Security Awareness Blog

OUCH! is OUT - Social Networking Safely

The March edition of the OUCH! security awareness newsletter is out. This month we focus on Social Networking Safely. In addition, we know and understand security awareness is a global challenge so OUCH! is translated into over 15 languages. Download and share with your family, friends and co-workers. For organizations you are encouraged to use … Continue reading OUCH! is OUT - Social Networking Safely


Balancing Compliance vs Changing Behaviors in Awareness Programs

For several years now I've been banging my head on a common problem when it comes to security awareness programs, how do you keep the auditors happy while establishing an engaging program that changes behaviors? In many ways the two goals conflict. Auditors often want to see as much content as possible covered, usually details … Continue reading Balancing Compliance vs Changing Behaviors in Awareness Programs


Why Bruce is Wrong on Getting Incentives Right

Bruce Schneier just published an interesting blog post on why he feels security awareness programs get incentives wrong. Instead of teaching people about risks, he suggests we should be firing people who get security wrong. He explains people understand the risks, just that people choose to ignore them. I disagree. There are some organizations that … Continue reading Why Bruce is Wrong on Getting Incentives Right


Grab Your Copy of "You Are A Target" Poster at RSA

Are you at the RSA security conference this week? If so, stop by the SANS booth (#2716) and grab your copy of the "You Are A Target" security awareness poster. I'll be at the booth most of the week, if you are involved in security awareness training I would love to learn about some … Continue reading Grab Your Copy of "You Are A Target" Poster at RSA


The Top Seven Human Risks - Initial Findings

Some of you may be familiar with the Critical Security Controls, a consortium of the security community working to identify the top risks to organizations and the controls that mitigate them. One of the top controls (CC #9) identifies the human element. The challenge is this control simply identifies awareness as important, not which human … Continue reading The Top Seven Human Risks - Initial Findings