Blog: SANS Securing The Human

Blog: SANS Securing The Human

New Video of the Month - HIPAA / HITECH

Every other month we post a new security awareness video for the community. For July we posted a new video that covers the world of HealthCare. Specifically it explains what HIPAA, HITECH and PHI are, and why they apply to HealthCare. If your organization handles PHI, this is a great way to introduce your staff to the how and why of protecting PHI. More at our video of the month site.

 

Guest Post: Ramping Up Your Phishing Program - Security Awareness Summit

Editor's Note: This is a guest Blog Post from Cheryl Conley, head of Lockheed Martin's Security Education and Awareness team. Lockheed is one of the most targeted (and phished) organizations in the world. Below is a short description of her talk on "Ramping Up Your Phishing Program" at the Security Awareness Summit 10 Sep in Dallas.

During this 45 minute interactive session, we'll take a look at the past 5 years of phishing at Lockheed, our strategy to include the initial baseline, diverse levels of difficulty, and lessons learned. I'll discuss our Undesired Action Rate (UAR) metrics, the great improvements in reporting and the trends we have been able to diagnose/craft awareness material around; and even some of our unique employee interactions and responses to our testing (Jury Duty and Traffic tickets come to mind!). Time permitting, test your knee jerk skills

...

Guest Post - Enticing Employees to Self-Educate

Editors Note: This blog post is from Lori Rosenberg, part of the security awareness team at eBay. Here she covers her upcoming talk at the Security Awareness Summit (#SecAwareSummit) this 10 Sep in Dallas. The summit brings together awareness officers from around the world to share how they are taking their program to the next level, and how they are measuring that impact.

Like most large organizations, I'm limited in the frequency and length of communications in which I'm able to send to large groups, so I have to make the most of all opportunities when I push information to our employees. This is one of the many benefits of

...

Guest Post - 17 Reasons for Healthcare Awareness Training

Editor: Today's guest blog post is from Kelli Tarala

The Department of Health and Human Service (HHS) Office for Civil Rights (OCR), recently fined Parkview Health System $800,000 for HIPAA privacy violations involving leaving seventeen boxes of non-electronic health records unsupervised at the end of physician's driveway. As a result of the settlement, the health system must adopt a corrective action plan which includes staff training and an implementation report on that training to OCR. Let's take a closer

...

Your New Security Awareness Planning Kit - Ver 2.0

One of the biggest challenges people face when building a high-impact security awareness program is where to start. Changing human behavior is hard, to do it right requires a lot of planning and coordination. To help build your program check out the "Security Awareness Planning Kit". This kit is a collection of templates, checklists, plans and materials that walk you through step-by-step on how to build a new or update an existing awareness program. These materials were developed by other security awareness officers, people just like you trying to make a difference with limited time and resources. This kit saves you time and effort by enabling you to build on and leverage what other awareness

...