Security Awareness Blog: Category - Security Awareness Metrics

The Security Awareness Planning Kit - Updated

Folks, we have lots of new and exciting updates for the Security Awareness Planning Kit which I wanted to make you aware of. First, just a reminder about this free resource. To build, maintain and measure an awareness program that makes a difference, you need to plan and coordinate. For planning you have to answer … Continue reading The Security Awareness Planning Kit - Updated


Don't Get Hooked - Email Image

Last December we released a new security awareness poster - "Don't Get Hooked". This poster explains what phishing and spear phishing are and then shows an example email with numerous phishing indicators pointed out. Anyone is welcome to download, print and distribute as many copies of this poster as they like.In addition, we are … Continue reading Don't Get Hooked - Email Image


Verizon DBIR - Great Action Items for Awareness Programs

I finished reviewing the new Verizon DBIR (Data Breach Investigations Report). I think this is their best yet. If you are unfamiliar with this report, its the most comprehensive analysis of what the bad guys are doing each year. This years analysis is based on data from 95 countries, 1,367 confirmed breaches and 63,437 incidents. … Continue reading Verizon DBIR - Great Action Items for Awareness Programs


Idea for Human Metrics - Tracking Updates

Its always challenging to find a good security awareness metric. By good, I mean not only does the metric need to measure a human behavior that I care about, but the metric is easy and low cost to repeatedly measure. So I'm always excited when I find what I feel is a good security awareness … Continue reading Idea for Human Metrics - Tracking Updates


Getting Support and Approval for Phishing Assessments

During my human metrics talk at RSA last month, a common question was how to get support for an internal phishing program. Phishing assessments are a powerful metric, not only do they measure a high human risk, but they are repeatable, quantifiable, actionable and low cost. This is why phishing has become one of the … Continue reading Getting Support and Approval for Phishing Assessments