Verizon recently released their 2014 PCI Compliance Report. As stated in the introduction: "This research is based on quantitative data gathered by our qualified security assessors (QSAs) while performing baseline assessments on PCI DSS 2.0 compliance between 2011 and 2013. The companies that we assessed span many industries and countries." One of the biggest findings? … Continue reading Verizon PCI Report - Nearly 70% of Data Breaches Started With the Human
I'm a huge fan of phishing assessments, not only are they a great way to measure the impact of your program, but a powerful way to reinforce key behaviors. However as with any tool, you have to use it correctly. A common challenge with phishing assessments is how targeted should you make the emails? Make … Continue reading Phishing Assessments - How Targeted Should It Be?
One of the most exciting areas for me in the world of security awareness is metrics, we are getting better and better at measuring change in human behavior. One of the most common methods is phishing assessments, as not only are they easy to do but they address one of the most common human … Continue reading The Bad Karma of Releasing Names
Building, maintaining and measuring an engaging security awareness program that not only ensures you are compliant but also changes behavior and reduces risk is a tough challenge. SANS MGT433 is a two day course designed to teach you how to do just that, build an awareness program that makes a difference. The course is … Continue reading Security Awareness Officer Two Day Course - MGT433
A question we are commonly asked is how do we create our awareness content, what processes do we use? How can we ensure our content will have the greatest impact possible? Most awareness programs take a haphazard approach to content by randomly picking topics for their program, there is no analysis on what are the … Continue reading How We Create Content