Pushing the Envelope on Data-Driven Security Awareness Mark T. Chapman CFE CISSP CISM CRISC

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Pushing the Envelope on Data-Driven Security Awareness Mark T. Chapman CFE CISSP CISM CRISC"

Transcription

1 Pushing the Envelope on Data-Driven Security Awareness Mark T. Chapman CFE CISSP CISM CRISC Presentation Overview The Importance of Perspective. The diagram at the right represents the four perspectives of an effective information security awareness program. Risk Based Continuous Improvement. October 22 & 23, 2014 Disney s Contemporary Resort Orlando, Florida US #ISSAConf Follow a program from basic to advanced levels. Identify key activities, common problems, and success. Share Stories Use real Stories from the Trenches based on redacted real-world examples. Basic Level Just Get Started Program How to win executive sponsorship, approval and funding? How can I do this while doing my real job? Can we mimic another successful program? Training Should we only start with compliance-related training? How do we get people to actually take training? Attacker Does the organizational culture and environment support testing? How to effectively communicate the intentions and results? How sophisticated should the mock-social engineering tests be? Employee How do we get employee feedback? Can we get an online feedback form or suggestion box? 1

2 2

3 Integrating the Training and Attacker Perspective Mock Spearphishing Test Company sends fake phishing s to employees to see who clicks on suspicious links. Online Training Videos or Games When a user clicks, they are told what they did wrong, and the system uses the Teachable Moment to direct the user to online training. Rinse and Repeat? What measurable effect does this process have on your information security posture? Intermediate Level Establish Credibility Hypothesis-Based Testing Parameters Program How to define the scope and measure the success of the program? How to make sure the program is relevant? How to formally plan the next steps? Training What kind of training is best? In person? Computer-based? Beyond training records, how to measure success? Does it work? How to leverage other perspectives to provide better context? Attacker Are we always starting with an objective or hypothesis? Could the results lead to concrete actions beyond just training? Are we truly simulating the attacker perspective? How do we know? Employee Can we use risk-based survey techniques to improve? What have we learned that is or is not effective? Have there been any surprises? Define your hypothesis BEFORE you design or run your tests. Identify potential actions based on proving or disproving the hypothesis. It does not matter if you are right or wrong, if you knew the answer before testing then why test? Be sure your hypothesis helps improve the credibility of your program. 3

4 Hypothesis-Based Intermediate Examples Hypothesis: Users will not share data. Users will not enter sensitive data on unauthorized web forms. Users are less likely to click on unsubscribe links than on other links. Users are more susceptible to sophisticated phishing attempts. Users are more likely to respond in their native language. Our training program reduces susceptibility to phishing attacks and the results last for at least six months. Be sure to plan ahead! This could be a good source to drive additional campaign activity. It also may be something that should not be collected due to privacy laws. Hypothesis: Users will notice subtle changes. Hypothesis: Sophisticated=Dangerous? Example Result: At a ratio of 1.5:1, users were more likely to click on the less sophisticated message. Although whitelisting removed this variable, the less sophisticated messages had a lower spam score and are more likely to be delivered without whitelisting. Can this type of test help credibility? 4

5 Hypothesis: Native Language. Example Result: In Brazil, the click-through rate was essentially identical between English and Portuguese. Also, it was an almost exact match with the click-through rate of Spanish Speakers who received the English message. The outlier is the significantly lower rate of Spanish Speakers who received the Spanish message. unsubscribe LINK Example Result: Out of the users who clicked, it was a 1:1 ratio of clickers vs. unsubscribe clickers. How would you use this information? What could go wrong? UNSUBSCRIBE LINK Actionable Results Approximately 50% of all engagement activities were for users clicking the unsubscribe button vs. clicking on other links, viewing images, or replying to an . If users feel it is safe to click on unsubscribe links, the organization may be exposed to similar threats as any other click-through behavior. Share the preliminary results with users that about half the time a user clicks on a suspicious link, it is of the unsubscribe variety. Train on the importance of ignoring unauthorized unsubscribe links. Future campaign idea: Consider performing a test where an unsubscribe link would provide a form for users to enter their address. Only after actually submitting the unsubscribe form would a You ve been phished and training message follow. Out of Office - Information Disclosure 5

