October is Cyber Security Awareness Month and the Internet Storm Center is going to focus on one security awareness subject per day.  We plan to provide useful information for information security professionals who want to educate their users but do not have a ready set of awareness tips. 

We asked for your ideas and boy did you have some good ones. To all of our readers who sent in hundreds of ideas over the past two weeks, thanks very much!  It took a bit of work but I think we've got about 95% of the topic suggestions covered.  Below is the list of topics by week and day that we will use them in October.  As you'll see, the first week focuses on tips for getting the message out to your users.  Subsequent weeks focus on specific topics.

We need your help beginning this weekend and continuing through the month of October.  If you would like to submit a tip, please use our contact form and be sure to put something in the subject like "Security Tip, day 15" to make it easier for us to sort them.  Keep your tips brief and to the point, also remember that the audience is the end user, not your sysadmins or netops geeks.

1. Establishing a User Awareness Training Program
  1 Penetrating the "This Does Not Apply To Me" Attitude
  2 Multimedia Tools, Online Training, and Useful Websites
  3 Getting the Boss Involved
  4 Enabling the Road Warrior
  5 Social Engineering and Dumpster Diving Awareness
  6 Developing and Distributing Infosec Policies

2. Best Practices
  7 Host-based Firewalls and Filtering
  8 Anti-Virus, Anti-Spyware, and Other Protective Software
  9 Access Controls, Including Wireless, Modems, VPNs, and Physical Access
 10 Authentication Mechanisms (Passwords, Tokens, Biometrics, Kerberos, NTLM, Radius)
 11 File System Backups
 12 Managing and Understanding Logs on the Desktop or Laptop (AV, Firewall, or System Logs)
 13 Patching and Updates

3. Hardware/Software Lockdown
 14 Data Encryption
 15 Protecting Laptops
 16 Protecting Portable Media like USB Keys, iPods, PDAs, and Mobile Phones
 17 Windows XP/Vista Tips
 18 Mac Tips
 19 Linux Tips
 20 Software Authenticity (Digital Signatures, MD5, etc.)

4. Safe Internet Use
 21 Understanding Online Threats, Phishing, Fraud, Keystroke Loggers
 22 Detecting and Avoiding Bots and Zombies
 23 Using Browsers, SSL, Domain Names
 24 Using Email, PGP, X509 Certs, Attachments
 25 Using Instant Messaging and IRC
 26 Safe File Swapping
 27 Online Games and Virtual Worlds

5. Privacy and Protection of Intellectual Property
 28 Cookies
 29 Insider Threats
 30 Blogging and Social Networking
 31 Legal Awareness (Regulatory, Statutory, etc.)

Marcus H. Sachs
Director, SANS Internet Storm Center