Security Awareness Blog: Category - Security Awareness Communications

Security Awareness Roadmap - DRAFT

Several weeks ago I posted about the the Security Awareness Maturity Model. This consensus project was driven by a need for organizations to be able to easily identify how mature their awareness program was, and where they needed to take it. Over twenty organizations help develop the maturity model. Now we have taken the … Continue reading Security Awareness Roadmap - DRAFT


Security Awareness Sticker Challenge - Results

Folks, two weeks ago we announced our Security Awareness Sticker contest. We challenged you, the community, to see who could come up with the most creative and engaging Security Awareness stickers. Today we are excited to announce the results. Twelve people submitted almost 40 great ideas, so it was very tough selecting the winners. However … Continue reading Security Awareness Sticker Challenge - Results


Security Awareness Sticker Contest

Stickers can be a fun, creative and cost effective way to reinforce key security awareness learning objectives. As I have mentioned in the past, one of my favorite is Facebook's Darth Vader sticker. To help promote the idea of security awareness stickers we are kicking off the "Security Awareness Sticker Challenge". We are challenging you, … Continue reading Security Awareness Sticker Contest


Security Awareness Maturity Model

One of the biggest challenges I feel we face in security awareness is its lack of maturity. Many fields within information security have developed and matured over the years with entire frameworks built around them, fields such as penetration testing, system hardening, secure software development and digital forensics. However we have no framework or maturity … Continue reading Security Awareness Maturity Model


Engaging People Within Real World Limitations

A common challenge I'm seeing organizations have, both small and large, is how to engage people in their security awareness program. Some common limitations I'm seeing include ... Security awareness training is not required. To be honest I was surprised by this. Even large organizations that have a low risk tolerance often did not have … Continue reading Engaging People Within Real World Limitations