Security Awareness Training
Security Training
Security Certification
Internet Storm Center
Cyber Security Graduate School
ICS/SCADA
Penetration Testing
Cyber Defense Foundations
IT Audit
Computer Forensics
Software SecurityA common challenge many organizations face is getting management approval and/or funding for their awareness program. This section contains resources to help justify and get support for your own awareness program. These resources are developed by the community for the community. Please send any questions or any feedback on how to improve these resources to community@securingthehuman.org.
Stakeholder Presentation
This presentation template can be used to present to your senior management to explain the value of your proposed security awareness program; giving you the support, budget and resources you need to make your awareness program happen.
Employee Survey
Take a survey of your employees and learn just how little they know about security in your organization. Do they know you have a security team, do they know your policies, what percentage of your employees share their passwords?
Data Breaches
Your organization may be required to protect certain types of data (card holder, PHI, PII, PNI, etc). Here are several sites where you can search records of publicly known data breaches.
Compliance Requirements
There are a variety of regulations and standards that require security awareness training. Download our Security Awareness Compliance Requirements document that lists the most common legislation or standards that require security awareness training. In addition you will find the specific sections that state the requirement and links for more information.
Industry Reports
These are reports with statistics or findings that help demonstrate how the human is the target.
- Verizon 2013 Data Breach Investigation Report (multiple statistics on how human is target, but also how employees effectively detect incidents).
- Mandiant 2010 APT Report (Identifies Spear Phishing as #1 attack method).
- Microsoft SIR #11, p.10 (Identifies human as #1 malware propagation method).
Articles
Sometimes no matter what you tell management they simply will not listen. However, if a trusted 3rd party communicates the same message for you, your senior management will listen. Below are links to recent articles from sources that senior management use and trust. These articles explain how the human is the weakest link and emphasizes the importance of security awareness and education.
- Wall Street Journal:
- What's a Company's Biggest Security Risk? You. (Sep, 2011)
- Hackers Press the 'Schmooze' Button. (Oct, 2011)
- CNN Money:
- How a Lying Social Engineer Hacked Walmart. (Aug, 2012)
- Washington Post:
