Blog: SANS Securing The Human

Blog: SANS Securing The Human

Signing-Up For OUCH! Newsletter and Awareness Posters

As some of you already know, we provide a variety of community resources to help you with your security awareness programs. One of our most popular resources is the OUCH! security awareness newsletter.This free newsletter covers a new cyber security topic each month and is translated into 25 languages. Another popular resource is our series of security awareness posters. Each year we create and print a new security awareness poster, which you can receive in the mail for free (this year's upcoming posters will be on Healthcare and creating a Cyber Secure Home).

To ensure you get access to these resources, consider


Start With Simplest Behaviors First

A common challenge I run into when helping others build a security awareness program is trying to decide on what human risks to focus on. You only have so much time and resources to communicate to others, and people can only remember so much. If you can only change 10 behaviors this year, which 10 are you going to change? I've seen awareness programs fail because organizations never took the time to prioritize their human risks/behaviors and as a result overwhelmed people with a huge laundry list of random do's and don'ts.

One of the interesting things I learned from Dr. Fogg and his behavior model is that different behaviors have different levels of difficulty. Some behaviors will be easy to change and some will be hard. While this sounds intuitive, his model helps you understand why this is the case. One take away for me was this. Once you identify the top behaviors you want to change, focus on the easiest ones first. Some


Influence: Science and Practice

I just finished the book "Influence: Science and Practice" by Dr. Robert Cialdini. Dr. Cialdini is considered by many as one of the leading experts in influence, or what our community calls "Social Engineering". This is a powerful book, as you not only learn the techniques that cyber attackers can use against your organization, but can help you create a more effective security awareness program. What makes this book so valuable is not only is it backed by extensive academic research, but its written in a fun and easy to understand way. Dr. Cialdini identifies six principles for influence, what he calls "Weapons of Influence". What makes these principles so


1st Annual Security Awareness Survey

Folks, just a friendly reminder that as part of #NCSAM we are hosting the first annual security awareness survey. The goal of this short, anonymous survey is to create a standardized industry report on how organizations are mitigating human information-related risks. The report will enable security awareness officers to make more informed decisions and benchmark their program to other organizations in their industry. The survey ends 17 Oct with results released in November, so act now if you want to contribute. In addition, if you take the survey you will get early access to the results. You can take the survey at

Big thanks to Lance Hayden, author of IT Security Metrics, in helping us develop the survey.


Resources to Make Your #NCSAM a Success

At SANS Securing The Human, we recognize the important role National CyberSecurity Awareness Month (NCSAM) plays in bringing attention to the cybersecurity challenges faced by all organizations. NCSAM's activities not only help educate and inform people, but they also create a culture of sharing and helping others. Given our passion surrounding this subject, we are providing a variety of free resources to help organizations and their awareness efforts. These resources include a series of a webcasts, the first annual security awareness survey, a poster and a new tips sheet. Learn more at