Blog: SANS Securing The Human: Author - lspitzner

Blog: SANS Securing The Human:

Book Review - John Kotter's "Leading Change"

I just finished reading John Kotter's amazing book Leading Change, a resource I absolutely recommend for anyone involved in the world of security awareness. John Kotter is one of the world's leading experts on culture change with over 30 years experience in this field and a graduate of both Harvard and MIT. His book takes you through a strategic eight step process on how to create change in organizations, with the last step ultimately resulting in change of culture. Just like Cialdini's book Influence, what I loved about Kotter's book is he brings real world stories to every step. Some key things I took away from the book include:


...

American vs. European Reporting - Creating a Sense of Urgency

One of the first steps in attempting to change culture is creating a sense of urgency. Without a strong sense for a need for change, especially at the senior level, it is difficult to change peoples' beliefs, attitudes and behaviors. The excellent book Leading Change by John Kotter does an outstanding of explaining an 8 step process to culture change, and step #1 is a sense of urgency. This is why in the United States I feel we are seeing an acceleration in security awareness and investment in information security due to all the breaches that have been publicized in the past 18 months. From Target and Home Depot to JP Morgan Chase and other financial institutions, there is a growing sense of urgency as organization after organization goes public about recent incidents. No one wants to be the next Target, and I'm hearing from students that senior management is investing in

...

Security Awareness Survey Update

Folks, as some of you know in October for National Cyber Security Awareness Month we released the first ever Security Awareness Survey for Security Awareness Officers. Over 200 people responded, which was an amazing number. We had hoped to release the results of the survey this week but have ran into two challenges, to be honest both are good problems to have.


  • We received far more information then we expected. We really want to be sure we take our time and digest/analyze this information correctly and present it in a useful and easy to use format for security awareness officers around the world.

  • Bob Rudis from the infamous Verizon DBIR team volunteered to help analyze this rich source of information. We wanted to give Bob time to work his magic.


So, while the survey results will be later then we hoped, we like to think they will be well worth the wait. Stay tuned :)

 

Poster from Ft. Meade Alliance on Need For Employee Cyber Training

The folks from the Ft. Meade Alliance have posted both an interesting blog post and infographic on the Defense Department's approach and need for employee cyber security training, and how that compares to the civilian world. Long story short, looks like the military folks may be ahead of the game compared to corporate world. You can find more about the blog post and their poster at www.ftmeadealliance.org.

 

OUCH! is out - Social Engineering

The November edition of OUCH! is out. For this month we focus on the fundamental concepts of Social Engineering. Time and time again we have found ourselves referencing Social Engineering in past editions of OUCH, so it was time to take a step back and explain exactly what Social Engineering is and how to detect and stop it. Ultimately our goal is to reinforce the idea that people and not technology are the best defense. Please feel free to share OUCH with your family, friends and coworkers. As always, you can find OUCH! in over 25 languages and past archives at the OUCH home page - www.securingthehuman.org/ouch.