Security Awareness Blog

Target: Healthcare Organization

Editor's Note: SANS & NH-ISAC have just released the whitepaper: The What, Where and How of Protecting Healthcare Data by authors James Tarala and Kelli K Tarala. Below is an excerpt, the full paper is available for download at: http://www.sans.org/u/3fO. A healthcare organization is responsible for protecting a patient's most private information; their medical record. … Continue reading Target: Healthcare Organization


Can't Patch Stupidity? Look in the Mirror

A theme I sometimes hear from people in the the security community is you can't patch stupid. That "End Users" are too dumb or ignorant to be secured. Wow, I can't think of a more unfounded, prejudice statement. First, "End Users" are people like you and me, so I suggest we start calling them that. … Continue reading Can't Patch Stupidity? Look in the Mirror


Securing the Software Development Lifecycle

Editor's Note: Today's post is from Eric Johnson. Eric is a Senior Security Consultant at Cypress Data Defense and the Application Security Curriculum Product Manager at SANS. In this post Eric replies to a question about what SDLC is and where people can learn more. In a previous post, Beeker posted the comment, "What is … Continue reading Securing the Software Development Lifecycle


What Ideas do You Have to Secure Today's Kids?

Folks, I'm pumped to be part of something new at RSA this year, an event focusing on how the security community can best reach out to and help secure today's kids. I'll be part of a keynote panel with some absolutely amazing other folks to include Alicia Kozakiewicz (if you don't know who that is, … Continue reading What Ideas do You Have to Secure Today's Kids?


Motivating Staff to Join the Awareness Cause

Editors Note:Today's guest post is fromAngela Pappas. Angela helps lead the awareness program atThomson Reuters, a global organization with over 58,000 people. In this series of blogs Angela shares with us how she established their Security Ambassador Program. Since the inception of my role in 2012 as a part of the information security training and … Continue reading Motivating Staff to Join the Awareness Cause