National Cyber Security Awareness Month (NCSAM) Activities

National Cyber Security Awareness Month (NCSAM) Activities

SANS Securing The Human recognizes the important role National Cyber Security Awareness Month (NCSAM) plays in bringing attention to the cyber security challenges faced by all organizations. NCSAM's activities not only help to educate and inform people about these issues, but it also creates a culture of sharing and helping others. Given our passion surrounding this subject, we would also like to give back to the community and offer the free resources listed below.

Top Five Steps to Staying Secure

This document is a companion guide to the October OUCH! newsletter. This companion guide covers the same 5 security awareness steps anyone should take to stay secure. However this guide is designed as a simple reference that people can print out and post at their desk or computer.

Download here!


Securing The Human in EMEA - Next Generation Awareness Programs
by Lance Spitzner, Director, SANS Institute

Date/Time: October 8th, 2014 @ 10 AM ET

In this short talk we will walk you through step-by-step how to take your security awareness program to the next level. We will cover key points including how to leverage the Security Awareness Maturity Model, how to effectively engage people, and how to measure change in behavior and communicate those results to management. In addition we will be including the latest materials, resources and lessons learned from the Security Awareness Summit.

Register here:

Measuring Human Risk: What is Your Organization's Security Score?
by Dan deBeaubien, Director, SANS Institute

Date/Time: October 16th, 2014 @ 1 PM ET

This webinar will showcase the methodology and results of a multi-year human security risk assessment and security awareness initiative at Michigan Technological University. This discussion will include the risk assessment system, metrics, and scoring used to identify specific training needs by individual, department, and division, to uncover high-risk behavior, and to direct training and auditing where they are needed most. Multi-year data trends, combined with organizational structure data and training metrics are used to measure the actual impact of awareness training. As this process continues, it is used to focus Michigan Tech's security resources based on institutional risk and to help calculate the business value of security awareness programs.

Register here:

Ramping Up Your Phishing Program
by Cheryl Conley, Business Area Information Security Officer, Lockheed Martin

Date/Time: October 30th, 2014 @ 9 AM ET

Many organizations have recently started phishing programs as part of their overall awareness program. Lockheed Martin has been running intensive phishing assessments for 5+ years utilizing a rigorous, repeatable methodology. In addition to greatly reducing the risk associated of employees taking a "bad" action with suspicious e-mails they have identified numerous lessons learned on how to effectively use phishing to manage cyber security risk presented by human behavior. Examples include: how to structure a good phishing email, how to build a progressive and diverse training program, addressing chronic "clickers" and developing metrics that help inform risk management strategies and articulate risk reduction results to relevant stakeholders.

Register here:


The SWAT Checklist provides an easy-to-reference set of best practices that raise awareness and help development teams create more secure applications. It is the first step toward building a base of security knowledge around web application security. Use this checklist to identify the minimum standard that is required to neutralize vulnerabilities in your critical applications.

Download here!


Please enjoy this month's video that demonstrates a fictional cyber attack against a control system reliant infrastructure. It is a learning tool for educational purposes and designed to help organizations better understand and develop exercise scenarios. This module is just one of the many modules available as part of our STH.Engineer security awareness training product line described here: