Skip to main content

National Cyber Security Awareness Month

What is Cyber Security Awareness?

The Oxford English Dictionary defines awareness as "The quality or state of being aware; consciousness." Aware is defined as "Informed; cognizant; conscious; sensible."

The purpose of cyber security awareness presentations is simply to focus attention on cyber security. Awareness presentations are intended to allow individuals to recognize information technology security concerns and respond accordingly.

  1. The learner is the recipient of information
  2. The information reaches broad audiences
  3. Attractive packaging techniques are used

We can characterize a user's cyber security awareness level by describing it as the actions a user takes in a given security situation. Do they know about any policies governing that activity? Do they follow the policy? What happens when they are confronted by a new situation that is not addressed by the policy?

Why is Cyber Security Awareness Important?

To protect the confidentiality, integrity, and availability of information in today's highly networked systems environment requires that all individuals:

  1. Understand their roles and responsibilities related to the organizational mission.
  2. Understand the organization's information technology security policy, procedures, and practices.
  3. Have at least adequate knowledge of the various management, operational, and technical controls required and available to protect the IT resources for which they are responsible.

Cyber security awareness programs impress upon users the importance of cyber security and the adverse consequences of its failure. Awareness may reinforce knowledge already gained, but its goal is to produce security behaviors that are automatic. The goal is to make "thinking security" a natural reflex for everyone in the organization. Awareness activities can build in these reflexes both for the security professional and for the everyday user.

Critical Success Factors for Awareness Activities

  • They are based on the organization's policies
  • They have senior management support
  • The focus is on people at all levels of the organization
  • They are effectively planned:
    • Based on user's needs, roles, and interests
    • Identifies security problems in the organization that need addressing
  • They use appealing materials and methods

Awareness programs usually use repetition to reinforce desired behaviors and attitudes about security.

"Passwords Are History" Passphrase Campaign

The Information Security Offices hopes to educate the Sacramento State community about why choosing a complex and secure password is crucial to protecting their online identity, and how the use of passphrases does this, while providing access means that are easier to remember and easier to type.