Blog

Archive for Securing the Human

"How Can I Tell This is an Attack? – Amazon Support Phish"

Quite a few folks have been asking how can they tell this Amazon email is a Phish. Below are the indicators. I like this example as it demonstrates how the bad guys are constantly evolving and adapting in their attacks. Notice in thisemail how there is no malicious link or infected attachment to click on, … Continue reading How Can I Tell This is an Attack? – Amazon Support Phish

Reposted from SANS. View original.

Posted in: Securing the Human

Leave a Comment (0) →

"The Security Awareness Board Game – At the EU #SecAwareSummit"

Editor’s Note:Daria Catalui is the Cyber Awareness Coordinator for the European Commission.She is one of the speakers for the upcomingSecurity Awareness Summit 6/7 December in London. Below she gives an overview on her upcoming talk on gamifying awareness programs. As my former boss likes to say ‘Cyber security awareness month is everyday’ so indeed the … Continue reading The Security Awareness Board Game – At the EU #SecAwareSummit

Reposted from SANS. View original.

Posted in: Securing the Human

Leave a Comment (0) →

"Every Behavior Has a Cost"

To effectivelymanageyour organization’s human risk,you need to changeyour workforces behaviors. Behaviors such as how people use email, create passwords or share information. While at first this sounds fundamental andperhaps even simple, it is deceivingly hard. One of the most common reasons so many awareness programs fail is they focus onthe wrong behaviors, makesecure behaviors overly … Continue reading Every Behavior Has a Cost

Reposted from SANS. View original.

Posted in: Securing the Human

Leave a Comment (0) →

"Why a Phishing Click Rate of 0% is Bad"

Working with hundreds of organizations around the world, one of the most commonphishing questions I’m often asked is "What should our click rate be for our phishing assessments"? Or, "We got a 17% click rate on our phishing simulation, is that a good or bad number?" Well, it all depends. First, it really depends on … Continue reading Why a Phishing Click Rate of 0% is Bad

Reposted from SANS. View original.

Posted in: Securing the Human

Leave a Comment (0) →

"The Power of a Security Ambassador Program"

As security awareness programs mature I’m starting to hear more and more organizations ask "What’s Next?".Whatcomes afterrolling out interactive online training, Phishing assessments, infographics, lunch-n-learns and speaker events?How do you go beyond the Behavior stage of the Security Awareness Maturity Model anddevelop a secure culture? Hands down what I seeworking around the world is Security … Continue reading The Power of a Security Ambassador Program

Reposted from SANS. View original.

Posted in: Securing the Human

Leave a Comment (0) →

"Lessons in Building your own Awareness Community – At the EU #SecAwareSummit"

Editor’s Note: Martine van de Merwe and Chris Karelse arespeakers for the upcomingSecurity Awareness Summit 6/7 December in London. Below they give an overview of their talk on Building Your Own Awareness Community. We all have that experience where it was better if we connected more and earlier with other security awareness professionals. It is … Continue reading Lessons in Building your own Awareness Community – At the EU #SecAwareSummit

Reposted from SANS. View original.

Posted in: Securing the Human

Leave a Comment (0) →

"Three Commandments to Building a Mature Awareness Program"

I’m excited how more and more organizations understand that cyber security isno longer just about technology, but about people. To have an effective security program, you have to also effectively manage your human risk. And to manage your human risk, you need an effective awareness program. But it also amazes me how people over complicate … Continue reading Three Commandments to Building a Mature Awareness Program

Reposted from SANS. View original.

Posted in: Securing the Human

Leave a Comment (0) →

"KRACK Attack – What to Communicate"

Editor’s Note: This blog is a work in progress and will be actively updated as new information is released. It was just announced this morning (Monday, 16 October, 2017) that the encryption in the globally used WPA2 Wi-Fisecurity protocolhas been broken. This standard is the most commonly used encryption standard used by Wi-Fi networks around … Continue reading KRACK Attack – What to Communicate

Reposted from SANS. View original.

Posted in: Securing the Human

Leave a Comment (0) →

"Hey America (and World) GDPR Applies to You To"

In 2003 California rocked the privacy world when it passedCalifornia S.B. 1386. This law stated that any organization that was breached and had the personal data of California residents had to notify those individuals that their data was breached. While the lawwas only passed inCalifornia, the law impacted any organization in the United Statesthat handled … Continue reading Hey America (and World) GDPR Applies to You To

Reposted from SANS. View original.

Posted in: Securing the Human

Leave a Comment (0) →

"The Five Tenets of Cyber Security"

In thetwo day MGT433 Securing the Human course, we start the class bydefining what risk is. Security awareness is nothing more than acontrol to manage human risk. To manage risk, you have to first define it. What stuns me is how often security professionals that have been in this field 5, 10 or even 15 … Continue reading The Five Tenets of Cyber Security

Reposted from SANS. View original.

Posted in: Securing the Human

Leave a Comment (0) →
Page 1 of 33 12345...»