Security Awareness

Management of technical vulnerabilities

Published on 10 April, 2013 - 11:47 by annieboulanger information security, management, Security Awareness, technical vulnerability management, Planning
By Patrick Paradis, Information Security AdvisorTechnical vulnerabilities are weaknesses in operating systems or software. Exploiting a vulnerability can allow an attacker (e.g. a hacker) or malicious code to increase their access privileges in order to perform malevolent acts.It is therefore important to install security patches (software updates) as soon as possible to eliminate existing vulnerabilities.For individuals, it is recommended to enable security patches to be installed...

Using Gaming to Learn

Published on 4 April, 2010 - 08:44 by Terranova Courses, Games Based Learning, interactive video game, Security Awareness, security awareness training, Simulation Training, video game learning, News
A recent article in Frobes on Women Gaming made some interesting links to not only gender based learning but also how we learn and develop skills as individuals. http://www.forbes.com/2010/03/25/women-gaming-video-forbes-woman-time-online.html The concept of gaming is becoming more accepted in business where it functions as a superb training and operations tool. Videogames are now being used for collaboration and brainstorming as well as performance evaluation. Games based learning is proving...

HIPAA and data security breaches on mobile devices

Published on 13 March, 2010 - 21:23 by Terranova data breaches, HIPAA, mobile devices, Security Awareness, News
According to American Medical News in the February 22 edition of their newspaper, one-third of health professionals store patient data on laptops, smartphones and USB memory sticks and only 39% of health care organizations encrypt data on mobile devices. Provisions in the federal stimulus package have tightened HIPAA notification and enforcement regulations and have made HIPAA violations more costly. For example, the maximum civil penalty from the Dept. of Health and Human Services for a...

How to win a gold medal with your security awareness program

Published on 15 February, 2010 - 14:56 by Terranova awareness, communication, Security Awareness, Marketing and Communications, Planning
To win the gold...a corporate security awareness program aims to make all the employees understand and appreciate not only the value of the company's information assets but also the consequences in case these assets are compromised. In theory, the process is straightforward and painless. But as every IT/security manager knows, in real life, an awareness program can be a huge headache - especially in a large enterprise. How do you plan correctly when implementing a security awareness program?...

Learning to tie your shoes

Published on 14 December, 2009 - 15:06 by Terranova awareness, reinforcement, Security Awareness, skill deficiency, training plan, Planning, Reinforcement Tools
I purchased a new pair of runners for my 7 year old and these had laces. I had taught him to tie his shoes in Kindergarten but with most of the shoes and boots having velcro, I did not realize that the lesson taught in Kindergarten did not stick. I was both shocked and dismayed to realize that my Grade 2 child did not know how to tie his shoes! As a parent I also had that wonderful "guilt" feeling that goes along with realizing that I probably didn't do a very good job initially as I was in a...

How much training is enough?

Published on 3 September, 2009 - 22:02 by Terranova competency, effective training, job role, Security Awareness, training, News
Is there really an answer to this? Does it not depend upon the product and the individual learner?   Quite likely, the only real answer to this question is to determine the amount of training that is necessary by reviewing the corporate security policies and determining what is critical from a security perspective and what is not. Typical physical security training is about a minimum of 40 hours of training per core competency. This however, could be overkill if the individual's role is not...

To tweet or not to tweet

Published on 4 June, 2009 - 22:47 by Terranova security, Security Awareness, social engineering, social media, News
For anyone out there experimenting with Twitter, you are probably aware that with so few characters to use to tweet, you eventually need to look at using a Short URL service to direct your followers to what you want them to read or see.These Short URL services are great and guess what... they are free!  This seems great until you start thinking about potential security risks.  For companies with employees that are sneaking in a few tweets a day at work, those security issues could become a big...

A changing workforce requires a new approach

Published on 29 May, 2009 - 09:01 by Terranova contract workers, policy, security, Security Awareness, testing, News
The business world is rapidly changing. The way we conduct business will continue to evolve. The younger workforce graduating will be accustomed to working on a contractual and evolving basis without having the regular work hours the past generation was used to or the loyalty to a company that past generations had. Outsourcing and contract workers will become the norm as businesses adjust to the growing global demands of its clients and as new and changing skill sets are demanded and required...