At SANS Securing The Human, we recognize the important role National CyberSecurity Awareness Month (NCSAM) plays in bringing attention to the cybersecurity challenges faced by all organizations. NCSAM's activities not only help educate and inform people, but they also create a culture of sharing and helping others. Given our passion surrounding this subject, we are … Continue reading Resources to Make Your #NCSAM a Success
As we continue to grow and mature as a community, so to does our tools and resources. As such we have made some minor changes to the Security Awareness Maturity Model to better clarify what each stage is with more precise titles. The steps are the exact same to achieving each level. All we have … Continue reading Updates to Security Awareness Maturity Model
As you roll out your security awareness program, or deploy training to change specific behaviors, be prepared for not everyone changing their behaviors. Instead of becoming frustrated by failures or blaming employees, use this opportunity to learn and improve. Ask the individuals why they did not change their behavior. By using a Behavior Model such … Continue reading When Employees Don't Change Behavior - Ask Why
Traditionally in the field of security awareness, trainers have looked to the field of instructional design on how to develop their security awareness training. Models such as ADDIE provide a framework that build on how people think and learn. While such models are important, these may not be the only ones that apply to security … Continue reading Instructional Design vs. Behavior Design (Which is Better for Awareness)?
Recently I attended the Human Behavior Design course by Dr. BJ Fogg. One of my key take aways from the course is his Behavior Model and how it applies to security awareness training. By understanding this simple model (I highly recommend you take five minutes to check it out), you begin to understand why so … Continue reading Behavior Model - Helps Explain Why We Can Be So Bad at Awareness