Joining the Security Month brings several benefits to your organization, including:

• Increase attendees awareness on information security issues
• Amplify the perception of risks and vulnerabilities we've been exposed to on a daily basis
• Disseminate relevant information about information security
• Dispel some myths on information security concepts

• Stimulate good practices within your corporate environment and/or external audience, preventing losses of materials or intangibles in your organization
• Associate your organizational image with a large international security campaign
• Be part of a network of organizations all over Brazil and Latin America promoting good practices on information security
• Implement campaigns and security policies within your organization, or start an organizational change in this direction
• Learn about the culture of information security and activities of other organizations, and start partnerships

All organizations registering in the Security Month through the website will have their planned activities announced on a map showing additional progress reports.

Organizations may register until October 30th 2015 through the website. However, we ask you to register your organization as soon as possible, allowing more time to have your planned activities announced in the website.

There are several activities that your organization may perform and report to the website during the Security Month. Following are some examples:

• Café Philosophique talks
• Whole afternoon talks
• A single talk
• Movies
• Internal talks to increase security awareness
• Webcasting of other events in the facilities of the organization
• Chat with security experts
• Interactive simulations
• Presentations of novel security schemes, new security standards or security policies
• Information security quiz
• Awareness activities with students
• Mini-course on Security
• Internal campaigns for adoption of strong passwords or other topics
• Debates on security topics
• Professor talks or special classes
• Round-table discussion of DISI's talks
• Round-table with experts
• Round-table with bloggers
• Exhibition of short videos about security to collaborators
• Online talks
• Internal competition on security topics
• Happy-hour or Lunch & Learn events

The organizations may focus their activities on different topics of information security, from "Internet Security" to "Frauds". It all depends on the specific needs, priority, confidentiality risks, integrity and availability of resources as defined by your organization.

The following is a list of recommended topics on information security that may be addressed:

• Cloud Security
• Cybercrime
• Internet Security
• Passwords
• Phishing
• Privacy
• Frauds
• Cyber-bullying
• Security in social networks
• Security in wireless networks
• Social engineering
• Cryptography
• Mobile device security
• Good practices on e-mail use
• Secure shopping
• Backup
• Online game security
• Home computer security
• Malicious Software

The development of the topics may be approached by several methods, including:

• Analogies
• Real-life examples
• Simple and direct messages
• Interaction with the audience
• Memorable examples (e.g. using humor)
• Personal examples

In order to choose the right approach, you need to align it with the organizational culture and the target audience. The final form may be more or less formal depending on these considerations.

The actions can be promoted in several ways, from sending an e-mail to the list of students or collaborators, publication of posters on boards, as well as through banner posted on the Intranet or the institution's website. A series of support material are offered in digital format. The institutions may use these materials to promote their actions. See more in Support Material.

Organizations must specify in the description of their planned activity if the audience is internal to the organization or if the event is open for external visitors.

Those organizations performing activities open to the public must be prepared to receive e-mail requests from persons interested in attending the event in their region. These people may contact you voluntarily when visiting the DISI website and reading about the activities in their cities.

Lack of engagement is the main difficulty to create a security campaign even for such an important subject as information security. Although we know and experience its relevance daily, this subject may look boring and tedious to internet end users.

Here are some strategies you can try to overcome this resistance and engage your audience:

• To the internal people of your organization

  Present good rationale and data on information security issues to directors and managers as a first step to get support for local activities. This can be followed by an investigation to learn the specific security threats within your organization such as bad password definition practices, access to phishing websites and non-compliance with good practices.

  Based on the results of the investigation, we recommend you create a campaign to target those issues detected and provide best-practice solutions. Since this is an internal, local activity, the campaign may be more effective by focusing on the specific issues of the organization. The information security professional can work with the department of marketing or human resources of the organization to increase the reach of the campaign among collaborators.

• To the external public:

  Universities and CSIRTs (Computer Security Incident Response Teams) may be interested in performing activities for the external public. These activities should be focused on regional characteristics. Experts in the domain – for example, a professor who is a reference in the field – could teach courses or give talks to attract the public. The activities may also include the participation of the local community. In order to drive participation, you may distribute gifts, offer free cultural attractions and invite celebrities to some activities.

• To social network users:

  The social networks should not be forgotten. Among many possible activities, the organization may stimulate good security practices in the updates of its Twitter or Facebook's fan page; foster discussions on the hashtags #securitymonth; create blogs on security awareness to reach the younger public. Influent social network experts may also collaborate to popularize good practices on information security.

The actions of the institutions participating in the Security Month will be promoted in several ways. Among them:

• Publication of logo, company name and description of the action on the website
• Publication of photos from the actions in the website gallery
• Publication of photos from the actions in CAIS page on Facebook
• Interview published in the blog (randomly selected institutions)

It is important that the institution send the actions and photos to the organizing committee of the Security Month through the e-mail meseg@rnp.br.