Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Ask Slashdot: How To Communicate Security Alerts?

MaudyGrunch Company-wide Malware Warnings (84 comments)

I had to create a warning protocol/process about 15 years ago but it might work for you. 1. We color coded the warnings kinda like the first DHS warnings ... colors are associated with threat levels. 2. When a threat or a vulnerability became a concern, we sent out global company emails to employees, contractors, and clients. The emails had a standard format, including color-coded stationary. 3. We created a short PDF for each threat/vuln that was sent as an attachment with the global email warning. This was done with guidance from an authority like SANS or the CERT at Carnegie Mellon. 4. That PDF contained an explanation of differences between threat and vuln (like the difference between Storm Watch and Storm Warning). 5. That PDF contained info about the particular threat/vuln, what the company was doing about it, and what personal steps the employees should take at work and at home. They were encouraged to give these PDFs to friends and family, so as to educate as many people as possible. This process was detailed in our Risk Assessment plan. which was in our larger Security Plan. I know not every company has these but, if you created the plan by piecemeal, you can eventually have enough material to put a full Security Plan together. Just remember to change up the warning levels. Don't always leave it at yellow or orange or you create user ambivalence, just like the reception the DHS warning system got from the general public.

about 3 months ago

Submissions

MaudyGrunch hasn't submitted any stories.

Journals

MaudyGrunch has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...