Security Awareness Blog

Security Awareness Strategies - Saving Money With Time

In past posts I've talked about some of the strategic issues you need to consider when planning your awareness program, including building your Steering Committe, defining your security awareness goals, and documenting any awareness policies. Today we look at time limitations. People often forget this issue, how much time do you have to communicate your … Continue reading Security Awareness Strategies - Saving Money With Time


Justifying Your Awareness Program With Social Engineering Survey

Building a business case for your security awareness program is always a challenge. Budgets are tight and it can be difficult quantifying the human risk. You need every weapon possible, and this is why we have a Security Awareness Business Justification section on our free resources page. Checkpoint just published a social engineering survey that … Continue reading Justifying Your Awareness Program With Social Engineering Survey


Ghost in the Wires - Social Engineering at its Finest

I just finished reading Kevin Mitnick's new book, Ghost in the Wires. This was an amazing read. If you are involved in information security in anyway, I really recommend you (and your boss) read the book. This is not a technical manual on how to do social engineering, if you are looking for that I … Continue reading Ghost in the Wires - Social Engineering at its Finest


Phishing For Information With LinkedIn

Just got this LinkedIn request today (click on the image for a larger version). Gee, do you think this person may be phishing for information, perhaps attempting to harvest cyber intelligence? Note, if you look at his LinkedIn account he has two connections. Continue reading Phishing For Information With LinkedIn


Leveraging The HumanOS For Detection

When dealing with the human issues of information security, I find myself more and more comparing people to operating systems. Computers store, process and transfer information, so to do people. We already have a variety of policies, processes, and procedures in place to securing operating systems, why re-invent the wheel when we can re-use many … Continue reading Leveraging The HumanOS For Detection