6 Out of Office Another Perspective Intermediate Level Risk Based Surveys 6.2% of the outbound campaign s received out of office notifications which disclosed information about the people, coworkers and the organization. The information gathered through out of office notifications may enable an attacker to perform more advanced social engineering or other attacks against the people or organization. Configure the systems to not allow out of office notifications to be sent outside the organization or to unknown addresses unless there is a specific business reason to do so. Train users to limit the amount of information shared within any out of office notification. Look for other ways to share the detailed information in a controlled manner such as an Intranet site. Intermediate Level Risk Based Surveys Advanced Level Make a Difference Program Can we positively impact our overall security posture? Can we admit when something isn t working and fix or abandon it? Is it an integrated riskbased continuous improvement process? Training Are we targeting the right training to the right people based on risk? Can advanced training techniques make a difference? Can we leverage the context of actual realtime risk-based events? Attacker Can test planning and results be based on big data risk analytics? Are all tests and results integrated with the infosec program? Can we leverage the context of actual realtime risk-based events? Employee Are we tied into other risk-related programs? Is there a way to measure real-time in the context of events? Are people wanting to mimic our effective program? 6

7 Voice Testing Scenarios 1. Send an or SMS with instructions to Call and enter code 4732 to see if you are a winner. 2. Traditional vishing, with an auto-dialer calling to say Cross-Platform Attack Simulation Send a text message with a link. Have the landing page be a full-screen emulation of the login screen. Do users attempt to unlock their phones? (Be careful to not actually collect passwords.) This is the IT Department, we have seen a problem with your machine, press 1 to let us remotely access your computer. SMS as an Attack Vector SMS text messaging may be an underestimated threat vector. Recommendations: Instruct employees of the dangers of interacting with mobile messaging both from a technical and non-technical perspective. Consider extending, implementing, and validating SMS-specific antispam controls on company-owned mobile devices. Ensure that anti-virus, web-content filtering and similar controls apply to the company-owned mobile devices. The theme for this campaign was an imaginary joke of the day subscription service. The campaign sent an SMS message to each user indicating they subscribed to a daily joke service. The message invited users to unsubscribe by replying to the message with the word bummer or by clicking on a web link that was unique to them. If a user clicked on the link, the landing page simply accepted the unsubscribe request. Did more people Reply or Click? Out of those who replied, how many followed the directions? 7

8 Click-Through (Failure) Rate SMS Click or Reply Users who responded were approximately 2 to 3 times more likely to reply to the SMS than to click on the link. Attackers may exploit consistent behavior in cross-channel attacks to thwart controls that focus on a single vector. Consider future campaign designs to evaluate other likely cross-channel social engineering attack vectors. Following Arbitrary Unauthorized Instructions People who replied to the message precisely followed arbitrary unsubscribe instructions 91% of the time. By itself, the potential business impact of following the unsubscribe instructions for this campaign were minimal. The bigger potential concern builds on PhishLine.com aggregate industry data that indicates once a user starts engaging in any stage of a campaign they are more likely to perform all steps. Encourage users to ignore arbitrary instructions received from an untrusted or unverified source. Consider future campaign designs to exploit the vulnerability associated with the concept of compliance to specific arbitrary instructions combined with the concept that once a user starts interacting with one step in a campaign, they are likely to continue. For example, ask users to perform some innocuous task just to get them engaged or distracted before making additional less-innocuous requests. Repliers Who Precisely Followed the Arbitrary Instructions Other Response 9% Arbitrary Instructions Followed 91% How to test the effectiveness of Security Awareness Training Day Test random sample before training. Test another sample the day after training. Test 1,2,3 weeks after training to see when it wears off. The Effects of Training Day on Click Through Rates 18.0% 16.0% 14.0% 12.0% 10.0% 8.0% 6.0% 4.0% 2.0% 0.0% Pre- Test Week 0 Week 1 Week 2 Week 3 Week 4 Hypothesis 15.7% 2.5% 2.6% 2.9% 3.4% 8.9% Actual % 15.5% 15.1% 15.9% 15.3% 15.6% Actual % 4.5% 4.9% 4.6% 4.8% 5.0% Did training work? The campaign results did not show that those who took the offered training (17.8%) were less susceptible to new campaigns vs. those who did not take the training (15.8%) The campaign result indicated that the supplied training made no significant difference. Repeat the test with other training content and methods to see if there is a difference. 8

