Richard Bejtlich, CSO of Mandiant and a security professional I have admired for years, recently posted his thoughts on the value of security awareness. He and I agree on many points. The goal of awareness is to reduce risk, specifically human risk, and if done right it can be effective at it. Security awareness metrics … Continue reading The Tao of Security Awareness - Detection
Phishing assessments are a powerful way to not only measure the awareness of an organization, but to reinforce key learning objectives. Nothing is more powerful then when people click on a link and then get instant feedback they just fell victim to a test, and then learn more about what phishing is and how they … Continue reading Phishing Assessments - A Simple, Anonymous and Free Approach
Folks, it is officially National Cyber Security Awareness Month (both in the States and in Europe) and we could not be more excited. To help you, your family and your co-workers the SANS Securing The Human team has released a series of great resources for you to use and share. 1.Securing Your Kids Online: This … Continue reading Kicking Off Security Awareness Month With a Bang!
As many of you know, October is National Cyber Security Awareness Month (NCSAM) and led by the folks at the National Cyber Security Alliance. I wanted to share with you many of the great things they are doing starting next week. They created pre-written social media status updates for every day in October. You can … Continue reading NCSAM - Things To Do
I just finished teaching SANS' two day class on building a high-impact security awareness program, where we had a fascinating discussion on gaining stakeholder support. A trend many of us are seeing is that the greatest support for security awareness programs does not come from security, but often from other departments totally un-related to security. … Continue reading Getting Support for Security Awareness - Don't Start With Security