Through our partnership with REN-ISAC and SANS*, MOREnet is able to obtain bulk discounts on SANS training for all our members. The End User training consists of short, high-quality video clips that are easily understandable and pertinent to situations that staff may encounter. You can see a list of the modules at http://www.securingthehuman.org/services/demo-training-lab.
TOP Seven Human Risks (SANS) Addressed by Securing the Human Training:
- Poor password security
- Patching / updating
- Mobile devices
- Sharing too much on social media
- Not realizing you are a target
- Accidental data loss / exposure
The SANS Securing the Human 2016 Security Awareness survey uncovered two key findings:
SUPPORT IS ESSENTIAL: Security awareness teams are not getting the support they need to be successful. Over 50% of awareness personnel surveyed have a budget of $5,000 or less or donÃ¢â‚¬â„¢t know what their budget is. Less than 15% of awareness personnel are dedicated full-time to their job. While this is an improvement from last yearÃ¢â‚¬â„¢s 10%, we are concerned that is still too low. In fact, 64% of people reported spending less than a quarter of their time on awareness. Finally, 35% report not having the executive support they need. Why is all of this important? Because the data shows a strong relationship between the amounts of support you have and the maturity of your security awareness program. We need to do a better job of educating leadership that security cannot be solved by technology alone; it must also address the human factor. Key steps to achieving this include demonstrating to leadership that you have a proven roadmap to creating a secure culture and the metrics to show leadership the impact your program is having.
SOFT SKILLS ARE LACKING: Last year, we reported that soft skills are lacking in security awareness personnel. By soft skills, we mean skills such as communications, change management, learning theory, and behavior modeling. The data told the same story this year: over 80% of security awareness personnel have a technical background, with skills such as debugging network traffic, building websites, or securing a server. However, this also means that many security awareness teams donÃ¢â‚¬â„¢t understand the proven concepts and techniques in changing behavior and culture. In addition, we identified communications as one of the key soft skills lacking. By communications, we mean engaging employees with a meaningful message, delivering the right content to the right people, leveraging multiple communication methods, and building a roadmap that pulls this all together. One successful approach is embedding someone from your communications department into your security team. A second option is to train your awareness team on the new skills they will need. A third option is to contract or hire someone with strong soft skills. Long story short, you not only need security expertise on your awareness team, but you need soft skills, starting with communications.
Security awareness is hard. TodayÃ¢â‚¬â„¢s security awareness teams donÃ¢â‚¬â„¢t have the support, time, and resources they need to be successful and/or are missing the skills and experience to effectively engage and train their organization. The rest of this report is dedicated to better understanding these two challenges and their different solutions. At MOREnet, we're here to help. Simply email email@example.com for more information on our cyber security operations team.
**Summary from The SANS Securing The Human 2016 Security Awareness survey. To read/access the entire survey, click here: https://securingthehuman.sans.org/media/resources/STH-SecurityAwarenessReport-2016.pdf
Additional Securing the Human Resources: https://securingthehuman.sans.org/resources
Contact firstname.lastname@example.org with your request.