Connect. Resource Guide
• ICANN Security Awareness Resource Locator and Security Terminology blog
• Indiana University National Cyber Security Awareness Month Campaigns and Downloadable Material
• MS-ISAC (Multi-State Information Sharing and Analysis Center) 2015 National Cyber Security Awareness Month Toolkit
• NCSA Resources
• NCSAM Planning Guide worksheet (PDF or Word)
• OnGuard Online
• Presidential Proclamation: National Cybersecurity Awareness Month, 2015
• SANS Securing The Human NCSAM resources

State and Regional Efforts

• MS-ISAC list of State and Local Government Proclamations
• NASCIO's Cybersecurity Awareness Website

International Efforts

• Australia: Stay Smart Online is the Australian Government's online safety and security website.
• Canada: Get Cyber Safe is Canada's national public awareness campaign about cyber security and online safety.
• Europe: European Cyber Security Month is an EU advocacy campaign that takes place in October. 
• South Africa: The South African Cyber Security Academic Alliance includes academic research groups from several institutions.

Questions or comments? Contact us.

Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).