Security Awareness Blog

Ukrainian Grid Attack: How NERC CIP-like Measures Might Have Helped

Editor's Note: Today's guest blog is published by TedGutierrez, CISSP, GICSP, and GCIH, is the ICS & NERC CIP Product Manager at the SANS Institute and co-author of SANS ICS456 - Essentials for NERC CIP. With the recent release of the E-ISAC and SANS ICS Defense Use Case (DUC) #5 which analyzed the cyber-attack that … Continue reading Ukrainian Grid Attack: How NERC CIP-like Measures Might Have Helped


ES-ISAC Changes Require Plan Updates

Guest Editor: This guest post is by the ever wiseTed Gutierrez whois the ICS & NERC CIP Product Manager at the SANS Institute and co-author of SANS ICS456 - Essentials for NERC CIP Did you hear about the NERC registered entity that got a PV for failing to update the Cyber Security Incident response plan … Continue reading ES-ISAC Changes Require Plan Updates


The Top Challenges Facing Security Awareness Programs

Responses from 2016 Security Awareness Report outline the key challenges facing security awareness professionals. Continue reading The Top Challenges Facing Security Awareness Programs


Defining the Security Awareness Maturity Model

Last week we introduced the Security Awareness Maturity Model.Established in 2011, this maturity model enables organizations to identify where their security awareness program is currently at, where a qualified leader can take it and the path how to get there. Below we describe each stage of the maturity model. As you go through each … Continue reading Defining the Security Awareness Maturity Model


OUCH is out - What is Malware?

We are excited to announce the March issue of OUCH! This month, led by Guest Editor Lenny Zeltser, we focus on malware. Specifically what malware is and they key steps you can take to protect yourself against it (hint: its not just anti-virus software). We picked this topic as malware is such a common and … Continue reading OUCH is out - What is Malware?