Blog: SANS Securing The Human

Blog: SANS Securing The Human

Guest Post: Ramping Up Your Phishing Program - Security Awareness Summit

Editor's Note: This is a guest Blog Post from Cheryl Conley, head of Lockheed Martin's Security Education and Awareness team. Lockheed is one of the most targeted (and phished) organizations in the world. Below is a short description of her talk on "Ramping Up Your Phishing Program" at the Security Awareness Summit 10 Sep in Dallas.

During this 45 minute interactive session, we'll take a look at the past 5 years of phishing at Lockheed, our strategy to include the initial baseline, diverse levels of difficulty, and lessons learned. I'll discuss our Undesired Action Rate (UAR) metrics, the great improvements in reporting and the trends we have been able to diagnose/craft awareness material around; and even some of our unique employee interactions and responses to our testing (Jury Duty and Traffic tickets come to mind!). Time permitting, test your knee jerk skills

...

Guest Post - Enticing Employees to Self-Educate

Editors Note: This blog post is from Lori Rosenberg, part of the security awareness team at eBay. Here she covers her upcoming talk at the Security Awareness Summit (#SecAwareSummit) this 10 Sep in Dallas. The summit brings together awareness officers from around the world to share how they are taking their program to the next level, and how they are measuring that impact.

Like most large organizations, I'm limited in the frequency and length of communications in which I'm able to send to large groups, so I have to make the most of all opportunities when I push information to our employees. This is one of the many benefits of

...

Guest Post - 17 Reasons for Healthcare Awareness Training

Editor: Today's guest blog post is from Kelli Tarala

The Department of Health and Human Service (HHS) Office for Civil Rights (OCR), recently fined Parkview Health System $800,000 for HIPAA privacy violations involving leaving seventeen boxes of non-electronic health records unsupervised at the end of physician's driveway. As a result of the settlement, the health system must adopt a corrective action plan which includes staff training and an implementation report on that training to OCR. Let's take a closer

...

Your New Security Awareness Planning Kit - Ver 2.0

One of the biggest challenges people face when building a high-impact security awareness program is where to start. Changing human behavior is hard, to do it right requires a lot of planning and coordination. To help build your program check out the "Security Awareness Planning Kit". This kit is a collection of templates, checklists, plans and materials that walk you through step-by-step on how to build a new or update an existing awareness program. These materials were developed by other security awareness officers, people just like you trying to make a difference with limited time and resources. This kit saves you time and effort by enabling you to build on and leverage what other awareness

...

Guest Blog - Hosting a Mobile Device Clinic

Editor's Note:This month's guest blog post is from the team at HCSC (Health Care Service Corporation).I know of organizations that have hosted booth events where employees can bring their personal mobile devices to be reviewed and ask any security related questions they have. But I have never seen it taken to this level, I love how HCSC has made mobile device security such a personal, fun and engaging event.

In preparation for a Bring Your Own Device (BYOD) roll-out, our team held a "Mobile Device Clinic" for Cyber Security Awareness Month. Prior to the event, we passed out flyers letting employees know that we would be holding the clinic,

...