Information Security Awareness, Training and Motivation — Native Intelligence, Inc.

Right Brain, Good Security Behavior Top Ten Lists

This is an interactive exercise in which participants brainstorm Top Ten lists that reflect good security behaviors.

This exercise can be done in person at training sessions, or on-line with responses provided by e-mail or Web form.

Ask participants to create items for a security behavior-related Top Ten List. Provide one or more of the following topics and examples to get them started.

Allow about 5 minutes for participants to prepare responses. Go over the results and recognize those with the first, best, publication-worthy, or most responses with praise or other rewards.

Choose, or have participants vote for, ten items to be published in your organization’s newsletter or security Web site.

Examples to Get Participants Started

Top Ten
Things to Say to a Stranger in Your Work Area

  • Hi, I’m John. Who are you?
  • Can you show me where the restroom is?
  • May I help you find something?
  • Excuse me, did you drop this thumb drive?
  • How did you get past the guards without your badge?
  • That’s odd. Our organization’s name is misspelled on your badge.
  • Is that a real convict ankle bracelet?

Follow with a discussion of how to handle unknown visitors. Be sure to include that if an employee is uncomfortable with challenging a visitor, he or she should move to a safe location and call security or a supervisor.

Top Ten
Places Not to Hide Your Password

  • On a whiteboard in your office
  • On the ceiling above your desk
  • On a sticky note under a bookshelf
  • Written in permanent marker on the light bulb of your desk lamp

Top Ten
Things Not to Put in an E-mail from Your Work Account

  • Ads for your home business
  • Threats
  • Anything written in anger, especially about your boss
  • Bad grammar and spelling
  • Pornography
  • Copyrighted material that you are not allowed to share

Top Ten
Responses to Requests from Unknown Callers Asking for Valuable Information

  • Sure, no problem. I just need to confirm your identity. What’s your supervisor’s name and phone number?
  • We don’t provide that information without a warrant.
  • Whoooops! There goes the fire alarm. What’s a phone number where I can call you back?
    (use sound file 25032 from Freesound — http://freesound.iua.upf.edu)
  • "I’d really like to help you out, but I don’t know you. If I give you this information without confirming that you are who you say you are, and if you’re not allowed to have it, well, good things won’t happen....  I could lose my job, and after the lawsuit, I might have a hard time finding another one. If that happened, I wouldn’t be able to pay the hospital bills for my three-year old who needs another operation. Not only that, but I wouldn’t be able to keep Mom enrolled over at the Daisy Hill Senior Day Care Center. It’s so difficult coping with Alzheimer’s disease, diabetes, dengue fever, and her heart condition. Also, with no income, we’d quickly run out of kitten food, and cranky felines can really be trouble. You know what I mean? No? well. Trust me, it ain’t pretty. What was that you wanted to know again?

To suggest a list topic or sample response you’d like to see here, please let us know. We will include your name and organization with any Top Ten responses we add to this page.