Security Awareness Blog: Category - Security Awareness Planning

Time for Password Expiration to Die

Editor's Note: This is based on a post I did to the SANS GIAC maillist. I've been meaning to blog about password expirationsand this was the kick in the butt I needed. This is also the perfect example of the saying - "amateurs mitigate risk, professionals manage risk ." Per Thorsheim, Cormac Herley, I and … Continue reading Time for Password Expiration to Die


Security Awareness - The Challenge of Middle Management

Oneof the best things I love about teaching SANS MGT433 around the world is I get to learn what are the most common challenges security awareness professionalsface on a global level. A common challengeI'm seeing pop-up in the last 6-12 months is middle management. A lot of you are reporting you are getting the … Continue reading Security Awareness - The Challenge of Middle Management


Guest Blog - Nudging Towards Security - Part 4

Editor's Note: This is a part of a series of blog posts by Sahil Bansal from Genpact on the topic Nudging Towards Security. Making Security Personal Traditional Approach of Security Communications - Employees behave in a particular way because there is something that motivates them to do so. Traditionally, the information security teams of organizations … Continue reading Guest Blog - Nudging Towards Security - Part 4


RSAC Lab: Achieving and Measuring Success with the Security Awareness Maturity Model

Note: At RSA Conference 2017 I taught a two hour labon the Security Awareness Maturity Model. Specifically what the model is, how to leverage the model in establishing a mature awareness program and the ability to measure your program. This summary was written as a follow-up forthe students who took the lab. Due … Continue reading RSAC Lab: Achieving and Measuring Success with the Security Awareness Maturity Model


Educause Top 10

Information Security Tops List of Higher Ed IT Issues In a recent poll conducted by the EDUCAUSE Higher Education Information Security Council (HEISC), information security emerged as the top issue in its yearly list of Top 10 IT Issues. … Continue reading Educause Top 10