Sam Carter, CISSP, President of elcinfosec (formerly eLearningCorner, LLC) built our course management system and helped Native Intelligence grow from a speck of dust to a viable company.
In 1999 I prepared a 90-minute presentation for a security educator’s conference. It was my first professional presentation and I was eager to do well. I had rehearsed for days with a stack of note cards, a tape recorder, and a stop watch, and finally, I was prepared to face a live test audience: my mother.
The U.S. Army's Redstone Arsenal gave away more than 200 security awareness posters at their recent sixth annual TROD, or Team Redstone OPSEC Day (2018). Morris Burbank contacted us to ask about supporting the even, which was conceived in 2012 when the National OPSEC was cancelled because of budget constraints. Mr. Burbank and two other OPSEC officers on post got together in February 2013 to generate ideas and in August of that year the inaugural event took place.
Last Friday, May 25, was the deadline for the European Union’s General Data Protection Regulation (GDPR). This regulation is what's behind all those privacy and "terms of service" updates you've been getting from apps and online businesses. Companies who don't comply are risking fines which can be at least 4% of their worldwide annual revenue. Facebook has already received a 4.5 billion dollar lawsuit.
Security tool: Rounds and Stops wins for Security Awareness Motivational Item at the 31st Annual FISSEA Conference, held at NIST in Gaithersburg, MD on March 14-15, 2018.
Most security awareness materials are designed to reach as many people as possible – inspirational videos, compelling phishing training, or clever posters and banners. But what is lacking is a personal connection – something that makes the individual feel that their personal behavior is being noticed (for better or for worse).
Each year, the Federal Information System Security Educators' Association (FISSEA) sponsors a conference and a contest for security awareness and training materials. 2018 is the 31st annual conference. This year's theme is "Hardening the Human: The Power of Cybersecurity Awareness and Training." The two-day conference is held at the National Institute of Standards and Technology (NIST) in Gaithersburg, Maryland.
In "100 Things Every Designer Needs to Know About People," Dr. Susan Weinschenk shares the secrets of making learning stick and getting a response from people. Her techniques combine behavioral science, psychology, and practical examples. Here's a short teaser with five secrets to a great presentation that can be applied to security awareness.
The librarian is the person who organizes the Human Library event. The librarian recruits and interviews book candidates, then prepares a short description of the books for readers. The librarian may also provide readers with questions to get the conversations started.
Contests are a good way to motivate people. This article presents 14 ideas for security awareness contests and touches on the 3 P's of contests: Planning, Prizes, and Promotion. A contest can be a simple prize draw or a competition with rules for entry and criteria for winning.
Equifax, one of the big three consumer reporting bureaus made headlines in 2017 when it disclosed that it had been hacked. The breach impacted as many as 143 million Americans as well as Canadian and British citizens. A single employee could have prevented this breach
Measure internal user activities and determine which behaviors are good, bad, and ugly.
One of the right security metrics questions is, "What's the greatest threat to security at your organization?" (My friend Joe, who works at a large bank, answers: "Management.")
Metrics can be misused and abused. A survey by the Robert Frances Group reported that only 40 percent of the people they asked felt that their IT security measurement practices were effective.
How you answer these questions can shine a light on how effective your security awareness program is. Would your employees recognize a security incident? Would they know what to do about it?
Sometimes it takes an outsider, a security breach, or even a disaster, to get management to see that the program has become stuck and no longer reacts to potential incidents.
At the 2017 FISSEA Conference on June 19, Native Intelligence, Inc. won several awards. We won the contest for best security awareness poster and best motivational item. We also won three peer's choice awards: best poster, best motivational item, and best security training scenario.