I won’t go into these in detail here, but they are really useful when writing objectives. This is broadly what we found:
- a lot of information security is about doing things that we already know we should do – but don’t (attitude)
- we’re often complacent about the information we handle (awareness/attitude)
- some of the actions are quite work specific (knowledge).
These fit nicely with what we are doing at WhatYouNeedToKnow. The video shows some of the areas of information security, but uses these to show what could happen if your information got out. It doesn’t shock but hopefully makes you think. For example, the ‘squidgy’ memorable name (1:58 min). So like the drink driving campaign, trying to raise awareness of what could happen, and therefore change behaviours.
There are procedures that will be work specific and these fit in with our idea of using a video+, for example, video + PDF. So, procedures and practices which are specific to your organisation could be put in a simple PDF. Perhaps your password requirements e.g. a mixture of capitals, lower case letters, numbers and so on. Maybe staff are forced to change their passwords every month. All this would be easy to convey in a short PDF.
There are also some great resources which would be expensive to recreate in a piece of elearning – especially when they are already freely available. I like this one. You enter a password and it tells you how long it would take a desktop PC to crack it. There are others, but I found myself playing with it and making up passwords and testing out the ones I use – it’s worth a try.
So in brief, for us the WhatYouNeedToKnow is mostly about attitude, we cover some information security points that will apply to most, if not all. We try and show that the attitude of being more cautious is as applicable, and important, to our personal lives as it is when we’re at work. And lastly, we hope it’s easy to watch. You can get the Youtube embed code here.