-
-
Subscribe by Email
Categories
-
Recent Posts
Archives
Author Archives: Steve Addison
If You’re Going to Use PowerPoint
If you’re going to use PowerPoint to present security awareness training to a class of students, or perhaps to make a business case to your senior management, here are some suggestions from Seth Godin about how to make the best … Continue reading
Posted in Education
Leave a comment
Don’t Get Bogged Down in “How To”
When creating security awareness training materials, it’s tempting to explain to students exactly how they should scan a file for viruses, the steps to take to check an SSL certificate, how to examine the headers of an email … Don’t. … Continue reading
Posted in Education
Leave a comment
The Wrong Content – 5 Reasons Why Security Awareness Training Programs Fail – Part 1
In my experience, one of the most common ways that security awareness training programs fail is that the content of the awareness/training materials is wrong for the target audience. The mention of the audience is important here – what’s appropriate … Continue reading
Posted in Education, Information Security
2 Comments
Awareness, Training, and the Four-Stage Learning Model
In some guidance documents (e.g., NIST SP800-16), you’ll find a distinction drawn between “awareness” and “training” even though most of us use the words together when talking about education of end-users. There’s actually a good theoretical basis for differentiating between … Continue reading
10 Laws to Mention in Your Acceptable Use Training
If you’re developing an “Acceptable Use of IT Resources” training course (or even developing the policy itself), this blog post from TechRepublic is a very useful reference. It discusses 10 of the laws that apply to computer users (in the … Continue reading
Posted in Information Security
Leave a comment
5 Reasons Why Security Awareness Training Programs Fail
All too often, I hear about security awareness training programs that fail. Here are some of the reasons that I hear: The information that they contain is inappropriate for the audience (usually far too complex). The presentation of the … Continue reading
Posted in Education, Information Security
2 Comments
Security Awareness Training for Call Center Reps
Call centers often handle highly sensitive information for customers including financial data such as credit card details, Social Security numbers, and bank account details; and, in some cases, health information. This means that they need to comply with an increasing … Continue reading
Posted in Compliance, Education, Information Security
Leave a comment
H1N1 and Snowstorms – Training for Teleworkers
In a blog posting entitled “H1N1 and telework,” Akamai’s Senior Director of Information Security and Chief Security Architect, Andy Ellis, writes that: [H1N1] affects us in the workplace. If an employee has a small child and they don’t have a … Continue reading
Posted in Education, Information Security
Leave a comment
Security Problems with Acrobat and PDF Files
PDF documents are no longer the security panacea we thought they were. And security awareness training needs to catch up with this. For years, IT and security professionals have been advising people to distribute documents in PDF format rather than … Continue reading
Posted in Information Security
Leave a comment
Social Engineering Using Facebook
Banning social network use DOESN’T prevent it being used for social engineering attacks. An excellent article in Dark Reading describes how a security consulting company carried out an (authorized) social engineering attack on a client using information gleaned from Facebook. … Continue reading
Posted in Information Security
1 Comment