Phishing assessments can be a powerful tool for your awareness program. In the past we discussed how you can use phishing assessments for metrics, specifically how to measure what impact you are having in changing employee behavior. However I'm finding phishing assessments to be even more powerful as a training tool. The difference with training versus metrics in phishing assessments is that with training you are not measuring your awareness program, you are reinforcing it.
For example, with metrics when you send out a phishing email and people fall victim, you do not tell them right away. If you did they could warn others in your organization, skewing the results.
...
Over the past couple weeks I've been sharing my personal lessons learned for successful security awareness presentations. Today I would like to share one of the newest challenges I'm facing, simulcasts. Old school presenting involves standing up in front of a group of real people. Then we have webinars,where we virtually present to people around the world using tools such as GoToMeeting or Webex. These technologies have their own
One of the challenges we face in information security is our world is in a constant change - new technologies are released, business requirements change and bad guys are constantly evolving and adapting. As a result, to keep your security solutions effective you have to keep them updated. Security awareness is no different, I recommend updating your awareness content at least once a year. Here at SANS we update our content twice a year, including a complete review of each training module by our Board of Advisors. As a result, we end up updating about 30% of our content every six months. I wanted to share with you some of my observations and lessons learned from this process.
- One of ...
A common challenge more and more of us are facing with security awareness presentations is they are no longer in person but over the web, using technologies such as GoToMeeting or Webex. From a cost perspective this makes sense. You can reach far more people all over the world with no traveling costs, no conference room costs, and it is far more convienient for people to attend. In addition, webinars are simple to record and archive, so people can watch after the event. However the challenge with webinars is engaging your audience and having an impact. Many of thepresenting tips we have discussed in
...
This is presenting tip #10, the last in a series of my lessons learned and mistakes made presenting over the past years. To have an effective security awareness presentation you need to engage and interact with your audience. If they are simply sitting and passively listening, you will have little impact. You need people asking questions, sharing stories and interacting not with just you but each other. Sometimes you get lucky and this is not a problem, in that case you just let things run on their own and enjoy the ride. But in most cases creating an interactive group can be a challenge,
...
Security Awareness Training
Training
Certification
Internet Storm Center
Cyber Security Graduate School
Computer Forensics
Penetration Testing
IT Audit
Software Security
Phishing assessments can be a powerful tool for your awareness program. In the past we discussed how you can use phishing assessments for metrics, specifically how to measure what impact you are having in changing employee behavior. However I'm finding phishing assessments to be even more powerful as a training tool. The difference with training versus metrics in phishing assessments is that with training you are not measuring your awareness program, you are reinforcing it.
Recent Comments