Security Awareness Blog

Security Awareness Blog

OUCH is Out - What is Anti-Virus?

December's OUCH! is out. For this month's security awareness newsletter we decided to cover Anti-Virus. Guest Editor and malware expect Jacob Williams walks you through exactly what anti-virus is, how it works and most importantly its limitations. Ultimately our goal is for people to understand that while anti-virus is an important part of your cyber protection, it cannot detect nor stop everything. You, combined with technology, are the best defense in today's online world. You download and share OUCH! with your friends, family and co-workers and can access it in over 25 different languages.

Download OUCH! -

Phishing Assessment Bag of Tricks

Editor's Note: This is a guest Blog Post from Cheryl Conley, head of Lockheed Martin's Security Education and Awareness team. Lockheed is one of the most targeted (and phished) organizations in the world. Below are her thoughts on Phishing as she wraps up 2014.

I hope everyone survived NCSAM, we at Lockheed had a very successful run. We were very pleased with the participation across the enterprise and eager to capitalize on the flurry of interest from our non-cyber employee base. October was a very busy month, while we started planning for NCSAM in June, the activities during the month included our monthly phishing efforts. As we wind down for 2014, the email testing team is taking a breather. We feel December has too many activities that conflict with a phishing assessment, to include enterprise activities such as compliance deadlines and many of the employees are out of office on vacation or travel. Also much of the leadership will

You are for Sale: Wellness Apps, Wearable Devices, and Data Privacy

Editor's Note: This is a guest Blog Post from Kelli Tarala.This is the second in a series of blog posts from her about wearable devices and healthcare.

Introduction:In a recent post we discussed health wearables, a class of devices that measures and reports on statistical health information such as number of steps taken, heart rate, sleep patterns, etc. This collection of data is part of a movement known as the Quantified Self and it is an ecosystem of applications, cloud services, smart phones, medical devices and wearables that assist the user in self-tracking. The purpose of this self-tracking is improved self-knowledge, perhaps improved athletic performance or better health through weight loss, lower blood pressure, or more activity throughout the day. Through an application on a smart devices, this quantified self-data is


Book Review - John Kotter's "Leading Change"

I just finished reading John Kotter's amazing book Leading Change, a resource I absolutely recommend for anyone involved in the world of security awareness. John Kotter is one of the world's leading experts on culture change with over 30 years experience in this field and a graduate of both Harvard and MIT. His book takes you through a strategic eight step process on how to create change in organizations, with the last step ultimately resulting in change of culture. Just like Cialdini's book Influence, what I loved about Kotter's book is he brings real world stories to every step. Some key things I took away from the book include:


American vs. European Reporting - Creating a Sense of Urgency

One of the first steps in attempting to change culture is creating a sense of urgency. Without a strong sense for a need for change, especially at the senior level, it is difficult to change peoples' beliefs, attitudes and behaviors. The excellent book Leading Change by John Kotter does an outstanding of explaining an 8 step process to culture change, and step #1 is a sense of urgency. This is why in the United States I feel we are seeing an acceleration in security awareness and investment in information security due to all the breaches that have been publicized in the past 18 months. From Target and Home Depot to JP Morgan Chase and other financial institutions, there is a growing sense of urgency as organization after organization goes public about recent incidents. No one wants to be the next Target, and I'm hearing from students that senior management is investing in