Yateem Center 2nd Floor EU

PO Box 10606, Manama GCC

Kingdom of Bahrain Asia
Tel: +973 17223550 Fax: +973 17225338
info@esgulf.com http://esgulf.com

Security Awareness
Solution Brief
End User Social Engineering Risk
“.. 70 percent of those asked said they would reveal their
computer passwords for a …
BAR OF CHOCOLAT... ”
Schrage, Michael. 2005 Survey

Security Awareness with Goals

Users are today's weakest link to security implementation. This is the highest source of
risk for most organizations dealing with sensitive information. The security awareness
program is one of the most effective tools to reduce or eliminate this corporate risk.
The goals of the Corporate Security Awareness Program are to:
1. Put information security and its importance into the forefront of your staff’s
mind.
2. Spread information security policy and awareness throughout corporate ranks.
3. Get management on the same page as the security department and the staff with
executive targeted components.
4. Build security awareness into the technical and development teams.
5. Think differently. Create a paradigm shift in the way staff views its business
process and how it should to protect it.
Have Fun doing Security Awareness. Make Security Awareness fun for everyone. This
will get you significant ‘buy-in’ from the entire corporate target audience.

Security Logo

The security logo is a key part of the Security Awareness (SA)

Program. We develop the log for Information Security Department or
campaign, for use on all Security Awareness materials produced. We
also develop a Tag Line.

Security Awareness Intranet

We build a Security Awareness or Information Security Department Intranet site
containing:
1. Security policies, standards, procedures and guidelines
2. Alerts
3. Newsletters

©2007 E-Security Gulf Group WLL. All rights reserved.

Page 1 of 5
 4. Security events
5. Security HELP!
6. Personal and home security methods
7. Appropriate tools as per policy
8. Means of employee feedback
9. Games, as appropriate
10. Extensive links

Security Newsletter
Built and design full newsletter on security with:
1. Hard copy monthly newsletter
2. Hard copy special editions
3. Electronic “Word” newsletters
4. Electronic “push” E-Mail format.
5. Executive Review Newsletter
6. Others as necessary.

Produce informative and entertaining security awareness newsletters in various formats:

1. Hard copy monthly newsletter.
2. Electronic newsletters.
3. Electronic “push” short E-Mails
4. Executive Review Newsletter
5. Special Editions

Security Alerts
As security events deem, we will forward to you electronic Security Alerts and/or quick
security news updates. This will include CERTs such as SirCam, Code Red and other
significant events.

Security Books

As part of the awareness program we will supply copies of books written by Winn
Schwartau.

Annual Security Awareness Calendar

Design a Security Awareness Calendar The calendar contents will include monthly art,
cover art, monthly key dates (to be decided) and room for personal statement, goals and
other security awareness information in the opening two pages. The calender will contain
a recurring theme, like, “Who Ya Gonna Call?” be part of the Incident Response
program, and included on every calendar page in some form.

©2007 E-Security Gulf Group WLL. All rights reserved.

Page 2 of 5
Posters
Design a Security Awareness posters. This is based upon such themes as:
a. Your Top 10 of Security
b. “What’s wrong with this picture?”
c. “Who’s Knocking At Our Door?”

Secure Screen Savers

Develop security screen savers customized to deliver security awareness message. Insight
screen savers are self installing at the desktop, default to using logon Passwords, and
have over 2000 wipe/fade options for the user.

On-Line Training, Awareness Portal

Intranet based Security Awareness Computer Based Training and Awareness Portal. The
CBT is for staff to use at their convenience, with testing and administrative management
part of the process. Each course being between 15-90 minutes in length.

