Blog: SANS Securing The Human: Category - Security Awareness Metrics

Blog: SANS Securing The Human:

Just Released - The Phishing Planning Kit

One of the biggest challenges with an effective phishing program is not the technology you use, but how you communicate and implement your phishing program. To assist you in getting the most out of your phishing program we have put together the Phishing Planning Kit. Based on the feedback and input of numerous security awareness officers, this kit walks you through step-by-step how to implement an effectively phishing program that your employees will actually like. In addition we include lessons learned such as how often you should do your phishing emails, who to target, what type of phishing emails you should use, what to do with violators, and what to report and to whom. Get all


Guest Post - The Human Vulnerability Scanner - #SecAwareSummit

Editor's Note: This is a guest Blog Post from Lance Hayden, a Solutions Architect with Cisco's IT Governance, Risk and Compliance consulting practice and author of IT Security Metrics. Below is a short description of his talk on the Human Vulnerability Scanner at the Security Awareness Summit 10 Sep in Dallas.

Security training and awareness professionals, somewhat by definition, focus more on the human and social issues of an organization than on its technology. The fact that people are not as easy to manage as machines makes the


Guest Post: Ramping Up Your Phishing Program - Security Awareness Summit

Editor's Note: This is a guest Blog Post from Cheryl Conley, head of Lockheed Martin's Security Education and Awareness team. Lockheed is one of the most targeted (and phished) organizations in the world. Below is a short description of her talk on "Ramping Up Your Phishing Program" at the Security Awareness Summit 10 Sep in Dallas.

During this 45 minute interactive session, we'll take a look at the past 5 years of phishing at Lockheed, our strategy to include the initial baseline, diverse levels of difficulty, and lessons learned. I'll discuss our Undesired Action Rate (UAR) metrics, the great improvements in reporting and the trends we have been able to diagnose/craft awareness material around; and even some of our unique employee interactions and responses to our testing (Jury Duty and Traffic tickets come to mind!). Time permitting, test your knee jerk skills


Your New Security Awareness Planning Kit - Ver 2.0

One of the biggest challenges people face when building a high-impact security awareness program is where to start. Changing human behavior is hard, to do it right requires a lot of planning and coordination. To help build your program check out the "Security Awareness Planning Kit". This kit is a collection of templates, checklists, plans and materials that walk you through step-by-step on how to build a new or update an existing awareness program. These materials were developed by other security awareness officers, people just like you trying to make a difference with limited time and resources. This kit saves you time and effort by enabling you to build on and leverage what other awareness


Guest Blog - Hosting a Mobile Device Clinic

Editor's Note:This month's guest blog post is from the team at HCSC (Health Care Service Corporation).I know of organizations that have hosted booth events where employees can bring their personal mobile devices to be reviewed and ask any security related questions they have. But I have never seen it taken to this level, I love how HCSC has made mobile device security such a personal, fun and engaging event.

In preparation for a Bring Your Own Device (BYOD) roll-out, our team held a "Mobile Device Clinic" for Cyber Security Awareness Month. Prior to the event, we passed out flyers letting employees know that we would be holding the clinic,