Vigilize . . . . located at www.twitter.com/vigilize . . . is our new twitter presence, designed to help you with security awareness at five levels of your organization (board, management, user, technical, customer).

The purpose of Vigilize is to respond to ISOs’ complaints that users never read “ongoing security awareness reminders.” Our tweets are short, catchy phrases with links to more detailed explanations. For example: “Did YOU do it?” links to a detail page that discusses the reason users should not share passwords (and not write them down).

The tweets are designed to be copied into the subject line of your e-mail awareness reminder, with the language on the detail pages put into the body. The goal is that the user will have to read the subject line to know to delete the message, and if they understand the subject line the reminder is communicated. If not, they will go into the message and read the reminder.

We are also using Vigilize to tweet links to articles and sites we think will help in your overall awareness program at levels beyond the user-level. For example, today’s tweets link to various predictions about technology in 2010. One links to an article about the newest technology, and another links to an article about the biggest threats in 2010. One links to the newest OWASP Top 10 Web Application Vulnerabilities (updated in 2010 thank goodness, for we use this as a framework for our Web Application Security Reviews.)

The point is, not all awareness issues are for the “user-level.” Some may be for management, some for the board, some for your customers, and some for the technical staff.

Feel free to use Vigilize in your own Information Security Awareness Program. Also, please let us know HOW you are using Vigilize, and if you have any ideas, suggested tweets, or ways to improve this FREE service.

Thanks and Happy New Year,

Dan Hadaway, CISA, CISM
Managing Partner
infotex