Security Awareness Blog: Author - lspitzner

*Sigh*, The Goal of Security is Good Enough

The security community is welltrained atselecting whichcontrols mitigate whichrisk. Unfortunately, that is only part of the equation, where we often fail is also determining the cost or impact of those controls. By impactI'm not just talking about the $$$ to purchase a solution, but the cost to maintain those controls, the impact due to lost … Continue reading *Sigh*, The Goal of Security is Good Enough


Time for Password Expiration to Die

Per Thorsheim, Microsoft's Dr. Cormac Herley, the UK's NCSC,the Chief Technologist at FTC,I and many others are working hard to kill password expiration. Password expiration is when an organizationrequires their staffto change their passwords every 60, 90 or XX number of days. Password expiration is also a great example of howsecurity professionals fail by simply … Continue reading Time for Password Expiration to Die


Security Awareness - The Challenge of Middle Management

Oneof the best things I love about teaching SANS MGT433 around the world is I get to learn what are the most common challenges security awareness professionalsface on a global level. A common challengeI'm seeing pop-up in the last 6-12 months is middle management. A lot of you are reporting you are getting the … Continue reading Security Awareness - The Challenge of Middle Management


Guest Blog - Nudging Towards Security - Part 4

Editor's Note: This is a part of a series of blog posts by Sahil Bansal from Genpact on the topic Nudging Towards Security. Making Security Personal Traditional Approach of Security Communications - Employees behave in a particular way because there is something that motivates them to do so. Traditionally, the information security teams of organizations … Continue reading Guest Blog - Nudging Towards Security - Part 4


RSAC Lab: Achieving and Measuring Success with the Security Awareness Maturity Model

Note: At RSA Conference 2017 I taught a two hour labon the Security Awareness Maturity Model. Specifically what the model is, how to leverage the model in establishing a mature awareness program and the ability to measure your program. This summary was written as a follow-up forthe students who took the lab. Due … Continue reading RSAC Lab: Achieving and Measuring Success with the Security Awareness Maturity Model