Security Awareness Blog: Category - Security Awareness Planning

Verizon DBIR - Great Action Items for Awareness Programs

I finished reviewing the new Verizon DBIR (Data Breach Investigations Report). I think this is their best yet. If you are unfamiliar with this report, its the most comprehensive analysis of what the bad guys are doing each year. This years analysis is based on data from 95 countries, 1,367 confirmed breaches and 63,437 incidents. … Continue reading Verizon DBIR - Great Action Items for Awareness Programs


Out-of-Band OUCH! - Heartbleed, Why Do I Care

A key step to protecting most operating systems is regularly patching and updating them. Some operating systems, such as Microsoft, are updated on a monthly basis, known as Patch Tuesday. However, every now and then a critical vulnerability is found, one that bad guys are actively exploiting. In these cases organizations like Microsoft release what … Continue reading Out-of-Band OUCH! - Heartbleed, Why Do I Care


Guest Blog - Taking a Generational Approach to Security Awareness

Editorial Note: This is a guest blog post from Paula Fetterman . We feel she came up with an amazing idea and asked her to share it here. In Feb 2014, I had the opportunity to attend the RSA Security Conference in San Francisco. While attending an early morning session (thank goodness for caffeine), I … Continue reading Guest Blog - Taking a Generational Approach to Security Awareness


Idea for Human Metrics - Tracking Updates

Its always challenging to find a good security awareness metric. By good, I mean not only does the metric need to measure a human behavior that I care about, but the metric is easy and low cost to repeatedly measure. So I'm always excited when I find what I feel is a good security awareness … Continue reading Idea for Human Metrics - Tracking Updates


Trick for Rewarding Good Behavior

Just finished up SANS MGT433 class this week at SANS 2014 in Orlando. One of the things I love most about teaching is I always learn something new. One of the students had a great idea for rewarding. In general you want to avoid providing purely monetary awards for good behavior, you quickly run out … Continue reading Trick for Rewarding Good Behavior