Read Ryan Francis take a look at whether third-party security awareness training work on CSO Online :
Being a security company, Rapid7 has to take special interest in making sure its 1,000 employees do not succumb to phishing and the like. At a recent CSO50 conference, speakers discussed their security awareness training.
Read Bob G. Stasio explains why companies need to build capacity to fight cyber threats on Dark Reading :
With the rapid rise, frequency, severity and cost of cyber attacks, many companies today are looking to the government military intelligence industry for the skills, talent and experience to run their security operations center.
CEOs are often the busiest people in any organization. As security professionals, we should respect that: but what can we do when our CEO won’t take security awareness training?
This is not uncommon but it can be a hard nut for security professionals to crack. We probably don’t top many lists of best for human empathy, and that combined with the full schedules of a typical CEO means things can become (mutually) frustrating. However, there are some great arguments for getting everyone in an organization – be they high or low – to take security awareness training.
As I discussed yesterday, a recent survey by KPMG of the CEOs of over 1,200 businesses shows that many firms are woefully unprepared to address cyber attacks.
After the report was issued, I spoke with Malcolm Marshall, Global Head of Cyber Security at KPMG, and asked him what areas of weakness he and his team have observed in firms that already have cybersecurity plans and technology in place (for those that do not yet, please see this article), and what CEOs should be doing now to better protect their firms.
Read the interview with Malcolm Marshall, Global Head of Cyber Security at KPMG, who talks about the 8 cyber security mistakes businesses make and how to fix them on Inc.
While traditional manufacturing industries were not designed with security in mind, the proliferation of networks and devices, disparate communication channels, and the use of off-the-shelf software has thrust cybersecurity into the spotlight.
Safety and security concerns associated with the high levels of connectivity and integration are surfacing as the concept of the Internet of Things (IoT) takes shape in the industrial networks and manufacturing plant floors. The alarming frequency of sophisticated and targeted advanced persistent threats has given further weight to the safety argument across both process and discrete industries.
Read why industrial security awareness remains at a abysmal low on Help Net Security.
In this article, we will learn how we can achieve PCI-DSS compliance through security awareness training. We will also discuss some of the requirements of PCI-DSS that depend completely on end-user responsibilities and security awareness.
Due to lack of education and awareness about payment security, employees often leave security holes in their developed applications by not following best security practices in coding, picking up weak passwords, and sharing company information on public and social platforms.
Read on how to achieve PCI compliance through security awareness training on Resources Infosec.
Your organization may already have security training and awareness (STA) program, or (this is less likely nowadays) you may have to build one from scratch.
This is a checklist of the policies that should underpin a successful STA program. When building up a team (or virtual team) to meet requirements, it can be useful to identify the types of skills needed to help meet objectives. So where possible, I have identified the professions I believe would be most useful to help with each step.
Read more about the security awareness and training policy checklist on Infosec Institute.