Categories
-
Recent Posts
- Security Awareness and Social Networks: Why You Should Care, and What You Should Teach
- Poor Delivery – 5 Reasons Why Security Awareness Training Programs Fail – Part 2
- If You’re Going to Use PowerPoint
- Don’t Get Bogged Down in “How To”
- The Wrong Content – 5 Reasons Why Security Awareness Training Programs Fail – Part 1
Archives
Category Archives: Information Security
Security Awareness and Social Networks: Why You Should Care, and What You Should Teach
You might have been avoiding it until now – thinking that social networking (Facebook, MySpace, LinkedIn …) is just a passing trend, or it’s only used by teenagers, or people only use it to exchange photos and jokes. But, if … Continue reading
Posted in Education, Information Security
1 Comment
Poor Delivery – 5 Reasons Why Security Awareness Training Programs Fail – Part 2
You can have the best content in the world – well-written and illustrated, perfectly aimed at your target audience … – and your program will still fail if the delivery is poor. Whether it’s a boring presentation in the classroom, … Continue reading
Posted in Education, Information Security
1 Comment
The Wrong Content – 5 Reasons Why Security Awareness Training Programs Fail – Part 1
In my experience, one of the most common ways that security awareness training programs fail is that the content of the awareness/training materials is wrong for the target audience. The mention of the audience is important here – what’s appropriate … Continue reading
Posted in Education, Information Security
1 Comment
10 Laws to Mention in Your Acceptable Use Training
If you’re developing an “Acceptable Use of IT Resources” training course (or even developing the policy itself), this blog post from TechRepublic is a very useful reference. It discusses 10 of the laws that apply to computer users (in the … Continue reading
Posted in Information Security
Leave a comment
5 Reasons Why Security Awareness Training Programs Fail
All too often, I hear about security awareness training programs that fail. Here are some of the reasons that I hear: The information that they contain is inappropriate for the audience (usually far too complex). The presentation of the … Continue reading
Posted in Education, Information Security
2 Comments
Security Awareness Training for Call Center Reps
Call centers often handle highly sensitive information for customers including financial data such as credit card details, Social Security numbers, and bank account details; and, in some cases, health information. This means that they need to comply with an increasing … Continue reading
Posted in Compliance, Education, Information Security
Leave a comment
H1N1 and Snowstorms – Training for Teleworkers
In a blog posting entitled “H1N1 and telework,” Akamai’s Senior Director of Information Security and Chief Security Architect, Andy Ellis, writes that: [H1N1] affects us in the workplace. If an employee has a small child and they don’t have a … Continue reading
Posted in Education, Information Security
Leave a comment
Security Problems with Acrobat and PDF Files
PDF documents are no longer the security panacea we thought they were. And security awareness training needs to catch up with this. For years, IT and security professionals have been advising people to distribute documents in PDF format rather than … Continue reading
Posted in Information Security
Leave a comment
Social Engineering Using Facebook
Banning social network use DOESN’T prevent it being used for social engineering attacks. An excellent article in Dark Reading describes how a security consulting company carried out an (authorized) social engineering attack on a client using information gleaned from Facebook. … Continue reading
Posted in Information Security
1 Comment
URL Shortening as a Security Threat?
Most of us are familiar with URL shortening websites such as bit.ly, tinyurl.com, and is.gd. It’s one of the technologies that’s fuelling the explosive growth of social networks such as Twitter – after all, 140 characters isn’t a lot of … Continue reading
Posted in Information Security
Leave a comment