An overview of international cyber-security awareness raising and educational initiatives Research report commissioned by the Australian Communications and Media Authority MAY 2011 communicating | facilitating | regulating Canberra Melbourne Sydney Purple Building Level 44 Level 15 Tower 1 Benjamin Offices Melbourne Central Tower Darling Park Chan Street 360 Elizabeth Street 201 Sussex Street Belconnen ACT Melbourne VIC Sydney NSW PO Box 78 PO Box 13112 PO Box Q500 Belconnen ACT 2616 Law Courts Queen Victoria Building Melbourne VIC 8010 Sydney NSW 1230 T +61 2 6219 5555 F +61 2 6219 5353 T +61 3 9963 6800 T +61 2 9334 7700 F +61 3 9963 6899 1800 226 667 TTY 03 9963 6948 F +61 2 9334 7799 © Commonwealth of Australia 2011 This work is copyright. Apart from any use as permitted under the Copyright Act 1968, no part may be reproduced by any process without prior written permission from the Commonwealth. Requests and enquiries concerning reproduction and rights should be addressed to the Manager, Editorial Services, Australian Communications and Media Authority, PO Box 13112 Law Courts, Melbourne Vic 8010. Published by the Australian Communications and Media Authority An Overview of International Cyber-Security Awareness Raising and Educational Initiatives Authors: Chris Connolly Alana Maurushat David Vaile Peter van Dijk Additional research: Stephanie Cuevas Melissa Wong 2011 A Galexia research report, with assistance from the Cyberspace Law and Policy Centre at the University of New South Wales – commissioned and funded by the Australian Communications and Media Authority (ACMA) www.galexia.com Cyberspace Law and Policy Centre An Overview of International Cyber-Security Awareness Raising and Educational Initiatives Contents 1. Executive Summary ............................................................................................................................ 5 1.1. Methodology ..................................................................................................................... 5 1.2. Key Findings – Component 1 – International initiatives .................................................. 5 1.3. Key Findings – Component 2 – Campaign evaluations .................................................... 6 1.4. Recommendations ............................................................................................................. 7 2. Component 1 – Comparative analysis of international initiatives .................................................. 8 2.1. Methodology ..................................................................................................................... 8 2.2. Campaign tools ................................................................................................................. 8 2.3. Host organisation ............................................................................................................. 9 2.4. Content ............................................................................................................................ 10 2.5. Target audience .............................................................................................................. 11 2.6. Costs ............................................................................................................................... 12 3. Component 2 – Evaluation of campaigns ....................................................................................... 13 3.1. Methodology ................................................................................................................... 13 3.2. Campaign Evaluations .................................................................................................... 13 A. F@milie en ligne: Sur internet, la securité ça commence aussi par vous (Family Online: Internet Security Begins With You) 14 B. An evaluation of the MakeITsecure campaign 15 C. An Analysis of Electronic Media to Prepare Children for Safe and Ethical Practices in Digital Environments 15 D. Implementing an Integrated National Cybersafety Programme for the Compulsory School Sector 16 E. A Perspective on Achieving Information Security Awareness 17 F. Evaluation of the Block Bullying Online Campaign 2009 17 G. Information Security Awareness: Local Government and Internet Service Providers 17 3.3. Challenges for Evaluation .............................................................................................. 18 3.4. Campaign tools – Inclusion of skills acquisition ............................................................ 19 3.5. Campaign tools – Inclusion of a reporting function ....................................................... 19 3.6. Campaign tools – The continuing power of television .................................................... 20 3.7. Target audience – Focussed campaigns ......................................................................... 20 3.8. Cost effectiveness ............................................................................................................ 20 3.9. ‘Work in progress’ evaluation, as part of the design process ......................................... 20 4. Recommendations ............................................................................................................................. 22 4.1. Evaluation ....................................................................................................................... 22 4.2. Criteria for effective campaigns ..................................................................................... 22 4.3. Coordination ................................................................................................................... 23 4.4. Further research ............................................................................................................. 23 5. Appendix 1 – International Campaigns .......................................................................................... 24 5.1. International campaigns ................................................................................................. 24 Campaign 1 – Cyber Criminals Most Wanted 24 Campaign 2 – EU Safer Internet Program 26 Campaign 3 – Safe and Secure Online 27 Campaign 4 – Anti-Phishing Working Group 28 Campaign 5 – Security Cartoon 29 5.2. Canada ............................................................................................................................ 30 Campaign 1 – Centre of Operations Linked to Telemarketing Fraud (COLT) 30 Campaign 2 – PhoneBusters: The Canadian Anti-Fraud Centre, and SeniorBusters 31 Campaign 3 – Fraud Awareness for Commercial Targets (FACT) 32 — 2 — An Overview of International Cyber-Security Awareness Raising and Educational Initiatives Campaign 4 – Fraud Prevention Forum 33 Campaign 5 – Fraud Squad TV 34 5.3. France ............................................................................................................................. 35 Campaign 1 – Surfez Intelligent – Les Indispensables (Surf Smart – The essentials) 35 Campaign 2 – Le Portail de la securite informatique (Computer Security Portal) 36 Campaign 3 – Netcity (bus with video games) 37 Campaign 4 – National Agency for Security of Information Systems 38 Campaign 5 – National Commission for Computer and Freedom 39 Campaign 6 – Internet Signalement 40 Campaign 7 – Signal Spam 40 Campaign 8 – f@mily en ligne (family online) 41 5.4. Germany ......................................................................................................................... 42 Campaign 1 – BSI (German Federal Office of Information Technology Security) 42 Campaign 2 – Klicksafe 43 Campaign 3 – polizei – beratung.de 44 Campaign 4 – Verbraucher – sicher – online 45 Campaign 5 – Internet surfers have rights (Federal Association of Consumer Rights) 46 Campaign 6 – Watch your web 47 5.5. Hong Kong ...................................................................................................................... 48 Campaign 1 – INFOSEC – Information Security is Everybody's Business 48 Campaign 2 – Hong Kong Clean PC Day – OGCIO, HK CERT and Hong Kong Police 50 5.6. Ireland ............................................................................................................................ 53 Campaign 1 – Research Information Technologies – Centre for Secure Information Technologies (CSIT) 53 Campaign 2 – Crime Prevention: Personal Safety 54 Campaign 3 – MakeITsecure 55 5.7. Japan .............................................................................................................................. 56 Campaign 1 – Secure Japan 2009: ‘All Entities Should Assume They May be Subject to Accidents’ – NISC (National Information Security Centre) 56 5.8. Korea .............................................................................................................................. 57 Campaign 1 – KISA 57 5.9. New Zealand ................................................................................................................... 58 Campaign 1 – NetSafe Netbasics 58 Campaign 2 – Hector’s World 59 Campaign 3 – NetSafe: Cyberbullying 60 Campaign 4 – NetSafe: In My Day 61 Campaign 5 – Schools & ECE 62 Campaign 6 – How to Prevent Identity Crime 63 Campaign 7 – Child Safety Online 64 Campaign 8 – CyberKidz 65 Campaign 9 – E-Government 66 5.10. Singapore ...................................................................................................................... 67 Campaign 1 – Go Safe Online (Cyber-Security Awareness Alliance) 67 Campaign 2