Security Awareness Blog: Category - Security Awareness Communications

Security Awareness 2.0 - Awareness Has Come a LONG Way

One of the biggest challenges security awareness faces is one of perception, many people in the security community have the misconception that awareness does not work. That is because they are basing their judgements on the past. Security awareness has traditionally been horribly broken, it had nothing to do with changing behaviors or even people, … Continue reading Security Awareness 2.0 - Awareness Has Come a LONG Way


New Hire / New Hardware - An Engaging Awareness Touchpoint

A common challenge for an effective security awareness program is continuously reaching out to employees/staff in a fun and engaging manner. Training people once a year may keep auditors happy but will not change behavior. As such, you always want to be thinking of different ways you can reach out to people. The new hire … Continue reading New Hire / New Hardware - An Engaging Awareness Touchpoint


OUCH! is OUT - Social Networking Safely

The March edition of the OUCH! security awareness newsletter is out. This month we focus on Social Networking Safely. In addition, we know and understand security awareness is a global challenge so OUCH! is translated into over 15 languages. Download and share with your family, friends and co-workers. For organizations you are encouraged to use … Continue reading OUCH! is OUT - Social Networking Safely


Balancing Compliance vs Changing Behaviors in Awareness Programs

For several years now I've been banging my head on a common problem when it comes to security awareness programs, how do you keep the auditors happy while establishing an engaging program that changes behaviors? In many ways the two goals conflict. Auditors often want to see as much content as possible covered, usually details … Continue reading Balancing Compliance vs Changing Behaviors in Awareness Programs


Why Bruce is Wrong on Getting Incentives Right

Bruce Schneier just published an interesting blog post on why he feels security awareness programs get incentives wrong. Instead of teaching people about risks, he suggests we should be firing people who get security wrong. He explains people understand the risks, just that people choose to ignore them. I disagree. There are some organizations that … Continue reading Why Bruce is Wrong on Getting Incentives Right