Security Awareness Blog

New Hire / New Hardware - An Engaging Awareness Touchpoint

A common challenge for an effective security awareness program is continuously reaching out to employees/staff in a fun and engaging manner. Training people once a year may keep auditors happy but will not change behavior. As such, you always want to be thinking of different ways you can reach out to people. The new hire … Continue reading New Hire / New Hardware - An Engaging Awareness Touchpoint


OUCH! is OUT - Social Networking Safely

The March edition of the OUCH! security awareness newsletter is out. This month we focus on Social Networking Safely. In addition, we know and understand security awareness is a global challenge so OUCH! is translated into over 15 languages. Download and share with your family, friends and co-workers. For organizations you are encouraged to use … Continue reading OUCH! is OUT - Social Networking Safely


Balancing Compliance vs Changing Behaviors in Awareness Programs

For several years now I've been banging my head on a common problem when it comes to security awareness programs, how do you keep the auditors happy while establishing an engaging program that changes behaviors? In many ways the two goals conflict. Auditors often want to see as much content as possible covered, usually details … Continue reading Balancing Compliance vs Changing Behaviors in Awareness Programs


Why Bruce is Wrong on Getting Incentives Right

Bruce Schneier just published an interesting blog post on why he feels security awareness programs get incentives wrong. Instead of teaching people about risks, he suggests we should be firing people who get security wrong. He explains people understand the risks, just that people choose to ignore them. I disagree. There are some organizations that … Continue reading Why Bruce is Wrong on Getting Incentives Right


Grab Your Copy of "You Are A Target" Poster at RSA

Are you at the RSA security conference this week? If so, stop by the SANS booth (#2716) and grab your copy of the "You Are A Target" security awareness poster. I'll be at the booth most of the week, if you are involved in security awareness training I would love to learn about some … Continue reading Grab Your Copy of "You Are A Target" Poster at RSA