Sometimes I'm asked the question why should an organization continue to pursue their awareness training year after year. After all, once people are trained isn't that good enough? Unfortunately no, in so many ways. Think about it, if you kept your computers locked down and secure for just one year, could you stop securing them … Continue reading Why Just One Year Just Isn't Enough
In the past two weeks I've taught three different security seminars at three different organizations, each time for their security staff. A common trend I'm seeing and that continues to surprise me, and was confirmed at all three events, is that most employees still do not realize they are a target. I thought with all … Continue reading Who, Me?
A common challenge with awareness programs for large organizations is no one single awareness officer can effectively communicate to everyone. As a result, larger organizations will sometimes build an ambassador program, these are volunteers that help represent the security awareness team and share best practices, answer simple security questions and can be a conduit between … Continue reading Awareness Ambassador Programs - Pumping Up The Volume
One of the things I love about helping organizations with their awareness program is I'm constantly learning different approaches to changing culture. One of the key things I'm learning is, regardless of your approach if you do not have buy in and support of your internal communications team, your program is dead in the water. … Continue reading The Power of the Communications Officer
Editor's Note:This guest blog post is from Sandra Dunn from HP. Sandra will be leading a mentor led MGT433 course in Boise, Idaho in October. There is an interesting debate in the dark corners of Security Awareness nerdom regarding the benefits of Security Awareness Programs. The arguments go back and forth, "You can't trust your … Continue reading Ten Things to Think About For Your Security Awareness Program (Guest Blog)