Security Awareness Blog: Category - Security Awareness Planning

Security Awareness Blog:

Guest Post #2 - Leveraging Social Media at Diageo

J.Haren(3)Editor's Note: John Haren is the Head of Information Security Governance, Risk & Compliance at Diageo and has responsibility for the company's Security Awareness program. Below is part two of a series where John describes how Diageo is leveraging social media to engage staff and help drive their awareness program.

In a my previous blog post I discussed how we have used Yammer at Diageo to help me both deliver content and get some engagement with the end-user population, to facilitate their asking questions and drive a two-way dialog between them and our security team. I introduced


The Internet of CIP Things (IoCT)

tim-conwayEditor's Note:Tim Conway is theTechnical Director of ICS and SCADA programs at SANS. Below he discusses the impact of the Internet of CIP Things.

You have likely heard of the Internet of Things, which encompasses the interconnected network of "stuff" that has become completely intertwined in every part of your life. I present to you the Internet of CIP Things for your consideration, which encompasses the interconnected network of CIP activity that absolutely consumes your life if you work in this field. Without pulling out the old-timer card and going back through the history of CIP Things, let's just focus on the CIP Things of now. Without further ado — the Internet of CIP Things Top 10 list aka-CIP


Gamification at Salesforce - #SecAwarenessSummit

Masha SedovaEditor's Note: Masha Sedova is the Senior Director of Trust Engagement at Salesforce.She is one of the speakers for the upcoming US Security Awareness Summit in Philadelphia August 19. Below she discusses her talk on gamification and the power of engaging employees.

For many employees in organizations across the world, security training is synonymous with getting a root canal. An interaction with the security team is rarely seen as a favorable experience and is often associated with policy enforcement, password rotation and annual computer-based trainings. But imagine a new work environment where your employees viewed the


Ready or not here comes NERC CIP Version 5

Ted GutierrezEditor's Note:Ted Gutierrezis the ICS & NERC CIP Product Manager at the SANS Institute.Below he discusses the impact of NERC CIP Version 5 and how utilities can best prepare for it.

Can you believe it's been nearly four years since the first balloting of NERC CIP Version 5? Those of us who have been on the NERC CIP roller coaster for a while know what a ride it's been! The hairpin twists and turns that these standards have taken and the attempts by both industry and the regulators to explain, interpret and implement has been quite an adventure. Regardless of how you feel about the standards and if they will actually achieve the intended objectives, they are


Establishing a Human Sensor Network - #SecAwareSummit

image001Editor's Note: Ellen Powers is a cyber security threat awareness leader at MITRE. She is one of the speakers for the upcoming US Security Awareness Summit in Philadelphia August 19. Below she discusses her talk on building a Human Sensor network.

Technology controls are our best protection but do not cover the gamut of tactics and techniques from across the cyber threat landscape. We need a workforce who can fill the gap between technology and intrusion attempts.

In my upcoming SANS STH talk, Extending Your Human Sensor Network: Measurable Threat Defense, I will share the approach we used to prime the culture to not only