Security Awareness
This chapter outlines advanced options for security training. It builds on previous publications (Weippl 2005, 2006) and expands them by including aspects of European-wide cooperation efforts in security awareness. Various examples will show what characterizes successful programs. The authors cooperate with ENISA (http://www. enisa.eu.int/) to create a new multi-language awareness training program that uses virtual environments to allow users to train on real systems without any danger. We describe the design and the proposed implementation of the system. In cooperation with the Austrian Computer Society (http://www.ocg.at) we lay the basis for an ECDLmodule on IT security awareness training. Companies are obliged to reasonably secure their IT systems and user awareness training is one of the most important and effective means of increasing security. If claims are filed against a company, it is in the interest of management to provide proof that all users completed IT security training. Moreover, advanced and experienced users need a training environment that lets them try complex scenarios in a safe environment.