Blog: SANS Securing The Human: Author - lspitzner

Blog: SANS Securing The Human:

Just Released - The Phishing Planning Kit

One of the biggest challenges with an effective phishing program is not the technology you use, but how you communicate and implement your phishing program. To assist you in getting the most out of your phishing program we have put together the Phishing Planning Kit. Based on the feedback and input of numerous security awareness officers, this kit walks you through step-by-step how to implement an effectively phishing program that your employees will actually like. In addition we include lessons learned such as how often you should do your phishing emails, who to target, what type of phishing emails you should use, what to do with violators, and what to report and to whom. Get all


Guest Post - Awareness Through Gamification - #SecAwareSummit

Editor's Note: This is a guest Blog Post from Jonathan Homer, a member of Idaho National Laboratory Cyber Security Division and runs their SecAware team. Below is a description of his upcoming talk on "Awareness Through Gamification" at theSecurity Awareness Summit 10 Sep in Dallas.

When developing training materials we strive to create clear, concise communications based on logic and simplicity. We put tremendous effort into creating training which is understood and retained. And yet time and time again, attendees sleep through training classes and violate principles taught the same day.

In contrast, Hollywood focuses on entertainment, a model where we pay money to sit in uncomfortable seats in a dark room eating stale, overpriced popcorn. And yet we memorize famous lines, talk about the experience for weeks to come, and, most important for this


Guest Post - The Human Vulnerability Scanner - #SecAwareSummit

Editor's Note: This is a guest Blog Post from Lance Hayden, a Solutions Architect with Cisco's IT Governance, Risk and Compliance consulting practice and author of IT Security Metrics. Below is a short description of his talk on the Human Vulnerability Scanner at the Security Awareness Summit 10 Sep in Dallas.

Security training and awareness professionals, somewhat by definition, focus more on the human and social issues of an organization than on its technology. The fact that people are not as easy to manage as machines makes the


#SecAwareSummit - Venue Confirmed and "Show-n-Tell" Session Added

We have two new exciting updates I wanted to share for the upcoming Security Awareness Summit (#SecAwareSummit) to be held 10 Sep in Dallas. First, the venue has now been confirmed, we will be holding the event at the Marriott. The reason for the delay was we wanted to be sure we had the best location possible. What we liked about this location was not only its size, but more importantly its design enables maximum interaction between attendees. We know that at events like this you can learn just as much from your peers as from the speakers, if not more. So we are doing everything we can to both enable and encourage interaction with other security awareness


New Video of the Month - HIPAA / HITECH

Every other month we post a new security awareness video for the community. For July we posted a new video that covers the world of HealthCare. Specifically it explains what HIPAA, HITECH and PHI are, and why they apply to HealthCare. If your organization handles PHI, this is a great way to introduce your staff to the how and why of protecting PHI. More at our video of the month site.