CISO Memo: Cyber Security Awareness Month 2011

David SherryWelcome back, once again, to National Cyber Security Awareness Month, October 2011. Some of you may be saying “What???”, while others may be saying “Again?????”  Either way, it is important for Brown to take part in this national event.

There are three reasons why we do this each year: 1.) to introduce (or remind) you to the Information Security Group (ISG), 2.) To raise the awareness level of security across the university (which reduces our risk), and 3.) To simply have some fun.

Having a healthy level of awareness as to the risks of computing helps in keeping the University secure.  The more you know about phishing, for example, the less chance that you will become a victim.  An increase in the knowledge of how computer viruses are spread reduces the number of compromised computers across campus.  And the more you are aware of identity theft, the less you will keep social security numbers on your hard drive.

I use a quote during some of my talks that summarizes the importance of awareness.  It points to the fact that if you have security-minded individuals, it increases your overall security posture.  When you are protecting something with several layers of security, but the people are not thinking securely, the possibility of data breaches grows.  That is why ISG participates in this event year after year.

We have several events, quizzes, and brown bags throughout the month, as well as messages through Morning Mail.  I hope that you take advantage of what we have to offer, and have some fun doing it as well.

As always, I welcome your comments and feedback.  Please feel free to reach out to me directly at, or the entire team at  Let me know how we are doing, areas of concern you may have, or questions on protecting your identity or personal computing security.  And remember, sec_rity is not complete without U!