Security Awareness Blog: Category - Security Awareness Planning

Getting Security Awareness Involved with Incident Tracking

One of the advantages of working with SANS is I have an incredible wealth of experience and knowledge to tap into, SANS Instructors. These are some of the most trained and experienced security professionals in the world. As such I'm often picking the minds of these poor souls, seeing which ideas I can suck out … Continue reading Getting Security Awareness Involved with Incident Tracking


Pedestrian Awareness in Chicago = Hacked Laptop in Crime Scene Tape

One of the things I like to do is keep my eyes open and learn from other awareness campaigns. In security we can often forget that we are not the only ones facing the challenge of educating others. From theCDC and their zombie apocalypseto the pink ribbons of National Breast Cancer month, there is a … Continue reading Pedestrian Awareness in Chicago = Hacked Laptop in Crime Scene Tape


Two day class on building a high impact security awareness program - MGT 433

I'll be teaching MGT 433 this December 15-16 in Washington, DC as part of SANS CDI. If you or your organization is considering a security awareness program, or looking to improve an existing one, this intense two day course is for you. We are also teaching this as a simulcast, meaningyou can virtually attend the … Continue reading Two day class on building a high impact security awareness program - MGT 433


Determining Your ROI for Your Security Awareness Program

One of the challenges we often discuss about security awareness programs is determining ROI, how do organizations determine how much money they are saving with their program or how much risk they are reducing. While presenting recently at the ISSA CISO Forum, we had a very interesting discussion at the end that got me thinking … Continue reading Determining Your ROI for Your Security Awareness Program


How to Tune the Human Sensor To Detect and Report Spear Phishing

One of the key benefits we have been discussing of a strong security awareness program is not just prevention, but detection and response. As humans, soon or later we all make mistakes, sooner or later the most aware of us can be caught off guard and fall victim. As such, we also want to be … Continue reading How to Tune the Human Sensor To Detect and Report Spear Phishing