Security Awareness Blog

National Cyber Security Awareness Month - #NCSAM

For those of you living in the United States, you may have noticed recent announcements about National Cyber Security Awareness Month. Sponsored by the Department of Homeland Security and the National Cyber Security Alliance, this is a month long event that happens every October. The goal is to raise awareness ... well about awareness. I'll … Continue reading National Cyber Security Awareness Month - #NCSAM


Security Awareness Strategies - Saving Money With Time

In past posts I've talked about some of the strategic issues you need to consider when planning your awareness program, including building your Steering Committe, defining your security awareness goals, and documenting any awareness policies. Today we look at time limitations. People often forget this issue, how much time do you have to communicate your … Continue reading Security Awareness Strategies - Saving Money With Time


Justifying Your Awareness Program With Social Engineering Survey

Building a business case for your security awareness program is always a challenge. Budgets are tight and it can be difficult quantifying the human risk. You need every weapon possible, and this is why we have a Security Awareness Business Justification section on our free resources page. Checkpoint just published a social engineering survey that … Continue reading Justifying Your Awareness Program With Social Engineering Survey


Ghost in the Wires - Social Engineering at its Finest

I just finished reading Kevin Mitnick's new book, Ghost in the Wires. This was an amazing read. If you are involved in information security in anyway, I really recommend you (and your boss) read the book. This is not a technical manual on how to do social engineering, if you are looking for that I … Continue reading Ghost in the Wires - Social Engineering at its Finest


Phishing For Information With LinkedIn

Just got this LinkedIn request today (click on the image for a larger version). Gee, do you think this person may be phishing for information, perhaps attempting to harvest cyber intelligence? Note, if you look at his LinkedIn account he has two connections. Continue reading Phishing For Information With LinkedIn