December 01, 2004 — CSO — COMMUNICATION STRATEGIES When Kim Van Nostern, Allstate's CISO, wants to get the security message out, she organizes a fair.
Security Awareness Day, the brainchild of senior managers in information security with help from the entire infosec staff, began as a small affair in 2001. By 2003, that small affair had swelled to include 3,000 employees.
The event, which costs up to $50,000, is held at headquarters in Northbrook, Ill., and at two major field locations. Some sessions are viewed at other sites through videoconferencing. In 2004, Allstate used streaming video for the keynote speech so that employees could watch the presentation at their desktops.
Allstate employees visit booths created and staffed by information security employees. There's also a security theater and special sessions on hacking, cryptography, privacy, spam and other topics. The fair is held indoors in cafeterias, conference rooms and auditoriums.
The aim of the fair is to make employees aware of their security roles. For two years, Allstate's theme has been, "Think globally, act locally." Van Nostern says she wants workers to understand that hacker threats can originate from anywhere and to know that they have a "local" responsibility to follow basic security policies such as locking their workstations when they leave their desks, guarding customer information and not sharing passwords. The CEO and CTO attend, helping draw employee interest.
"We want employees to think about information security both from the large corporate perspective as well as their individual responsibility. The threats our company faces today can be of an international nature
Keynote speakers have included Roger Cressey, who served as chief of staff to the president's critical infrastructure protection board; Mark Doll, U.S. director of Ernst & Young Security practice and author of Defending the Digital Frontier: A Security Agenda; and Richard Purcell, a consultant and former Microsoft chief privacy officer.
"The fairs are hugely successful with our employee population," says Allstate CPO Joanne Derrig. "They are a fun way of bringing home an important message. I will never forget the 'What's wrong with this cubicle?' game. There were so many security and privacy violations; it was our version of Where's Waldo?"
The fairs also offer food for thought, Van Nostern says. "We gave out fortune cookies with security messages such as 'Misfortune may follow installation of outside software on your workstation.'"
Other stories by Kathleen Carr
Kim Van Nostern
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- FISMA Prescriptive Guide
- The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
- Beyond PCI Checklists: Securing Cardholder Data with Tripwire's Enhanced File Integrity Monitoring
- IDC White Paper: CCM for IT Compliance and Risk Management
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