9 What can go wrong? Emotional Responses The dangers of focusing only on clickthrough rates especially as the only metric for the effectiveness/justification of the security awareness program. Side effects of too many phishing simulations? What works? Share the results with users without overstating the scientific validity of the test. It is very powerful to share company-specific data with employees, especially if the metrics are understandable. Incorporate the results into security awareness training curriculum. The point is that people should be aware that certain times of day they may let their guard down. (See blog article Escape Click-Through-Rate Captivity at Five-Second Rule Conclusions The Importance of Perspective. We reviewed 4 perspectives. Risk Based Continuous Improvement. We followed a program from basic to advanced levels. We identified key activities, common problems, and defined success with examples. Thank You! Mark T. Chapman, CFE CISSP CISM CRISC President and Founder, PhishLine.com mchapman nolinkkeef dphishline.com Share Stories Hopefully, the stories helped you gain at least one insight you can act on regardless of where your program is. 9

Anti-Phishing Training Modules Teach employees to recognize and avoid phishing and spear phishing attacks

Anti-Phishing Training Modules Teach employees to recognize and avoid phishing and spear phishing attacks Anti-Phishing Training Modules Teach employees to recognize and avoid phishing and spear phishing attacks Improve Phishing Knowledge and Reduce Susceptibility to Attack Do you already have some form of

More information

SIMULATED ATTACKS. Evaluate Susceptibility Using PhishGuru, SmishGuru, and USBGuru MEASURE ASSESS

SIMULATED ATTACKS. Evaluate Susceptibility Using PhishGuru, SmishGuru, and USBGuru MEASURE ASSESS SIMULATED ATTACKS Evaluate Susceptibility Using PhishGuru, SmishGuru, and USBGuru Technical safeguards like firewalls, antivirus software, and email filters are critical for defending your infrastructure,

More information

5 Reasons Why Your Security Education Program isn t Working (and how to fix it)

5 Reasons Why Your Security Education Program isn t Working (and how to fix it) 5 Reasons Why Your Security Education Program isn t Working (and how to fix it) February 2015 Presentation Agenda 5 Reasons Your Program isn t Working 10 Learning Science Principles Continuous Training

More information

5 Reasons Why Your Security Education Program isn t Working (and how to fix it)

5 Reasons Why Your Security Education Program isn t Working (and how to fix it) 5 Reasons Why Your Security Education Program isn t Working (and how to fix it) February 2015 Presentation Agenda Importance of Secure End User Behavior 5 Reasons Your Program isn t Working 10 Learning

More information

SPEAR PHISHING AN ENTRY POINT FOR APTS

SPEAR PHISHING AN ENTRY POINT FOR APTS SPEAR PHISHING AN ENTRY POINT FOR APTS threattracksecurity.com 2015 ThreatTrack, Inc. All rights reserved worldwide. INTRODUCTION A number of industry and vendor studies support the fact that spear phishing

More information

Training Employees to Recognise & Avoid Advanced Threats

Training Employees to Recognise & Avoid Advanced Threats Training Employees to Recognise & Avoid Advanced Threats Joe Ferrara, President & CEO, Wombat Security Technologies Rashmi Knowles, Chief Security Architect EMEA, RSA The Security Division of EMC Session

More information

Security Awareness Training Solutions

Security Awareness Training Solutions DATA SHEET Security Awareness Training Solutions A guide to available Dell SecureWorks services At Dell SecureWorks, we strive to be a trusted security advisor to our clients. Part of building this trust

More information

Technical Testing. Network Testing DATA SHEET

Technical Testing. Network Testing DATA SHEET DATA SHEET Technical Testing Network Testing The Dell SecureWorks Technical Testing services deliver the independent expertise, experience and perspective you need to enhance your security posture, reduce

