In our article, "The 7 Elements of a successful awareness program," we identified the first and most critical element was obtaining C-level support. Such support is critical for the success of just about any organizational effort. Their support brings organizational buy-in and authority for your efforts. You can get other departments to support your efforts. While you will still meet some resistance, it is easier to overcome or bypass. Most importantly, you get more funding to put together a respectable awareness program.
Ira Winkler and Samantha Manke |
22 Jul |
Read more
Recently, we have been called in to help companies handle attacks from the Syrian Electronic Army (SEA). Our first priority is to help contain the damage, figure out which accounts have been compromised that have not been used yet to cause damage, and clean things up.
Ira Winkler and Samantha Manke |
03 Feb |
Read more
One of the reasons many security awareness programs fail is that they rely on a "push" mentality, where they force employees to take awareness training and expect or, more likely, hope that employees will seek out additional training, because it is the right thing to do. While many there are programs that do this that are successful, they are relatively rare.
Ira Winkler and Samantha Manke |
02 Dec |
Read more
Useful and legitimate metrics have long evaded the information security community as a whole. Without proper metrics, you cannot truly prove the value of a security program. This makes it difficult to justify increasing the budget and even maintaining the budget that you have.
Ira Winkler and Samantha Manke |
23 Oct |
Read more
There is a great dichotomy in Security Awareness. Just about all of the CSOs we talk to believe that one of their top priorities is to improve their organization's security culture -- in other words, the behavior of their users. Similarly, we see article after article and study after study talking about how humans are the primary attack vector for advanced attacks. Some studies indicate that human exploitation is the key enabler in as many as 90 percent of attacks. Buzzphrases, such as protecting and attacking "Layer 8" have emerged.
Ira Winkler and Samantha Manke |
10 Jul |
Read more
A list of action items for CSOs looking to bolster their security awareness programs.
Ira Winkler and Samantha Manke |
01 May |
Read more