1 Internet Security Awareness Program in Georgia funded by ISOC Community Grants Programme Final Report July, 2011 Prepared by David Tabatadze Project Coordinator
2 Project Overview With the internet an everyday part of our lives for communication, shopping, banking and education the Security awareness has never been more important, as security threats become more complicated and we become more inter-connected. The main goal of this project was to make information and internet security awareness raising program/campaign in easy understandable native language for common Georgia Internet users, to focus common internet users attention on security, to allow individuals to recognize IT security concerns and respond accordingly. As the purpose of information security awareness is improving coordination of the need to protect information and systems and defining the users role in the process. Making computer system users aware of their security responsibilities and disseminating correct practices can help user s change past behaviors. Security Awareness stimulates and motivates to care about security and to remind them of important security practices, explaining what happens to their computers and valuable information if security fails, this motivates people to take security seriously. The scope of any security awareness campaign is to persuade computer users to listen and act on measures to avoid, deter, detect, and defend against information security threats. People must know that the information they posses, whether it's on a computer or in some other communication system, risks being lost, stolen, damaged, or corrupted; so, achieving a basic understanding of information security is a primary goal. People can not only learn about security issues but can learn to mitigate or remove a vulnerability or specific threat. As our project aim was to reach wider audience we created dedicated user awareness web portal in Georgian language where users will be able to find information and best practice about: How to protect computers and data (Usage of Antivirus, Antispyware, firewall ) Secure usage of Internet (Browsers, , Social Media ) Threats, risks and vulnerabilities. (Malware, Spyware, Riskware, Fraud ) Children online safety (Parent's Guide to Internet Safety ) E-Banking, E-Privacy, E-Trade (Online Banking, Shopping, etc) Computer security and vulnerability terminology Various security tools and tips Importance of Wireless security, Passwords, Backup, etc Links to security related web sites and materials Statistics, Legislation, Security announcements, newsletters, etc. Also one of the project aim was to attract other organizations and individuals to pay more attention on importance of security awareness programs to think to start their own and use already published useful materials.
3 Activities undertaken According agreement with web developer company, CMS (Content Management System) web site was created taking into consideration all necessary tools and then it took some time improving mistakes and adding some additional features to make web site as much as possible informative and easy to navigate and understand (www.isap.ge). After collecting, studying, analyzing, revising and approving the general contents, were translated in to Georgian language and revised one more time because of specific words and meanings. Then materials were uploaded to isap.ge web site. In best practice of security awareness campaigns we created informative Leaflet/ brochure. One side contained general tips about protecting information and computer security (use Anti-Virus, use Firewall, make regular updates, use strong passwords, safely use and internet) and another side presented Cartoons about safe use (First think than Click), about password strength, and about Botnet network ( is you computer part of botnet). We think that such kind flyer is attractive and have proven to be one of the most effective method as an awareness strategy for users to understand the seriousness of cyber threats and attract their attention. When the web site was done, most of important information uploaded and leaflet printed it was time to present Georgian internet security awareness project to wider audience. With kind help of Georgian Research and Educational Networking Association GRENA we organized ISAP project presentation and invited representatives and decision makers of different organizations (Universities, Internet Service and Hosting Providers, Governmental agencies and some other). Three presentation have been presented : 1. Prof. Ramaz Kvatadze GRENA - Executive director presented information about GRENA activities and had talk about importance of security nowadays. 2. David Tabatadze Project coordinator presented ISAP project and talked about importance of internet and information security, about current situation with cyber threats in Georgia and about information sharing and awareness raising in general and in different organizations. 3. Dr. Jacek Gajewski - ISOC Europe Chapter Development Manager made presentation about ISOC and it s activities in area of Internet security and also about Importance of CERTs(Computer Emergency Response Teams) and Internet Security Awareness. After project presentation there was questions and discussion how to make people, internet users, employees more security aware and what and how it can be done in terms of different organizations. We suggested as a first step to refer users to isap.ge web site which already contain a lot of important information and also suggested to make their own in-house awareness campaign using materials from isap website. Facebook page was done (facebook.com/isap.ge). As isap.ge web site have possibility of sharing information through facebook, awareness posters have been designed and uploaded, useful tips and some other information have been and is published trough facebook network also.
4 Photos from ISAP Project Presentation, June 22, 2011.
5 List of publications and presentations Presentation about Internet Security Awareness Project in Georgia was presented by David Tabatadze at the international Conference Georgian Cyber Security and ICT Innovation Conference 2010 which took place from the 10th to the 12th of November in Tbilisi, Georgia. Presentation about Internet Security Awareness Project in Georgia was presented by David Tabatadze at Project opening event. Interview was given to Georgian Information technology newspaper Navigator about ISAP project - Methods of disseminating the information to the wider Internet community News about ISAP project and web site launch placed on several news agency headlines after sending them press release. Interview was given to Georgian Broadcasting Company Rustavi 2 after project presentation - Data Exchange Agency which is part of Ministry of Justice of Georgia and monthly sends newsletters to Governmental and public organizations, published article about Internet Security Awareness program in Georgia in it s June newsletter. (attached) As there are more than registered Georgian users in Facebook, it gives much more possibility for project information dissemination, in addition to project web site facebook page provides information about project itself, news, awareness publications and posters, questionnaires, etc. During 1 months more than 1200 people visited this page. (facebook.com/isap.ge) Project Web site which provides lots of information starting June when project was presented it already has about 800 unique visitor and number is growing up. Printed informative leaflets have been given to chapter members for dissemination during ISOC Georgia chapter meeting and also to attendees of the project presentation. Also University representatives agreed to disseminate booklets for students and faculty staff. The Project team s evaluation on the impact of the Project in the community who was expected to benefit from the activities, including specific details and examples that verify the impact The project was a success because attracts more and more interest from society. As this was first time project in terms of internet and information security awareness in Georgia, we think that we made big progress by introducing such kind project for common Georgian internet users as we receive quite good feedback from them. As it was proposed in project Impact of the project will be cooperation with ISPs in development and implementation of procedures to be undertaken in case of cyber security incidents. After project was presented one of the biggest Georgian Internet
6 Service provider (Caucasus Online) agreed to refer/link their customers to our project web site when they detect that user have security related problems. Actually Service Providers are well-placed to provide their customers with information that will help them take simple steps to be more secure online and, of course, ISP s will significantly benefit from reducing infected users and number of incidents in their networks. We continue negotiation with other service providers and organizations to participate in dissemination through its customers and online resources. Participation of Governmental bodies Collaboration with Data Exchange Agency which is very interested in security awareness program for governmental agency employees will give possibility to implement new procedures using already published materials which will help computer users awareness. Participation of Educational institutions Several biggest Georgian Universities (Tbilisi State University, Georgian Technical University, Tbilisi State Medical University and Caucasus University) wants to start in-house awareness program using our project materials and also refer students and faculty members to project web site. We already provided printed informative awareness leaflets to some of them for dissemination through university. At the end our impression and feeling is that we showed and proved to different communities that there is big need in Security awareness programs and users training and it is ongoing process and should be done as a must. Ideas and suggestions on how the Project may be replicable and/or sustainable for continued community benefit The project could be replicated in other countries using the model and tools of the current project. We will be happy to share our experience and knowledge to interested individuals. We think to start cooperation with Financial institutions and Vendors to support this project in any possible way. Acknowledgements ISAP project members are grateful for the funding received under ISOC's community grants programme and additional in-kind support to develop and implement this project.