Blog: SANS Securing The Human

Blog: SANS Securing The Human

Getting Support and Approval for Phishing Assessments

During my human metrics talk at RSA last month, a common question was how to get support for an internal phishing program. Phishing assessments are a powerful metric, not only do they measure a high human risk, but they are repeatable, quantifiable, actionable and low cost. This is why phishing has become one of the most common metrics within security awareness. In addition phishing is a powerful way to reinforce key human behaviors. When I first started in security awareness five years ago, phishing or any type of human assessments, were rare. Now a days, I would say roughly 30% of organizations I work with are doing some type of human assessments as part of their awareness program (surveys, phishing, checking on secured desktops

...

Why the 90 Day Rule for Password Changing?

I consistently find passwords one of the most challenging part of any awareness program as we have to teach people a patchwork of confusing rules. These rules can include always use long, complex passwords, never share your passwords, unique passwords for every account, never write your password down, be cautious of personal questions, and more. To make matters worse, not only are different people teaching different rules, but those rules change over time. *sigh*

One of the key guidelines of changing behavior is focus on the fewest behaviors that address the greatest risk. When you take this approach, you will soon find the hardest part about effective awareness is deciding what NOT to teach people. For example, a frustration of mine is the old adage always

...

March OUCH is Out - Windows XP

OUCH is a free, monthly security awareness newsletter developed by SANS Securing The Human and community volunteers. Our goal is to provide Ordinary Computer Users (OCUs) simple and actionable information on how to protect themselves online. Every month, led by a Guest Editor Subject Matter Expert, we cover a new topic in 1,000 words or less and translate that into over 20 languages. For March, we selected the topic of Windows XP, specifically how Microsoft will end support for it next month. We felt this topic was very important, as surprisingly almost 30% of computers still use Windows XP today. We encourage you to download, share and distribute OUCH with your friends, family and co-workers. Organizations are welcome to distribute OUCH as part of their

...

New Security Awareness Training for ICS/SCADA Community

At SANS Securing The Human we are very excited to announce the release of new security awareness training designed just for the ICS/SCADA community. Our Subject Matter Expert Tim Conway goes into more detail on the training below. You can learn more about the training (or take a demo) at our ICS Engineering website, or sign up for a webcast this Thursday, 3pm ET where our team discusses the training.

As Critical Infrastructure sectors continue to develop an increasing reliance on cyber components in operations, and implement systems that are more aware and interconnected than previously utilized, there is an

...

Top Five Most Popular Security Awareness Topics

At SANS Securing The Human we currently have over 40 topics in our security awareness training library. By breaking up our training into short modules organizations can select and use only the topics that directly apply to them. This enables organizations to create short, yet highly effective training. You can find descriptions and short video clips of all the training topics at our STH.EndUser Demo page. With over 800 customers now using this training library, we can begin to extract some very interesting statistics. One of the metrics we ran for 2013 is what topics, what human risks, are organizations most concerned about. As such, we identified the five most common topics used. In other

...