More information

State of the Phish 2015

State of the Phish 2015 Introduction The threat is real Phishing continues to pose a growing threat to the security of industries of every kind from financial organizations to government contractors to healthcare firms. Though

More information

7 Ways Predictive Intelligence Can Elevate Your Email Marketing

7 Ways Predictive Intelligence Can Elevate Your Email Marketing 7 Ways Predictive Intelligence Can Elevate Your Email Marketing Email is the cornerstone of digital marketing. In fact, 68% of marketers say that email is core to their business 1. With competition for

More information

EMAIL MARKETING TIPS. From Our InfoUSA Email Experts

EMAIL MARKETING TIPS. From Our InfoUSA Email Experts EMAIL MARKETING TIPS From Our InfoUSA Email Experts In order to assist you every step of the way while creating an Email Marketing Campaign, our InfoUSA Email Experts have compiled lists of their best

More information

How to select the right Marketing Cloud Edition

How to select the right Marketing Cloud Edition How to select the right Marketing Cloud Edition Email, Mobile & Web Studios ith Salesforce Marketing Cloud, marketers have one platform to manage 1-to-1 customer journeys through the entire customer lifecycle

More information

May 2011 Report #53. The following trends are highlighted in the May 2011 report:

May 2011 Report #53. The following trends are highlighted in the May 2011 report: May 2011 Report #53 The unexpected raid and resulting death of Osama Bin Laden shocked the world. As always, spammers were quick to jump on this headline, and send a variety of spam messages leveraging

More information

THE THREE Es OF MODERN EMAIL SECURITY FOR PHISHING

THE THREE Es OF MODERN EMAIL SECURITY FOR PHISHING THE THREE Es OF MODERN EMAIL SECURITY FOR PHISHING AN ACCUVANT VIEWPOINT By James Robinson, Director, Office of the CISO Attempting to keep up with the ever-changing world of cyber security threats can

More information

eprism Email Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide

eprism Email Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide eprism Email Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide This guide is designed to help the administrator configure the eprism Intercept Anti-Spam engine to provide a strong spam protection

More information

Social Engineering & How to Counteract Advanced Attacks. Ralph Massaro, VP of Sales Wombat Security Technologies, Inc.

Social Engineering & How to Counteract Advanced Attacks. Ralph Massaro, VP of Sales Wombat Security Technologies, Inc. Social Engineering & How to Counteract Advanced Attacks Ralph Massaro, VP of Sales Wombat Security Technologies, Inc. Agenda Social Engineering DEFCON Competition Source of Problem Countermeasures Social

More information

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming

More information

BES T PR AC TICES GUIDE EMAIL MARKE TING Learn How to Get (and Keep) Email Permission

BES T PR AC TICES GUIDE EMAIL MARKE TING Learn How to Get (and Keep) Email Permission BES T PR AC TICES GUIDE EMAIL MARKE TING Learn How to Get (and Keep) Email Permission INSIGHT PROVIDED BY www.constantcontact.com 1-866-876-8464 2011 Constant Contact, Inc. 10-1720 BEST PRACTICES GUIDE

More information

Developing a Successful Security Awareness Training Program. Shea Garber, Sr. Account Executive Wombat Security Technologies, Inc.

Developing a Successful Security Awareness Training Program. Shea Garber, Sr. Account Executive Wombat Security Technologies, Inc. Developing a Successful Security Awareness Training Program Shea Garber, Sr. Account Executive Wombat Security Technologies, Inc. Agenda The human element of cyber security Building your case Building

More information

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and Advanced Persistent Threats WWW.COMODO.COM

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and Advanced Persistent Threats WWW.COMODO.COM WHITE PAPER Endpoint Security and Advanced Persistent Threats The Invisible Threat They re out there waiting. Sitting at their computers hoping for you to make a mistake. And you will. Because no one is

