Editor's Note: This is a guest Blog Post from John Haren, Information Security Governance Specialist at Diageo with special responsibility for the Information Management & Security Awareness program globally. Below John describes how he has put together a Champtions Network (or often called Ambassador Program) for his organization. We are seeing this approach to awareness … Continue reading Creating a Security Champions Network
For years I've been struggling on how to best demonstrate the lack of investment in human controls versus technical controls. A big shouts out to James Lyne who gave me this idea based on a presentation he did in London in November. In this graph you see over the past 15 years numerous steps Microsoft … Continue reading Windows vs Human Security - By The Years
I just finished reading John Kotter's amazing book Leading Change, a resource I absolutely recommend for anyone involved in the world of security awareness. John Kotter is one of the world's leading experts on culture change with over 30 years experience in this field and a graduate of both Harvard and MIT. His book takes … Continue reading Book Review - John Kotter's "Leading Change"
One of the first steps in attempting to change culture is creating a sense of urgency. Without a strong sense for a need for change, especially at the senior level, it is difficult to change peoples' beliefs, attitudes and behaviors. The excellent book Leading Change by John Kotter does an outstanding of explaining an … Continue reading American vs. European Reporting - Creating a Sense of Urgency
The November edition of OUCH! is out. For this month we focus on the fundamental concepts of Social Engineering. Time and time again we have found ourselves referencing Social Engineering in past editions of OUCH, so it was time to take a step back and explain exactly what Social Engineering is and how to detect … Continue reading OUCH! is out - Social Engineering