"The Bad Karma of Releasing Names"

One of the most exciting areas for me in the world of security awareness is metrics, we are getting better and better at measuring change in human behavior. One of the most common methods is phishing assessments, as not only are they easy to do but they address one of the most common human attack vectors. A common question I’m asked with metrics is should organizations share the results of who fell victim, perhaps a ‘wall of shame’. Absolutely not, in many cases you do not even want to share the names with senior management. Here are several reasons why.First of all, everyone will eventually fall victim to such an …

Reposted from SANS. View original.