Push the Button: Making Security Training Fun and Interactive As humans, we are all constantly trying to find the signal in the noise. Unfortunately, the topics and behaviors that we, as corporate security trainers, are trying to explain, teach, and reinforce are often seen as noise to those whom we are targeting. Therefore, to achieve our goals we need more than pertinent information and slick graphics; we need to find ways to stand out, capture people's attention, and find a way to cement our desirable security behaviors with positive associations. An effective strategy to stand out, make your message more memorable, and to build a positive reputation for your security team is to incorporate interactive exhibits and activities in your security training program. 1 Jun 2019 :: Security :: #human factors #training #security awareness #journal article
Encryption in the Hands of End Users Organizations are increasingly investing in encryption capabilities. One form of encryption that is seeing increased deployment is end-user managed encryption; however, such deployments present many challenges for the enterprise. Such tools typically lack centralized management and control capabilities, either forcing or allowing users to make security decisions on their own. This makes monitoring and enforcement of proper usage difficult and leaves doubts over whether users are using encryption properly, if at all. In addition, monitoring and data loss prevention tools are often rendered mute because most solutions lack escrow and security infrastructure integration. In this article we will discuss some of the challenges and risks in deploying end-user managed encryption and will also evaluate alternative centralized solutions and their benefits. 1 May 2016 :: Security :: #encryption #human factors #zip #siem #journal article
The effect of acquisition decision making on security posture The purpose of this paper is to examine the effectiveness of decision making in IT acquisition and security, and the disparity between the two domains. The paper postulates that improving decision processes during acquisition increases decision makers' security consciousness and security posture.. Analysis suggests a significant positive correlation between the effectiveness of acquisition decision making and organizational security posture and attitudes, further suggesting that small improvements in acquisition decision making may result in substantial improvements in an organization's security posture. 1 Dec 2012 :: Security :: #human factors #aquistion #journal article
Commentary on the Seven Deadly Sins of Network Security …to be the major mistakes or misjudgments made by IT administrators when evaluating, planning, and performing security activities. While the author focuses his 'seven deadly sins' on network security, they are certainly applicable to enterprise security in general. The first sin is… 18 Dec 2008 :: Security :: #networking #firewalls #patches #human factors #verizon