Blog: SANS Securing The Human: Category - Security Awareness Planning

Blog: SANS Securing The Human:

Just Released - The Phishing Planning Kit

One of the biggest challenges with an effective phishing program is not the technology you use, but how you communicate and implement your phishing program. To assist you in getting the most out of your phishing program we have put together the Phishing Planning Kit. Based on the feedback and input of numerous security awareness officers, this kit walks you through step-by-step how to implement an effectively phishing program that your employees will actually like. In addition we include lessons learned such as how often you should do your phishing emails, who to target, what type of phishing emails you should use, what to do with violators, and what to report and to whom. Get all


Guest Post - Awareness Through Gamification - #SecAwareSummit

Editor's Note: This is a guest Blog Post from Jonathan Homer, a member of Idaho National Laboratory Cyber Security Division and runs their SecAware team. Below is a description of his upcoming talk on "Awareness Through Gamification" at theSecurity Awareness Summit 10 Sep in Dallas.

When developing training materials we strive to create clear, concise communications based on logic and simplicity. We put tremendous effort into creating training which is understood and retained. And yet time and time again, attendees sleep through training classes and violate principles taught the same day.

In contrast, Hollywood focuses on entertainment, a model where we pay money to sit in uncomfortable seats in a dark room eating stale, overpriced popcorn. And yet we memorize famous lines, talk about the experience for weeks to come, and, most important for this


Guest Post: Ramping Up Your Phishing Program - Security Awareness Summit

Editor's Note: This is a guest Blog Post from Cheryl Conley, head of Lockheed Martin's Security Education and Awareness team. Lockheed is one of the most targeted (and phished) organizations in the world. Below is a short description of her talk on "Ramping Up Your Phishing Program" at the Security Awareness Summit 10 Sep in Dallas.

During this 45 minute interactive session, we'll take a look at the past 5 years of phishing at Lockheed, our strategy to include the initial baseline, diverse levels of difficulty, and lessons learned. I'll discuss our Undesired Action Rate (UAR) metrics, the great improvements in reporting and the trends we have been able to diagnose/craft awareness material around; and even some of our unique employee interactions and responses to our testing (Jury Duty and Traffic tickets come to mind!). Time permitting, test your knee jerk skills


Guest Post - Enticing Employees to Self-Educate

Editors Note: This blog post is from Lori Rosenberg, part of the security awareness team at eBay. Here she covers her upcoming talk at the Security Awareness Summit (#SecAwareSummit) this 10 Sep in Dallas. The summit brings together awareness officers from around the world to share how they are taking their program to the next level, and how they are measuring that impact.

Like most large organizations, I'm limited in the frequency and length of communications in which I'm able to send to large groups, so I have to make the most of all opportunities when I push information to our employees. This is one of the many benefits of


Guest Post - 17 Reasons for Healthcare Awareness Training

Editor: Today's guest blog post is from Kelli Tarala

The Department of Health and Human Service (HHS) Office for Civil Rights (OCR), recently fined Parkview Health System $800,000 for HIPAA privacy violations involving leaving seventeen boxes of non-electronic health records unsupervised at the end of physician's driveway. As a result of the settlement, the health system must adopt a corrective action plan which includes staff training and an implementation report on that training to OCR. Let's take a closer