A target groups we are attempting to reach on cyber security are the engineers and operators who run critical infrastructure, such as those responsible for power generation, oil refineries, and water plants. This may not be as sexy as some other industries, but without it life as we know it would literally shutdown. As such, … Continue reading Engage With a Story - Hacking a Utility
I just finished reading through the new draft for NIST SP800-16 document titled "A Role-Based Model for Federal Information Technology/ Cyber Security Training ". If you never heard of NIST, FISMA or the SP800 series of documents, you can probably stop reading now and save yourself some time. However if you are involved in security … Continue reading Draft NIST SP800-16 (vs. SP800-50)
One of the great things about awareness training is not only do staff become more aware and prevent incidents, but they start reporting attacks also, they become human sensors. Today I got just such an email from an employee reporting a phishing attack (click on email for larger view). The email was all about clicking … Continue reading Symantec, How Could You?
When it comes to securing the human, Mobile Device are one of the top ten risks I'm seeing organizations the most concerned about. It makes sense, mobile devices now have the same computing power (and risks) as your laptop. The only difference is mobile devices are easier to lose or have stolen. However, risks with … Continue reading When Mobile Devices Control Every Aspect of Your Life
A common misconception of security awareness is creating content is simple. Just pick some random topics, communicate those random topics, and you are done. To be dead honest, that works for compliance. However to effectively reduce human risk, you have to first identify the the greatest human risks to your organization and focus on just … Continue reading The Challenge of Keeping It Short