Questionnaires and Surveys

A master questionnaires are used to evaluate the SA program:
1. Determine the level of security awareness.
2. Hard copy version for Security Awareness Days to be filled out by attendees
with their opinions and suggestions.
3. E-mail questionnaires to electronically distribute to employees for their opinions
on the program and suggestions for future SA program components.
4. Adaptations for Intranet

Security Awareness Days

Develop Security Awareness Days on various topics:
• Protecting Against Identity Theft
• Living Corporate Security Policy
• What Homeland Defense Means to You
• Live Hacking (Legal)
• Security 101/201 Basics, Etc….
• Meet the Feds: True CyberCrime
• Hackers Tell Their Side of the Story
• How To Make Your Home Computers
and Networks Secure
• W2K/Win2003/Vista Security 101 and 201
• Terrorism in Today’s World

©2007 E-Security Gulf Group WLL. All rights reserved.

Page 3 of 5
Executive Briefings Basics
We provide Executive Briefings designed for senior management. With the help of
special guest speakers. Approximate duration would be in the 30-45 minute range.

Gaming
Develop and run a series of games, like Jeopardy, which is a combination of trivia and
security knowledge. Teams of up to three each compete for prizes
provided by. They can be arranged alongside Security Awareness
Days Examples include:
1. Computer Response Disaster Training
2. On line “Trivia Fever”
3. Jeopardy, Password Security, etc.
4. Scavenger Hunt for security information (from Intranet). We put a list of say 50
security related items to be found on the Internet. Staff has to come back with
specific information that can only be found on certain places. We need to create a
streamlined judging process.
5. Security Cryptoquotes (these can be added to the newsletter or put on the Intranet
site to encourage visiting it.
6. Word Search

Promotional and Disposables

You can distribute internal promotional items like Mouse Pads, Mugs, Pens etc. We will
coordinate with you to use the right messages and art to make the entire SA program
coherent. Disposable such as Pads, Napkins, Cups, and Post-It notes can be used to
delivery the security awareness message.

Optional Items
These are some additional optional items that you may want to consider once the SA
program gets put together and the process is streamlined.
1. Install a video server to load security relevant videos on the Intranet. We can
convert existing videos (with copyright holder’s approval) into digital format.
Also good if you videotape presentations. Consider available network
bandwidth.
2. Writing and producing a security awareness video or animation for use in video
and on-line training. Tends to be very expensive.
3. Develop an employee Security Awareness Handbook for use with new
employee indoctrination and Human Resources. Can range from the simple to
the complex. Would be done in hardcopy and electronic formats for multiple
uses.
4. Develop internal Forensics and investigations capabilities.
5. Develop CIRT/CERT Incident Response procedures.
6. Hacking and Anti-Hacking Training
7. Additional training seminars and special classes throughout the year on topics to
be decided, such as policy development, HR interviewing techniques with
security as a focus, in-depth technical training on various platforms, Forensics,

©2007 E-Security Gulf Group WLL. All rights reserved.

Page 4 of 5
 creating effective CIRTs and response mechanisms, emergency event
simulations, etc.
8. Social Engineering Penetration Testing and Security Evaluation (internal and
external).
9. Build materials for new employee security and awareness training. Details to be
discussed.

Contacting Us
Headquartered in Manama, Kingdom of Bahrain is both privately funded and co-owned
by its employees. Other office locations are Europe, GCC and Asia.

• Web: http://www.esgulf.com
• Email: info@esgulf.com
• Support: support@esgulf.com

eSgulf-Head Office
2nd Floor, Yateem Centre,
P O Box 10606,
Manama, Kingdom of Bahrain
+973-17223550 +973-17225338

eSgulf-Greece
19 Damaskinou Street Nea Smyrni
17123 Athens
Greece

eSgulf-Cyprus
PO Box 58115
3731 Limassol
Cyprus

eSgulf-Switzerland (Credal AG)

Baarer Strasse 141
CH 6302 ZUG
Switzerland

eSgulf-Saudi Arabia (Duroob Technologies)

Akaria, 4th Floor Suite 415
P O Box 18560,
Riyadh, 11432, Kingdom of Saudi Arabia

Pakistan
eSgulf/Instec Digital
904, Fortune Centre, 45A
Block 6, PECHS,
Karachi, Pakistan

©2007 E-Security Gulf Group WLL. All rights reserved.

Page 5 of 5