Blog: SANS Securing The Human: Category - Events

Blog: SANS Securing The Human:

Show-n-Tell and Sharing at the #SecAwareSummit

Folks, as we gear up for the upcoming Security Awareness Summit in Dallas TX on 10 Sep, I wanted to share with you on how you can prepare for the event to make the most out of it. If you will be attending the event, some things to consider.


  1. SHARING: We are very excited about having six amazing speakers lead the event. However this is only just one of the many opportunities for you to learn. We are asking attendees to bring and share examples of their own awareness program. This can be newsletters, posters, mouse pads, calendars, stickers or any other resource you created that was a big hit. If possible, bring multiple copies to share with your peers. If you bring any large items, such as a poster, we will be happy to hang it for others to see.

  2. SHOW-N-TELL: If you like, take the sharing to the next level. During lunch any ...

Guest Post - Measuring Human Risk - #SecAwareSummit

Editor's Note: This is a guest Blog Post from Dan deBeaubien. Below is a description of his upcoming talk on "Measuring Human Risk - What is Your Security Score" at theSecurity Awareness Summit 10 Sep in Dallas.

Assuming that we know what to do in a given circumstance related to cyber security - install a firewall, do an audit, train our staff, whatever, and, also assuming that many resources abound to address these situations as they arise, the emergent issue is often where to start. We can't do everything, everywhere - we need to know where to begin, and where to go next. In my role at Michigan Tech, and working closely

...

Guest Post - Selling Enthusiasm - #SecAwareSummit

Editor's Note: This is a guest Blog Post from Matt Beland, the Chief Security Officer at the law firm Davis Wright Tremaine LLP. Below is a description of his upcoming talk on "Selling Enthusiasm" at the Security Awareness Summit 10 Sep in Dallas.

Everyone's familiar with the old saying - "There are three things that matter in property: location, location, location." Well, in Security Awareness, we also have three things that matter - "communication, communication, communication". After all, the whole point of Security Awareness is communicating the things our users need to know - the threats, the tools, the responses.

But communication is hard. Our users have their own priorities and interests, they're often awash in a sea of communication on dozens of topics - how do we make ourselves heard, and not just heard, but understood? The key is engagement. If

...

Guest Post - Awareness Through Gamification - #SecAwareSummit

Editor's Note: This is a guest Blog Post from Jonathan Homer, a member of Idaho National Laboratory Cyber Security Division and runs their SecAware team. Below is a description of his upcoming talk on "Awareness Through Gamification" at theSecurity Awareness Summit 10 Sep in Dallas.

When developing training materials we strive to create clear, concise communications based on logic and simplicity. We put tremendous effort into creating training which is understood and retained. And yet time and time again, attendees sleep through training classes and violate principles taught the same day.

In contrast, Hollywood focuses on entertainment, a model where we pay money to sit in uncomfortable seats in a dark room eating stale, overpriced popcorn. And yet we memorize famous lines, talk about the experience for weeks to come, and, most important for this

...

Guest Post - The Human Vulnerability Scanner - #SecAwareSummit

Editor's Note: This is a guest Blog Post from Lance Hayden, a Solutions Architect with Cisco's IT Governance, Risk and Compliance consulting practice and author of IT Security Metrics. Below is a short description of his talk on the Human Vulnerability Scanner at the Security Awareness Summit 10 Sep in Dallas.

Security training and awareness professionals, somewhat by definition, focus more on the human and social issues of an organization than on its technology. The fact that people are not as easy to manage as machines makes the

...