More information

EMAIL MARKETING MODULE OVERVIEW ENGINEERED FOR ENGAGEMENT

EMAIL MARKETING MODULE OVERVIEW ENGINEERED FOR ENGAGEMENT PLATFORM PEOPLE STRATEGY EMAIL MARKETING MODULE OVERVIEW ENGINEERED FOR ENGAGEMENT Contents p1 E-Newsletter Overview p2 E-Newsletter Sample p3 Forward Article p4 p5 p6 p7 Print Article Read More Subscription

More information

Leaving Money On The Table

Leaving Money On The Table 10 Ways Retailers Are Leaving Money On The Table Page 1 Let s face it: gaining and retaining customers can often feel like a high stakes match. What s the right balance between what you ll give in the

More information

December 2010 Report #48

December 2010 Report #48 December 2010 Report #48 With the holidays in full gear, Symantec observed an increase of 30 percent in the product spam category as spammers try to push Christmas gifts and other products. While the increase

More information

Contents. McAfee Internet Security 3

Contents. McAfee Internet Security 3 User Guide i Contents McAfee Internet Security 3 McAfee SecurityCenter... 5 SecurityCenter features... 6 Using SecurityCenter... 7 Fixing or ignoring protection problems... 16 Working with alerts... 21

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

Targeted attacks: Tools and techniques

Targeted attacks: Tools and techniques Targeted attacks: Tools and techniques Performing «red-team» penetration tests Lessons learned Presented on 17/03/2014 For JSSI OSSIR 2014 By Renaud Feil Agenda Objective: Present tools techniques that

More information

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION Table of Contents Executive Summary...3 Vulnerability Scanners Alone Are Not Enough...3 Real-Time Change Configuration Notification is the

More information

Technical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments

Technical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments DATA SHEET Technical Testing Application, Network and Red Team Testing The Dell SecureWorks Technical Testing services deliver the independent expertise, experience and perspective you need to enhance

More information

Overview of Registered Envelopes. Registered Envelope Notification Message

Overview of Registered Envelopes. Registered Envelope Notification Message Overview of Registered Envelopes A Registered Envelope is a type of encrypted email message. Some Registered Envelopes are password-protected, while others are encrypted but do not require a password.

More information

What the Financial & Insurance Industries Can Learn from Retailers

What the Financial & Insurance Industries Can Learn from Retailers What the Financial & Insurance Industries Can Learn from Retailers 1 Retailers have long understood that personalization is a strong business driver that helps them market to their customers with more

More information

Contextual Authentication: A Multi-factor Approach

Contextual Authentication: A Multi-factor Approach Contextual Authentication: A Multi-factor Approach Multi-factor Authentication Layer v.3.2-003 PortalGuard dba PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 617.674.2727 E-mail:

More information

The Cloud App Visibility Blindspot

The Cloud App Visibility Blindspot The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before

More information

Administrator's Guide

Administrator's Guide Administrator's Guide Copyright SecureAnywhere Mobile Protection Administrator's Guide November, 2012 2012 Webroot Software, Inc. All rights reserved. Webroot is a registered trademark and SecureAnywhere

More information

11 emerging. trends for DIGITAL MARKETING FINANCIAL SERVICES. By Clifford Blodgett. Demand Generation and Digital Marketing Manager

11 emerging. trends for DIGITAL MARKETING FINANCIAL SERVICES. By Clifford Blodgett. Demand Generation and Digital Marketing Manager 11 emerging DIGITAL MARKETING trends for FINANCIAL SERVICES By Clifford Blodgett Demand Generation and Digital Marketing Manager Exploiting your Technology Vendors Customer Engagement and Maintaining a

More information

A Short Study on Security Indicator Interfaces

A Short Study on Security Indicator Interfaces A Short Study on Security Indicator Interfaces Technical Report UCSC-WASP-15-04 November 2015 D J Capelis mail@capelis.dj Working-group on Applied Security and Privacy Storage Systems Research Center University

More information

Three pillars of successful email deliverability

Three pillars of successful email deliverability Three pillars of successful email deliverability Ensuring safe arrival and optimum placement in the inbox An Experian Marketing Services white paper Contents Introduction...1 Data integrity...2 Relevance...3

More information

ENABLING FAST RESPONSES THREAT MONITORING

ENABLING FAST RESPONSES THREAT MONITORING ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger,

