Security Awareness Blog: Category - Security Awareness Communications

Balancing Compliance vs Changing Behaviors in Awareness Programs

For several years now I've been banging my head on a common problem when it comes to security awareness programs, how do you keep the auditors happy while establishing an engaging program that changes behaviors? In many ways the two goals conflict. Auditors often want to see as much content as possible covered, usually details … Continue reading Balancing Compliance vs Changing Behaviors in Awareness Programs


Why Bruce is Wrong on Getting Incentives Right

Bruce Schneier just published an interesting blog post on why he feels security awareness programs get incentives wrong. Instead of teaching people about risks, he suggests we should be firing people who get security wrong. He explains people understand the risks, just that people choose to ignore them. I disagree. There are some organizations that … Continue reading Why Bruce is Wrong on Getting Incentives Right


Grab Your Copy of "You Are A Target" Poster at RSA

Are you at the RSA security conference this week? If so, stop by the SANS booth (#2716) and grab your copy of the "You Are A Target" security awareness poster. I'll be at the booth most of the week, if you are involved in security awareness training I would love to learn about some … Continue reading Grab Your Copy of "You Are A Target" Poster at RSA


Two New Awareness Posters - For Developers and Utilities

We released two new awareness posters for the community. Neither poster will solve world hunger, but they may be a handy reference for your organization. NERC CIP Mapping to Critical Security Controls: This poster identifies all the different NERC CIP Reliability Standards (versions 3, 4 and 5) and maps them against the Critical Security Controls. … Continue reading Two New Awareness Posters - For Developers and Utilities


Awareness Newsletters, Posters, and Blog Posts - Lame?

A common misconception I run into with awareness materials is they cannot change behaviors. For example, posters. We released a new security awareness poster called "You Are A Target", which explains to Ordinary Computers Users why they are a target and identifies all the different ways criminals can make money off of you. This is … Continue reading Awareness Newsletters, Posters, and Blog Posts - Lame?