Gerry Bayne: Increasing security awareness at colleges and universities is a top priority. Even if the technology controls are in place, there's still the human element to address. Increasing digital self defense is the goal of campus security awareness programs. But how do we get people to care about security awareness? We talked with some of today's top information security leaders, and they say it's about making it personal. Joshua Beemon, Chief Information Security Officer at the University of Pennsylvania, explains.
Joshua Beemon: That's the sort of, "What's in it for me?" I think that's a critical thing. You used the keyword of making it relevant. That's how we have learned to be successful. You've got to figure out what's the piece of this that they actually care about. Is it their research? Is it the reputation of the institution? Is there a monetary value? Is there a loss of grant funding? Is it a personal reason?
Gerry Bayne: Security awareness isn't just about protecting institutional data. It's in everyone's best interest says Ben Woelk, Information Security Office Program Manager at the Rochester Institute of Technology.
Ben Woelk: We've built our whole awareness program around this whole digital self defense. Protective yourselves and everybody else, so that people understand that what we are teaching them. Or giving them information about is important for them, and effective practices that they can do at home, as well as at work. I think making sure they understand it's important for them, and not just a university policy.
Gerry Bayne: Making security awareness personally relevant to students, faculty, and staff, is just one tip for delivering a successful security awareness program. Check out more tips at www.educause.edu/securityawareness.