Blog: SANS Securing The Human

Blog: SANS Securing The Human

American vs. European Reporting - Creating a Sense of Urgency

One of the first steps in attempting to change culture is creating a sense of urgency. Without a strong sense for a need for change, especially at the senior level, it is difficult to change peoples' beliefs, attitudes and behaviors. The excellent book Leading Change by John Kotter does an outstanding of explaining an 8 step process to culture change, and step #1 is a sense of urgency. This is why in the United States I feel we are seeing an acceleration in security awareness and investment in information security due to all the breaches that have been publicized in the past 18 months. From Target and Home Depot to JP Morgan Chase and other financial institutions, there is a growing sense of urgency as organization after organization goes public about recent incidents. No one wants to be the next Target, and I'm hearing from students that senior management is investing in


Security Awareness Survey Update

Folks, as some of you know in October for National Cyber Security Awareness Month we released the first ever Security Awareness Survey for Security Awareness Officers. Over 200 people responded, which was an amazing number. We had hoped to release the results of the survey this week but have ran into two challenges, to be honest both are good problems to have.

  • We received far more information then we expected. We really want to be sure we take our time and digest/analyze this information correctly and present it in a useful and easy to use format for security awareness officers around the world.

  • Bob Rudis from the infamous Verizon DBIR team volunteered to help analyze this rich source of information. We wanted to give Bob time to work his magic.

So, while the survey results will be later then we hoped, we like to think they will be well worth the wait. Stay tuned :)


Poster from Ft. Meade Alliance on Need For Employee Cyber Training

The folks from the Ft. Meade Alliance have posted both an interesting blog post and infographic on the Defense Department's approach and need for employee cyber security training, and how that compares to the civilian world. Long story short, looks like the military folks may be ahead of the game compared to corporate world. You can find more about the blog post and their poster at


OUCH! is out - Social Engineering

The November edition of OUCH! is out. For this month we focus on the fundamental concepts of Social Engineering. Time and time again we have found ourselves referencing Social Engineering in past editions of OUCH, so it was time to take a step back and explain exactly what Social Engineering is and how to detect and stop it. Ultimately our goal is to reinforce the idea that people and not technology are the best defense. Please feel free to share OUCH with your family, friends and coworkers. As always, you can find OUCH! in over 25 languages and past archives at the OUCH home page -


Guest Blog Post: Health Wearables

Editor's Note: This is a guest Blog Post from Kelli Tarala. This is the first in a series of blog posts from her about wearable devices and healthcare.

Have you seen friends and coworkers wearing wrist bands with blinking lights and wondered what these bracelet-looking things are all about? They are part of the emerging trend in healthcare known as Mobile Health or "Mhealth."

These wearable devices can record fitness activities, as well as monitor sleep patterns, body temperature, and hydration levels. Common brands include the Nike® Fuel Band, FitBit®, Jawbone®, and the Microsoft® Band. These wearable devices are gaining in popularity: in a recent research project from summer 2014, PricewaterhouseCoopers' (PWC) health research initiative found that awareness of the staggering possibilities of these mobile health devices is rapidly growing.

While health wearables are still an emerging technology trend, 56% of survey