More information

Email Marketing Basics

Email Marketing Basics Email Marketing Basics Email Marketing Basics Background Since 1994, Visual Data Systems has been a leader in: Website Design Software Integration Search Engine Optimization & Marketing Technology Consultation

More information

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE

More information

Thexyz Premium Webmail

Thexyz Premium Webmail Webmail Access all the benefits of a desktop program without being tied to the desktop. Log into Thexyz Email from your desktop, laptop, or mobile phone, and get instant access to email, calendars, contacts,

More information

Continuous Penetration Testing

Continuous Penetration Testing Continuous Penetration Testing SyCom Technologies 1.0 Continuous Penetration Testing Imagine a service that continuously monitors and reports on any new threats that emerge real time and provides a tactical

More information

IBM Marketing Cloud adds enterprise packages and offers new capabilities for all packages

IBM Marketing Cloud adds enterprise packages and offers new capabilities for all packages IBM United States Software Announcement 215-492, dated October 27, 2015 adds enterprise packages and offers new capabilities for all packages Table of contents 1 Overview 6 Publications 2 Key prerequisites

More information

Social Media and Cyber Safety

Social Media and Cyber Safety Social Media and Cyber Safety Presented to the National Association of REALTORS by Andrew Wooten Safety and Security Consultant andrew@justbesafe.com Social Media and Cyber Safety Our instructor today

More information

USING SOCIAL MEDIA EFFECTIVELY TO MAKE

USING SOCIAL MEDIA EFFECTIVELY TO MAKE [Type text] 3/23/2012 HMI USING SOCIAL MEDIA EFFECTIVELY TO MAKE THE MOST OF YOUR FARM BUSINESS Contents What Is Inbound Marketing?... 2 Part I: Introduction to Inbound Marketing... 3 Part II: Get Found

More information

8 TIPS FOR MAKING THE MOST OF GOOGLE ANALYTICS. Brought to you by Geary LSF and Orbital Informatics

8 TIPS FOR MAKING THE MOST OF GOOGLE ANALYTICS. Brought to you by Geary LSF and Orbital Informatics 8 TIPS FOR MAKING THE MOST OF GOOGLE ANALYTICS Brought to you by Geary LSF and Orbital Informatics TABLE OF CONTENTS 3 5 7 8 9 10 11 12 13 14 15 Introduction 8 Tips for Google Analytics Don t let Google

More information

From Traditional Functional Testing to Enabling Continuous Quality in Mobile App Development

From Traditional Functional Testing to Enabling Continuous Quality in Mobile App Development From Traditional Functional Testing to Enabling Continuous Quality in Mobile App Development Introduction Today s developers are under constant pressure to launch killer apps and release enhancements as

More information

The Proactive Marketer. Ensuring the safe arrival and optimum placement of emails

The Proactive Marketer. Ensuring the safe arrival and optimum placement of emails The Proactive Marketer Ensuring the safe arrival and optimum placement of emails Contents Introduction 4 Data integrity 5 Relevance 6 Reputation 8 Building a firm foundation 10 In summary 11 About the

More information

Webmail Friends & Exceptions Guide

Webmail Friends & Exceptions Guide Webmail Friends & Exceptions Guide Add email addresses to the Exceptions List and the Friends List in your Webmail account to ensure you receive email messages from family, friends, and other important

More information

Dealing with spam mail

Dealing with spam mail Vodafone Hosted Services Dealing with spam mail User guide Welcome. This guide will help you to set up anti-spam measures on your email accounts and domains. The main principle behind dealing with spam

More information

Carbon Black and Palo Alto Networks

Carbon Black and Palo Alto Networks Carbon Black and Palo Alto Networks Bring Together Next-Generation Endpoint and Network Security Solutions Endpoints and Servers in the Crosshairs of According to a 2013 study, 70 percent of businesses

More information

Table of Contents. Copyright 2011 Synchronous Technologies Inc / GreenRope, All Rights Reserved

