Establishing a security awareness program that ensures your organization is both compliant and reduces risk is difficult. Many organizations do not even know where to start. To help you we have put together a planning package. This package is made up of the following. PACKAGE: First is thePlanning & Deployment Package itself. This package contains … Continue reading Webcast & Deployment Package for High-Impact Awareness Programs
I'm noticing a trend in awareness training, one I wanted to share and see if others are seeing the same thing. In general there are two ways to deliver training, what I call Scheduled or On Demand. Scheduled is what you think of for traditional training. A certain time and/or place is set and people … Continue reading Security Awareness Training - Scheduled or On Demand?
One of the great things about the annual RSA conference is meeting people smarter then you. Simple, informal conversations or structured presentations are a tremendous way to learn and come up with new ideas. The other night I had a chance to have dinner with Andy Jaquith, author of Security Metrics, often considered the bible … Continue reading Security Awareness Metric - What is Your Prevention / Detection Ratio?
I've posted several times about the tremendous value of an active phishing assessment program. Not only does it result in effective behavior change, but based on my experience phishing assessments are positive and a highly engaging way to reach people. In may ways it becomes a challenge of who can 'spot the phish' first, gamifying … Continue reading Tuning the Human Sensor with Phishing Attacks
Continuing our top three trend I wanted to share the top three reasons I see awareness programs fail. By fail I mean they do not have an impact. If compliance is your only goal, this is much simpler to achieve. Having an impact through behavior change is a far greater challenge. 1. No Plan: This … Continue reading Top 3 Reasons Security Awareness Training Fails