Security Awareness Blog: Category - Security Awareness Planning

Pedestrian Awareness in Chicago = Hacked Laptop in Crime Scene Tape

One of the things I like to do is keep my eyes open and learn from other awareness campaigns. In security we can often forget that we are not the only ones facing the challenge of educating others. From theCDC and their zombie apocalypseto the pink ribbons of National Breast Cancer month, there is a … Continue reading Pedestrian Awareness in Chicago = Hacked Laptop in Crime Scene Tape


Two day class on building a high impact security awareness program - MGT 433

I'll be teaching MGT 433 this December 15-16 in Washington, DC as part of SANS CDI. If you or your organization is considering a security awareness program, or looking to improve an existing one, this intense two day course is for you. We are also teaching this as a simulcast, meaningyou can virtually attend the … Continue reading Two day class on building a high impact security awareness program - MGT 433


Determining Your ROI for Your Security Awareness Program

One of the challenges we often discuss about security awareness programs is determining ROI, how do organizations determine how much money they are saving with their program or how much risk they are reducing. While presenting recently at the ISSA CISO Forum, we had a very interesting discussion at the end that got me thinking … Continue reading Determining Your ROI for Your Security Awareness Program


How to Tune the Human Sensor To Detect and Report Spear Phishing

One of the key benefits we have been discussing of a strong security awareness program is not just prevention, but detection and response. As humans, soon or later we all make mistakes, sooner or later the most aware of us can be caught off guard and fall victim. As such, we also want to be … Continue reading How to Tune the Human Sensor To Detect and Report Spear Phishing


First Key Metric for Any Security Awareness Program

Last week we discussed how healthcare has been more successful in changing behaviors and measuring that change than we in the security community. Not only has healthcare been working longer on changing behaviors (such as washing hands) but they have more robust metrics for measuring. For security awareness programs, where can we start? I'll be … Continue reading First Key Metric for Any Security Awareness Program