Blog: Category - Social Engineering

Are you at the RSA security conference this week? If so, stop by the SANS booth (#2716) and grab your copy of the "You Are A Target" security awareness poster. I'll be at the booth most of the week, if you are involved in security awareness training I would love to learn about some of the challenges you are facing or success stories you would like to share.

As part of Securing The Human's commitment to the community, every month we post a new security awareness video. For February, we just released our newest awareness video "Advanced Persistent Threat". This five minute video explains in simple terms what APT is, walks your through how they operate, and what you can do to protect yourself against them. With all the recent news about targeted attacks (The New York Times, Wall Street Journal,

Building, maintaining and measuring a high-impact Security Awareness Program requires a great deal of planning and hard work. Often organizations find themselves overwhelmed, under resourced and do not know where to start. That is why we developed the community based resource the Security Awareness Roadmap. The Roadmap identifies the five stages to a mature security awareness program and all the steps, resources and documentation to get you there.

To help make your planning process even easier we now have an online, interactive version of the Security Awareness

I was playing with the site PrivacyRights.org today. This is a tremendous site where you can get valuable statistics on data breaches and compromised records. Privacy Rights collects information on all publicly available breach data, then create a simple interface where you can query that data. I did that today, with an emphasis on the human element. What I found really surprised me, humans result in far more breaches then you think.

• I selected all the types of breaches that were human related. Specifically unintended disclosure, insider threat, and lost, stolen or discarded data (Physical, Portable and Stationary). The

One of the levers we have to changing behaviors is reward and punishment. Reward behaviors we want to encourage, punish behaviors we want to stop. But which one is more effective, and which ones should we use? To be honest, this is a complex question and in part depends on your environment. However this is the approach I prefer.

Rewards: I always like to start by rewarding good behavior. By taking this initial approach you creative a positive environment, people associate good with security, not bad. Examples of rewards can be as simple as public recognition or someone finding a chocolate candy on their table, or it can be more substantial such as being entered in a raffle for a iPad or free lunch. The advantage with