A key step to protecting most operating systems is regularly patching and updating them. Some operating systems, such as Microsoft, are updated on a monthly basis, known as Patch Tuesday. However, every now and then a critical vulnerability is found, one that bad guys are actively exploiting. In these cases organizations like Microsoft release what … Continue reading Out-of-Band OUCH! - Heartbleed, Why Do I Care
Editorial Note: This is a guest blog post from Paula Fetterman . We feel she came up with an amazing idea and asked her to share it here. In Feb 2014, I had the opportunity to attend the RSA Security Conference in San Francisco. While attending an early morning session (thank goodness for caffeine), I … Continue reading Guest Blog - Taking a Generational Approach to Security Awareness
Organizations around the world are beginning to address the human when securing their organization. The days of just compliance focused training are gone, we need to also effectively change behavior. To achieve that, you need the right person in charge. Below is an attempt to describe what the job description of a security awareness officer … Continue reading Job Description for Security Awareness Officer
A target groups we are attempting to reach on cyber security are the engineers and operators who run critical infrastructure, such as those responsible for power generation, oil refineries, and water plants. This may not be as sexy as some other industries, but without it life as we know it would literally shutdown. As such, … Continue reading Engage With a Story - Hacking a Utility
One of the great things about awareness training is not only do staff become more aware and prevent incidents, but they start reporting attacks also, they become human sensors. Today I got just such an email from an employee reporting a phishing attack (click on email for larger view). The email was all about clicking … Continue reading Symantec, How Could You?