Security Awareness Blog: Category - Security Awareness Planning

Webcast on Building Awareness Programs - For Europe

Folks, yesterday we did a live webcast for Europe on how to build, maintain and measure a high-impact a security awareness program. The webcast was based on the Securing The Human talks I do at SANS events, but with a focus on European challenges (such as privacy issues, translations, etc). I even attempt to pronounce … Continue reading Webcast on Building Awareness Programs - For Europe


Phishing Assessments - How Targeted Should It Be?

I'm a huge fan of phishing assessments, not only are they a great way to measure the impact of your program, but a powerful way to reinforce key behaviors. However as with any tool, you have to use it correctly. A common challenge with phishing assessments is how targeted should you make the emails? Make … Continue reading Phishing Assessments - How Targeted Should It Be?


The Bad Karma of Releasing Names

One of the most exciting areas for me in the world of security awareness is metrics, we are getting better and better at measuring change in human behavior. One of the most common methods is phishing assessments, as not only are they easy to do but they address one of the most common human … Continue reading The Bad Karma of Releasing Names


New iPhone Addresses 2 of top 7 Human Risks

In February of this year we released some initial research highlighting what we believe to be the Top 7 Human Risks. By top human risks, we mean the human risks that are the most commonly shared amongst most organizations, this is where many security awareness programs should start. The new iPhone/iOS release by Apple addresses … Continue reading New iPhone Addresses 2 of top 7 Human Risks


Why Just One Year Just Isn't Enough

Sometimes I'm asked the question why should an organization continue to pursue their awareness training year after year. After all, once people are trained isn't that good enough? Unfortunately no, in so many ways. Think about it, if you kept your computers locked down and secure for just one year, could you stop securing them … Continue reading Why Just One Year Just Isn't Enough