Akey requirement to amature security awareness program is identifying yourtop human risks and focuson just those risks. Far too often organizations randomly picktheir topics based on the latest attacks they see in the news or attempt to eliminate all human risk bycovering a myriad of topics. As a result, employees are bombarded with numerous, haphazard … Continue reading Managing Your Top Three Human Risks
One of themost common reasons we see organization's fail to establish a mature security awareness programis they fail to start witha plan. You can easily spotsuch anawareness program, theyrandomly pick the topics they communicate, they communicate only a fewtimes a year, they make little if any effort to understand and engage their audience, and … Continue reading The Security Awareness Planning Kit
Editor's Note: Cathy Click is the Project Manager/Event Coordinator for the Security Awareness program at FedEx. She is one of the speakers for the upcoming US Security Awareness Summit in San Francisco August 3/4. Below she discusses her talk on building a security awareness conference. How do you bridge the gap between having employees … Continue reading Building Your Own Awareness Events - At The #SecAwareSummit
space Editor's Note: Today's guest blog is published by Ted Gutierrez, CISSP, GICSP, and GCIH, is the ICS & NERC CIP Product Manager at the SANS Institute and co-author of SANS ICS456 - Essentials for NERC CIP. The July 1, 2016 enforcement date for what is commonly referred to as CIP Version 6 is right … Continue reading Is Your Organization Really Ready For NERC CIP Version 6?
space The June edition of the OUCH newsletter is out. For this month we decided to cover encryption. Far too often we the security community tell people to use encryption, but so many people do not know what encryption is or how to effectively use it. In this newsletter we explain in very simple terms … Continue reading OUCH is out - Encryption