Blog: SANS Securing The Human: Category - Security Awareness Metrics

Blog: SANS Securing The Human:

Guest Post - Selling Enthusiasm - #SecAwareSummit

Editor's Note: This is a guest Blog Post from Matt Beland, the Chief Security Officer at the law firm Davis Wright Tremaine LLP. Below is a description of his upcoming talk on "Selling Enthusiasm" at the Security Awareness Summit 10 Sep in Dallas.

Everyone's familiar with the old saying - "There are three things that matter in property: location, location, location." Well, in Security Awareness, we also have three things that matter - "communication, communication, communication". After all, the whole point of Security Awareness is communicating the things our users need to know - the threats, the tools, the responses.

But communication is hard. Our users have their own priorities and interests, they're often awash in a sea of communication on dozens of topics - how do we make ourselves heard, and not just heard, but understood? The key is engagement. If


Just Released - The Phishing Planning Kit

One of the biggest challenges with an effective phishing program is not the technology you use, but how you communicate and implement your phishing program. To assist you in getting the most out of your phishing program we have put together the Phishing Planning Kit. Based on the feedback and input of numerous security awareness officers, this kit walks you through step-by-step how to implement an effectively phishing program that your employees will actually like. In addition we include lessons learned such as how often you should do your phishing emails, who to target, what type of phishing emails you should use, what to do with violators, and what to report and to whom. Get all


Guest Post - The Human Vulnerability Scanner - #SecAwareSummit

Editor's Note: This is a guest Blog Post from Lance Hayden, a Solutions Architect with Cisco's IT Governance, Risk and Compliance consulting practice and author of IT Security Metrics. Below is a short description of his talk on the Human Vulnerability Scanner at the Security Awareness Summit 10 Sep in Dallas.

Security training and awareness professionals, somewhat by definition, focus more on the human and social issues of an organization than on its technology. The fact that people are not as easy to manage as machines makes the


Guest Post: Ramping Up Your Phishing Program - Security Awareness Summit

Editor's Note: This is a guest Blog Post from Cheryl Conley, head of Lockheed Martin's Security Education and Awareness team. Lockheed is one of the most targeted (and phished) organizations in the world. Below is a short description of her talk on "Ramping Up Your Phishing Program" at the Security Awareness Summit 10 Sep in Dallas.

During this 45 minute interactive session, we'll take a look at the past 5 years of phishing at Lockheed, our strategy to include the initial baseline, diverse levels of difficulty, and lessons learned. I'll discuss our Undesired Action Rate (UAR) metrics, the great improvements in reporting and the trends we have been able to diagnose/craft awareness material around; and even some of our unique employee interactions and responses to our testing (Jury Duty and Traffic tickets come to mind!). Time permitting, test your knee jerk skills


Your New Security Awareness Planning Kit - Ver 2.0

One of the biggest challenges people face when building a high-impact security awareness program is where to start. Changing human behavior is hard, to do it right requires a lot of planning and coordination. To help build your program check out the "Security Awareness Planning Kit". This kit is a collection of templates, checklists, plans and materials that walk you through step-by-step on how to build a new or update an existing awareness program. These materials were developed by other security awareness officers, people just like you trying to make a difference with limited time and resources. This kit saves you time and effort by enabling you to build on and leverage what other awareness