Security Awareness Blog: Category - Security Awareness Planning

The Tao of Security Awareness - Detection

Richard Bejtlich, CSO of Mandiant and a security professional I have admired for years, recently posted his thoughts on the value of security awareness. He and I agree on many points. The goal of awareness is to reduce risk, specifically human risk, and if done right it can be effective at it. Security awareness metrics … Continue reading The Tao of Security Awareness - Detection


Phishing Assessments - A Simple, Anonymous and Free Approach

Phishing assessments are a powerful way to not only measure the awareness of an organization, but to reinforce key learning objectives. Nothing is more powerful then when people click on a link and then get instant feedback they just fell victim to a test, and then learn more about what phishing is and how they … Continue reading Phishing Assessments - A Simple, Anonymous and Free Approach


Kicking Off Security Awareness Month With a Bang!

Folks, it is officially National Cyber Security Awareness Month (both in the States and in Europe) and we could not be more excited. To help you, your family and your co-workers the SANS Securing The Human team has released a series of great resources for you to use and share. 1.Securing Your Kids Online: This … Continue reading Kicking Off Security Awareness Month With a Bang!


NCSAM - Things To Do

As many of you know, October is National Cyber Security Awareness Month (NCSAM) and led by the folks at the National Cyber Security Alliance. I wanted to share with you many of the great things they are doing starting next week. They created pre-written social media status updates for every day in October. You can … Continue reading NCSAM - Things To Do


Getting Support for Security Awareness - Don't Start With Security

I just finished teaching SANS' two day class on building a high-impact security awareness program, where we had a fascinating discussion on gaining stakeholder support. A trend many of us are seeing is that the greatest support for security awareness programs does not come from security, but often from other departments totally un-related to security. … Continue reading Getting Support for Security Awareness - Don't Start With Security