Access "Security Awareness Employee Training Essential to Infosec Program"
This article is part of the June 2008 issue of Five crucial virtualization do's and don'ts
Nothing circumvents pricey defense-in-depth faster than people; educating workers about security is essential. It's one of the hardest jobs a security officer has: teaching users about security. How do you grab an employee's attention during a busy workday? How do you get them to remember, let alone listen, about the need to create strong passwords and to be cautious when opening email attachments? To deal with this dilemma, Lynne Pizzini pulls out her bag of tricks--literally. In training presentations at Blue Cross and Blue Shield of Montana, she incorporates magic. One of her tricks uses colored scarves to illustrate the importance of strong passwords and the different elements that go into them; the result is a single, multi-colored scarf. Another trick aims to get employees to understand that they, with all their access to data, pose the greatest security risk. Pizzini displays cards that illustrate seven security risks discussed in the presentation and shuffles them face down, however many times a participant indicates. Then Pizzini spells out "right" ... Access >>>
Premium Content for Free.
Virtualization server security best practices
by Thomas Ptacek
Avoid server virtualization security bad practices with these dos and don'ts. Get info on virtualization products, segmentation, implementation, avoiding malware, and staging, deploying and patching virtual machines, segmentation and implementation.
Product review: Credant Mobile Guardian 6.0
Product review: Klocwork Insight 8.0
Embedded Security Safeguards Laptops
Tech Focus: Secure From Within
Security Awareness Employee Training Essential to Infosec Program
Security awareness training initiatives such as online tutorials, newsletters, MP3s and prizes get the security message across to users.
- Virtualization server security best practices by Thomas Ptacek
Spam Blockers Losing Ground on Sophisticated Attackers
SPAM Spam hasn't been "solved"; in fact, the scourge has grown worse as attackers continually trump countermeasures and refine their focus on high-value targets.
Product review: Mu-4000 Security Analyzer
Product review: Array Networks SPX2000
Security Services: QualysGuard Security and Compliance Suite
At Your Service
GRC Tools Help Manage Regulations
GOVERNANCE, RISK AND COMPLIANCE We look at three GRC products and the distinct ways these tools can help organizations navigate the complicated regulatory game.
- Spam Blockers Losing Ground on Sophisticated Attackers
CISOs Must Innovate to Enable Business
Editor's Desk: Be an Enabler
Architect Security and Compliance Programs to Be Complementary
Perspectives: Shake On It
Address Authentication and Transaction Validation Protocols to Stem Identity Theft
Layer8: Tarnishing Good Names
Interview: Financial Services CISO David Pollino
CISO Uses Predictive Analystics to Bolster Risk Management Program
- CISOs Must Innovate to Enable Business
More Premium Content Accessible For Free
FTP gets big files to colleagues and clients fast, but as the headlines remind us, the threat of electronic break-ins is real. This guide to secure ...
As tablets and smartphones become more integrated into business environments, CISOs are scrambling to put effective countermeasures in place. But too...
This Technical Guide examines the necessary elements of, and how to implement, a sound mobile device management strategy. Devices will be lost...