Security Awareness Blog: Category - Security Awareness Metrics

How We Create Content

A question we are commonly asked is how do we create our awareness content, what processes do we use? How can we ensure our content will have the greatest impact possible? Most awareness programs take a haphazard approach to content by randomly picking topics for their program, there is no analysis on what are the … Continue reading How We Create Content


Stop Blaming People And Start Blaming Ourselves - Starting With Passwords

Okay, this one is for the security community. I'm amazed and stunned how often our community arrogantly blames people for security risks, when it is ourselves that are only to blame. Let's pick on everyone's favorite flogging topic when it comes to people, passwords. You know, the topic where we blame users for being 'stupid' … Continue reading Stop Blaming People And Start Blaming Ourselves - Starting With Passwords


Top 3 Indicators of a Next Generation Awareness Program

Security awareness has gone through immense changes in the past two years. It has quickly grown from a compliance driven, once a year dreaded event to an engaging solution focused on changing behaviors. Here are the top three indicators a program is truly a 'next generation' awareness program. 1. Behavior: The biggest indicator is the … Continue reading Top 3 Indicators of a Next Generation Awareness Program


The Top Seven Human Risks - Initial Findings

Some of you may be familiar with the Critical Security Controls, a consortium of the security community working to identify the top risks to organizations and the controls that mitigate them. One of the top controls (CC #9) identifies the human element. The challenge is this control simply identifies awareness as important, not which human … Continue reading The Top Seven Human Risks - Initial Findings


Remotely Attend Two Day Course on Building High-Impact Awareness Programs

Looking to build a new security awareness program that makes a difference? Want to pump up the volume on an existing program and go from just compliance focused to changing behaviors and reducing risk? I'll be teaching SANS two day course MGT 433 "Building a High-Impact Security Awareness Program" on 8/9 March in Orlando, Florida. … Continue reading Remotely Attend Two Day Course on Building High-Impact Awareness Programs