Blog: SANS Securing The Human

Blog: SANS Securing The Human

Follow the Security Awareness Summit at #SecAwareSummit

Folks, friendly reminder that SANS first Security Awareness Summit will be next Wednesday, 10 September in Dallas TX. Not only am I excited about the six great speakers, but Alan Paller (SANS Director of Research) will be leading the panel at the end of the day. In addition we have lightning talks during lunch and numerous opportunities for peers to interact and learn from each other. If you cannot attend the event, be sure to follow all the action next Wednesday on Twitter on #SecAwareSummit.

Hope to see at the event next week or catch you on Twitter!


OUCH! is Out - Using The Cloud Securely

The OUCH! security awareness newsletter for September is out. Led by Guest Editors James and Kelli Tarala, we explain what the Cloud is, how it works and how to use it securely. With the proliferation and use of Cloud technologies such as Google Docs, Dropbox or iCloud people are exposing themselves to greater and greater risks (as seen with the recent celebrity iCloud hacks). Not only can Cloud technologies be confusing to people, but many people may be using the Cloud and not even realize it. We hope resources like OUCH! can help people better leverage these latest technologies in a more secure


BJ Fogg - Behavior Model / Camp

One of the primary goals of most security awareness programs is to change human behavior. By changing peoples' behaviors we can reduce risk both to themselves and their organization. As we have documented in the Security Awareness Planning Kit, to change human behavior we need to answer three key questions, WHOSE behavior do we want to change, WHAT behaviors do we want to change and HOW. Within the security community we are pretty good at the first two parts. Where we are weakest is HOW to change those behaviors. Wouldn't it be great if there was a Ph.D somewhere who had been studying Human Behavior Design for the past twenty years and created a simple model on how to do just that? Lucky for us, there is.

BJ Fogg is a Ph.D professor at Stanford who teaches Behavior Design. What makes his research so valuable to our community is he has developed a very simple yet effective model on changing human


Cyber Rules for the New School Year

Sending your kids off to school is always an exciting time as you know they are about to grow another year. Its also a great time to re-establish house rules concerning electronics and online activities. We want our kids to learn how to use and leverage 21st century technology, but we also want to protect them from its unique risks. Below are the new rules this year for the Spitzner household. These rules are designed for 13 and 10 year old boys, feel free to adapt as you see fit. As kids get older, I'm finding technical controls to be less and less effective, instead you need a family Acceptable Use Policy. Here is ours, I would love to hear what yours are, post your comments online or email us at


Show-n-Tell and Sharing at the #SecAwareSummit

Folks, as we gear up for the upcoming Security Awareness Summit in Dallas TX on 10 Sep, I wanted to share with you on how you can prepare for the event to make the most out of it. If you will be attending the event, some things to consider.

  1. SHARING: We are very excited about having six amazing speakers lead the event. However this is only just one of the many opportunities for you to learn. We are asking attendees to bring and share examples of their own awareness program. This can be newsletters, posters, mouse pads, calendars, stickers or any other resource you created that was a big hit. If possible, bring multiple copies to share with your peers. If you bring any large items, such as a poster, we will be happy to hang it for others to see.

  2. SHOW-N-TELL: If you like, take the sharing to the next level. During lunch any ...