Security Awareness Blog: Category - Security Awareness Planning

Security Awareness Blog:

Aligning HR With Secure Behaviors

One of the ideas I pulled from John Kotter's book Leading Change was a suggestion on Human Resources. Have your HR team align performance evaluations, compensation, or promotions based on peoples' security behaviors. This does two things. First, it increases motivation because people see an actual, tangible gain by changing their behaviors. But even more importantly, Mr. Kotter points out that this demonstrates that the leadership is serious about security, that they want to make secure behaviors part of the organization's DNA. I thought this was a great idea. Here are some examples of metrics your HR could use to track employees and staff.

  • Employee had no security violations in past 12 months

  • Employee successfully completed all awareness training

  • Employees on their own reviewed online profile to confirm

Book Review - Switch: How to Change Things When Change is Hard

I just finished the excellent book Switch: How to Change Things When Change is Hardby Chip and Dan Heath. Similar to John Kotter's book Leading Change this book is ultimately about changing behavior. While Kotter's book is strategic and focuses on change in large organizations, Switch is more tactical and at the individual or small group level. Switch is very easy to read, backed by amazing research, references and funny stories. I highly recommend this book for any security awareness officer. Some key take aways.

1. The book breaks down


Coming to Australia - Building High-Impact Awareness Programs - A Two Day Course

Folks, I'm excited to announce that SANS MGT433 (Building a High-Impact Awareness Program) is coming to Canberra, Australia 18/19 March next year. This will be the first time this intense two-day class has ever been taught below the equator. If you are Down Under and your organization is building a new security awareness program or looking to pump-up your existing one, I highly recommend you don't miss this opportunity. Not only will you learn from the collective wisdom of hundreds of security awareness officers, this is a fantastic


You are for Sale: Wellness Apps, Wearable Devices, and Data Privacy

Editor's Note: This is a guest Blog Post from Kelli Tarala.This is the second in a series of blog posts from her about wearable devices and healthcare.

Introduction:In a recent post we discussed health wearables, a class of devices that measures and reports on statistical health information such as number of steps taken, heart rate, sleep patterns, etc. This collection of data is part of a movement known as the Quantified Self and it is an ecosystem of applications, cloud services, smart phones, medical devices and wearables that assist the user in self-tracking. The purpose of this self-tracking is improved self-knowledge, perhaps improved athletic performance or better health through weight loss, lower blood pressure, or more activity throughout the day. Through an application on a smart devices, this quantified self-data is


Book Review - John Kotter's "Leading Change"

I just finished reading John Kotter's amazing book Leading Change, a resource I absolutely recommend for anyone involved in the world of security awareness. John Kotter is one of the world's leading experts on culture change with over 30 years experience in this field and a graduate of both Harvard and MIT. His book takes you through a strategic eight step process on how to create change in organizations, with the last step ultimately resulting in change of culture. Just like Cialdini's book Influence, what I loved about Kotter's book is he brings real world stories to every step. Some key things I took away from the book include: