-
-
Subscribe by Email
Categories
-
Recent Posts
Archives
Category Archives: Education
Security Awareness and Climate Change – Scaring People is Not the Right Approach
Far too many security awareness training programs start with a series of horror stories about hackers and identity theft, lost money and damaged reputations, privacy breaches and deleted computer files. Before long, the average student starts to tune out – … Continue reading
Posted in Education, Information Security
1 Comment
Engaging Your Staff in Security Requires Leadership – Not Free Coffee Mugs
Over the years, I’ve heard a lot about how important it is to ‘engage’ staff in information security, but very little about how to do this in practice. And what little advice I see seems to be limited to providing … Continue reading
Posted in Education
Leave a comment
Don’t Forget PowerPoint for Your Security Awareness Training
If you’re planning your online security awareness training content development strategy, don’t forget PowerPoint. Much maligned as a web-based training tool, it should still have a place in your toolkit for when you need to develop quick and simple training … Continue reading
Posted in Education
Leave a comment
Don’t Let Your Helpdesk Help the Wrong People!
Here’s a blog post by Simon Herring of Ubersecure which describes how (during an authorized penetration test) he was able to “persuade” a helpdesk agent of a large company to reset his password by pretending to be a salesman in … Continue reading
Posted in Education, Information Security
Leave a comment
Requesting Your Suggestions for Cosaint’s 2011 Refresher Training Course
In a blog post last year – The Second Year and Beyond – I described how we recommend the use of a refresher course to fulfill the annual training requirement of regulations such as HIPAA, GLBA, PCI DSS … Using … Continue reading
Posted in Education, Information Security
Leave a comment
Not Enough Time – 5 Reasons Why Security Awareness Training Programs Fail – Part 4
I’ve seen a number of security awareness training programs run into problems when the designers of the program didn’t take into account the limited time that students have. Here are some things to think about when planning your program.
Posted in Education, Information Security
Leave a comment
Too Expensive – 5 Reasons Why Security Awareness Training Programs Fail – Part 3
You have the right subject matter, and a sound plan for presenting your materials. But, like it or not, cost is a major consideration when putting a security awareness training program in place. Initial price is often the thing people … Continue reading
Posted in Education, Information Security
Leave a comment
‘Tis the Season for … Hoaxes and Scams
It’s that time of year again – when fraudulent and nuisance emails, and online hoaxes and scams start making the rounds even more quickly than usual. Sophos has posted a warning about one such hoax spreading rapidly on Facebook where … Continue reading
Posted in Education, Information Security
Leave a comment
6 Easy Steps to Outline Your Web-Based Security Awareness Course
In an earlier post, we talked about how to create the outline for a security awareness training session to be presented in a classroom, or a staff meeting, or online as a webinar. In this post, we’ll look at how … Continue reading
The 90-9-1 Principle of Collaborative Content Generation
It’s not a new idea, but I was recently reminded of the 90-9-1 principle which seems to describe – pretty accurately – the participation rates of people signed up for an online discussion group or wiki or forum.
Posted in Education
Leave a comment