Blog: SANS Securing The Human

Blog: SANS Securing The Human

Guest Blog Post: Health Wearables

Editor's Note: This is a guest Blog Post from Kelli Tarala. This is the first in a series of blog posts from her about wearable devices and healthcare.

Have you seen friends and coworkers wearing wrist bands with blinking lights and wondered what these bracelet-looking things are all about? They are part of the emerging trend in healthcare known as Mobile Health or "Mhealth."

These wearable devices can record fitness activities, as well as monitor sleep patterns, body temperature, and hydration levels. Common brands include the Nike® Fuel Band, FitBit®, Jawbone®, and the Microsoft® Band. These wearable devices are gaining in popularity: in a recent research project from summer 2014, PricewaterhouseCoopers' (PWC) health research initiative found that awareness of the staggering possibilities of these mobile health devices is rapidly growing.

While health wearables are still an emerging technology trend, 56% of survey


Signing-Up For OUCH! Newsletter and Awareness Posters

As some of you already know, we provide a variety of community resources to help you with your security awareness programs. One of our most popular resources is the OUCH! security awareness newsletter.This free newsletter covers a new cyber security topic each month and is translated into 25 languages. Another popular resource is our series of security awareness posters. Each year we create and print a new security awareness poster, which you can receive in the mail for free (this year's upcoming posters will be on Healthcare and creating a Cyber Secure Home).

To ensure you get access to these resources, consider


Start With Simplest Behaviors First

A common challenge I run into when helping others build a security awareness program is trying to decide on what human risks to focus on. You only have so much time and resources to communicate to others, and people can only remember so much. If you can only change 10 behaviors this year, which 10 are you going to change? I've seen awareness programs fail because organizations never took the time to prioritize their human risks/behaviors and as a result overwhelmed people with a huge laundry list of random do's and don'ts.

One of the interesting things I learned from Dr. Fogg and his behavior model is that different behaviors have different levels of difficulty. Some behaviors will be easy to change and some will be hard. While this sounds intuitive, his model helps you understand why this is the case. One take away for me was this. Once you identify the top behaviors you want to change, focus on the easiest ones first. Some


Influence: Science and Practice

I just finished the book "Influence: Science and Practice" by Dr. Robert Cialdini. Dr. Cialdini is considered by many as one of the leading experts in influence, or what our community calls "Social Engineering". This is a powerful book, as you not only learn the techniques that cyber attackers can use against your organization, but can help you create a more effective security awareness program. What makes this book so valuable is not only is it backed by extensive academic research, but its written in a fun and easy to understand way. Dr. Cialdini identifies six principles for influence, what he calls "Weapons of Influence". What makes these principles so


1st Annual Security Awareness Survey

Folks, just a friendly reminder that as part of #NCSAM we are hosting the first annual security awareness survey. The goal of this short, anonymous survey is to create a standardized industry report on how organizations are mitigating human information-related risks. The report will enable security awareness officers to make more informed decisions and benchmark their program to other organizations in their industry. The survey ends 17 Oct with results released in November, so act now if you want to contribute. In addition, if you take the survey you will get early access to the results. You can take the survey at

Big thanks to Lance Hayden, author of IT Security Metrics, in helping us develop the survey.