Twice a year at Securing The Human we do a complete review of our security awareness training library. We start with reviewing all the topics and identify if we should add any new ones or remove any old ones. We then review the existing topics to see if any should be updated. We have just … Continue reading Top 9 Topics for Your Awareness Program
A target groups we are attempting to reach on cyber security are the engineers and operators who run critical infrastructure, such as those responsible for power generation, oil refineries, and water plants. This may not be as sexy as some other industries, but without it life as we know it would literally shutdown. As such, … Continue reading Engage With a Story - Hacking a Utility
I just finished reading through the new draft for NIST SP800-16 document titled "A Role-Based Model for Federal Information Technology/ Cyber Security Training ". If you never heard of NIST, FISMA or the SP800 series of documents, you can probably stop reading now and save yourself some time. However if you are involved in security … Continue reading Draft NIST SP800-16 (vs. SP800-50)
One of the great things about awareness training is not only do staff become more aware and prevent incidents, but they start reporting attacks also, they become human sensors. Today I got just such an email from an employee reporting a phishing attack (click on email for larger view). The email was all about clicking … Continue reading Symantec, How Could You?
When it comes to securing the human, Mobile Device are one of the top ten risks I'm seeing organizations the most concerned about. It makes sense, mobile devices now have the same computing power (and risks) as your laptop. The only difference is mobile devices are easier to lose or have stolen. However, risks with … Continue reading When Mobile Devices Control Every Aspect of Your Life