Building, maintaining and measuring an engaging security awareness program that not only ensures you are compliant but also changes behavior and reduces risk is a tough challenge. SANS MGT433 is a two day course designed to teach you how to do just that, build an awareness program that makes a difference. The course is … Continue reading Security Awareness Officer Two Day Course - MGT433
One of the challenges with awareness training is no single set of training will address all of your organization's needs. While almost all employees share some common human risks (email, social media, passwords, etc) there are specific roles that require additional or specialized training. One example is IT Staff, because of their privileged access they … Continue reading Awareness Training for Those Marketing Folks
A question I am commonly asked about Phishing Asssesments is do they desensitize employees? Do employees beging to treat phishing (both real attacks and simulated attacks) as a frivolous game, ultimately exposing the organization to more risk, not less? Based on my experience I would have to say a resounding no. To be honest, if … Continue reading Do Phishing Assessments Desensitize Employees?
The June edition of the OUCH! security awareness newsletter is out. This month we focus on URL Shorteners and QR Codes. While these technologies are not what I would consider a high priority risk (compared to some of the other human risks we see) what makes these technologies unique is many people do not know … Continue reading June OUCH is Out
As many of you know Verizon recently released their 2013 DBIR (Data Breach Investigations Report) which analyzes 621 known, documented breaches collected from 19 organizations. There is a huge wealth of information here, and if you have time read it. You can download it from http://www.verizonenterprise.com/DBIR/2013/ There is alot of humor injected, which makes … Continue reading DBIR Report - A Fascinating Human Perspective