Cyber Security Awareness Month 2007 (complete)

(Update 31/10/2007) Part A-E (Full set) is complete.

SANS is featuring a Cyber Security Awareness Month. I will use the overview and for each day, update the index linked to the correct page.
They need your help beginning this weekend and continuing through the month of October. If you would like to submit a tip, please use the contact form and be sure to put something in the subject like "Security Tip, day 15" to make it easier to sort them. Keep your tips brief and to the point, also remember that the audience is the end user, not your sysadmins or netops geeks.

A. Establishing a User Awareness Training Program
1 Penetrating the "This Does Not Apply To Me" Attitude
2 Multimedia Tools, Online Training, and Useful Websites
3 Getting the Boss Involved
4 Enabling the Road Warrior
5 Social Engineering and Dumpster Diving Awareness
6 Developing and Distributing Infosec Policies

B. Best Practices
7 Host-based Firewalls and Filtering
8 Anti-Virus, Anti-Spyware, and Other Protective Software
9 Access Controls, Including Wireless, Modems, VPNs, and Physical Access
10 Authentication Mechanisms (Passwords, Tokens, Biometrics, Kerberos, NTLM, Radius)
11 File System Backups
12 Managing and Understanding Logs on the Desktop or Laptop (AV, Firewall, or System Logs)
13 Patching and Updates

C. Hardware/Software Lockdown
14 Data Encryption
15 Protecting Laptops
16 Protecting Portable Media like USB Keys, iPods, PDAs, and Mobile Phones
17 Windows XP/Vista Tips
18 Mac Tips
19 Linux Tips
20 Software Authenticity (Digital Signatures, MD5, etc.)

D. Safe Internet Use
21 Understanding Online Threats, Phishing, Fraud, Keystroke Loggers
22 Detecting and Avoiding Bots and Zombies
23 Using Browsers, SSL, Domain Names
24 Using Email, PGP, X509 Certs, Attachments
25 Using Instant Messaging and IRC
26 Safe File Swapping
27 Online Games and Virtual Worlds

E. Privacy and Protection of Intellectual Property
28 Cookies
29 Insider Threats
30 Blogging and Social Networking
31 Legal Awareness (Regulatory, Statutory, etc.)

About security awareness, users are still the greatest risk. McAfee Avertlabs also mentioned it yesterday.

Is it that hard to think twice?
Don’t users know enough about risks?
Don’t they know about the consequences of an outbreak?

What have we learned from history?

There are few companies in Belgium that give user awareness training. But I have the impression that a lot of companies consider it a waste of money. However, people are still weakest security link. When will people start to care?