Security Awareness Blog: Category - Security Awareness Planning

Security Awareness Blog:

Security Awareness Summit Roundup

show and tell 2 IMG_8941The 2nd annual US Security Awareness Summit was held in Philadelphia, 10 August with almost 150 people attending. It was an amazing mix of security awareness officers from different industries, organizations and even countries, with people coming from as far as Brunei to attend. Here are some key take aways from the event.

  • We had eight speakers, you can download their slides from our

Guest Post #2 - Leveraging Social Media at Diageo

J.Haren(3)Editor's Note: John Haren is the Head of Information Security Governance, Risk & Compliance at Diageo and has responsibility for the company's Security Awareness program. Below is part two of a series where John describes how Diageo is leveraging social media to engage staff and help drive their awareness program.

In a my previous blog post I discussed how we have used Yammer at Diageo to help me both deliver content and get some engagement with the end-user population, to facilitate their asking questions and drive a two-way dialog between them and our security team. I introduced


The Internet of CIP Things (IoCT)

tim-conwayEditor's Note:Tim Conway is theTechnical Director of ICS and SCADA programs at SANS. Below he discusses the impact of the Internet of CIP Things.

You have likely heard of the Internet of Things, which encompasses the interconnected network of "stuff" that has become completely intertwined in every part of your life. I present to you the Internet of CIP Things for your consideration, which encompasses the interconnected network of CIP activity that absolutely consumes your life if you work in this field. Without pulling out the old-timer card and going back through the history of CIP Things, let's just focus on the CIP Things of now. Without further ado — the Internet of CIP Things Top 10 list


Gamification at Salesforce - #SecAwarenessSummit

Masha SedovaEditor's Note: Masha Sedova is the Senior Director of Trust Engagement at Salesforce.She is one of the speakers for the upcoming US Security Awareness Summit in Philadelphia August 19. Below she discusses her talk on gamification and the power of engaging employees.

For many employees in organizations across the world, security training is synonymous with getting a root canal. An interaction with the security team is rarely seen as a favorable experience and is often associated with policy enforcement, password rotation and annual computer-based trainings. But imagine a new work environment where your employees viewed the


Ready or not here comes NERC CIP Version 5

Ted GutierrezEditor's Note:Ted Gutierrezis the ICS & NERC CIP Product Manager at the SANS Institute.Below he discusses the impact of NERC CIP Version 5 and how utilities can best prepare for it.

Can you believe it's been nearly four years since the first balloting of NERC CIP Version 5? Those of us who have been on the NERC CIP roller coaster for a while know what a ride it's been! The hairpin twists and turns that these standards have taken and the attempts by both industry and the regulators to explain, interpret and implement has been quite an adventure. Regardless of how you feel about the standards and if they will actually achieve the intended objectives, they