-
-
Subscribe by Email
Categories
-
Recent Posts
Archives
Author Archives: Steve Addison
Cloud Computing is a Security Awareness Issue
Whether or not your organization is officially looking into cloud computing as a potential business tool, chances are that your employees are already be using cloud-based applications without you knowing about it. Cloud-based applications are already widely used – some … Continue reading
Posted in Information Security
Leave a comment
Don’t Forget PowerPoint for Your Security Awareness Training
If you’re planning your online security awareness training content development strategy, don’t forget PowerPoint. Much maligned as a web-based training tool, it should still have a place in your toolkit for when you need to develop quick and simple training … Continue reading
Posted in Education
Leave a comment
Don’t Let Your Helpdesk Help the Wrong People!
Here’s a blog post by Simon Herring of Ubersecure which describes how (during an authorized penetration test) he was able to “persuade” a helpdesk agent of a large company to reset his password by pretending to be a salesman in … Continue reading
Posted in Education, Information Security
Leave a comment
Requesting Your Suggestions for Cosaint’s 2011 Refresher Training Course
In a blog post last year – The Second Year and Beyond – I described how we recommend the use of a refresher course to fulfill the annual training requirement of regulations such as HIPAA, GLBA, PCI DSS … Using … Continue reading
Posted in Education, Information Security
Leave a comment
Not Enough Time – 5 Reasons Why Security Awareness Training Programs Fail – Part 4
I’ve seen a number of security awareness training programs run into problems when the designers of the program didn’t take into account the limited time that students have. Here are some things to think about when planning your program.
Posted in Education, Information Security
Leave a comment
Too Expensive – 5 Reasons Why Security Awareness Training Programs Fail – Part 3
You have the right subject matter, and a sound plan for presenting your materials. But, like it or not, cost is a major consideration when putting a security awareness training program in place. Initial price is often the thing people … Continue reading
Posted in Education, Information Security
Leave a comment
‘Tis the Season for … Hoaxes and Scams
It’s that time of year again – when fraudulent and nuisance emails, and online hoaxes and scams start making the rounds even more quickly than usual. Sophos has posted a warning about one such hoax spreading rapidly on Facebook where … Continue reading
Posted in Education, Information Security
Leave a comment
6 Easy Steps to Outline Your Web-Based Security Awareness Course
In an earlier post, we talked about how to create the outline for a security awareness training session to be presented in a classroom, or a staff meeting, or online as a webinar. In this post, we’ll look at how … Continue reading
Facebook Security
If you’re concerned about security and privacy on Facebook (and you should be), go to the official Facebook security page and click on ‘Like’ to receive updates and suggestions about how to protect your personal information. Here’s the link: http://www.facebook.com/security … Continue reading
Posted in Information Security
Leave a comment
The 90-9-1 Principle of Collaborative Content Generation
It’s not a new idea, but I was recently reminded of the 90-9-1 principle which seems to describe – pretty accurately – the participation rates of people signed up for an online discussion group or wiki or forum.
Posted in Education
Leave a comment