Table of Contents. Copyright 2011 Synchronous Technologies Inc / GreenRope, All Rights Reserved Table of Contents Introduction: Gathering Website Intelligence 1 Customize Your System for Your Organization s Needs 2 CRM, Website Analytics and Email Integration 3 Action Checklist: Increase the Effectiveness

More information

U.S. Bank Secure Email Quick Start Guide

U.S. Bank Secure Email Quick Start Guide Welcome to U.S. Bank s Secure Email Service! US Bank has partnered with Cisco to leverage their secure email solution, Cisco Registered Envelope Service (CRES). This guide will show you the steps for opening

More information

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers. Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is

More information

Email Graphic Design Best Practices

Email Graphic Design Best Practices Email For Advocacy and Community Organizing: Basics, Essentials, and Best Practices Email Graphic Design Best Practices These training materials have been prepared by Aspiration in partnership with Radical

More information

Who Controls Your Information in the Cloud?

Who Controls Your Information in the Cloud? Who Controls Your Information in the Cloud? threat protection compliance archiving & governance secure communication Contents Who Controls Your Information in the Cloud?...3 How Common Are Information

More information

Creating a Culture of Cyber Security at Work

Creating a Culture of Cyber Security at Work Creating a Culture of Cyber Security at Work Webinar Why is this important? Cybersecurity is a people problem. Cybersecurity is no longer just the IT department s responsibility. It is everyone s responsibility.

More information

TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY. Mark Villinski @markvillinski

TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY. Mark Villinski @markvillinski TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY Mark Villinski @markvillinski Why do we have to educate employees about cybersecurity? 2014 Corporate Threats Survey 94% of business s suffered one

More information

Stop the Maelstrom: Using Endpoint Sensor Data in a SIEM to Isolate Threats

Stop the Maelstrom: Using Endpoint Sensor Data in a SIEM to Isolate Threats Stop the Maelstrom: Using Endpoint Sensor Data in a SIEM to Isolate Threats Jody C. Patilla The Johns Hopkins University Session ID: TECH-107 Session Classification: Intermediate Objectives Get more out

More information

Fighting Off an Advanced Persistent Threat & Defending Infrastructure and Data. Dave Shackleford February, 2012

Fighting Off an Advanced Persistent Threat & Defending Infrastructure and Data. Dave Shackleford February, 2012 Fighting Off an Advanced Persistent Threat & Defending Infrastructure and Data Dave Shackleford February, 2012 Agenda Attacks We ve Seen Advanced Threats what s that mean? A Simple Example What can we

More information

Getting started with your email tool

Getting started with your email tool Getting started with your email tool GETTING STARTED WITH YOUR EMAIL TOOL 1 This is a step-by-step guide to sending your first campaign with our email marketing tool. Follow the instructions on this page

More information

Boost Profits and. Customer Relationships with. Effective E-Mail Marketing

Boost Profits and. Customer Relationships with. Effective E-Mail Marketing Boost Profits and Customer Relationships with Abstract E-mail marketing is experiencing dramatic growth as marketers in virtually every industry begin to take advantage of this powerful technique that

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

Securing mobile devices in the business environment

Securing mobile devices in the business environment IBM Global Technology Services Thought Leadership White Paper October 2011 Securing mobile devices in the business environment By I-Lung Kao, Global Strategist, IBM Security Services 2 Securing mobile

More information

Email Subscription Training. Contents

Email Subscription Training. Contents Contents Email Subscription Training Topics... 2 How do visitors subscribe to a list?... 2 How do visitors unsubscribe from a list?... 3 How to Send an Email Notification?... 4 How to Create a New List?...

More information

Unsubscribe and Bounce Management

Unsubscribe and Bounce Management JangoMail Summary and Overview Tutorial Unsubscribe and Bounce Management JangoMail provides robust and flexible unsubscribe and bounce management capabilities. Individual addresses or entire domains can

More information

SHS Annual Information Security Training

SHS Annual Information Security Training SHS Annual Information Security Training Information Security: What is It? The mission of the SHS Information Security Program is to Protect Valuable SHS Resources Information Security is Everyone s Responsibility

More information

datatrac Want to maximize your online ROI? ABOUT datatrac you ve come to the right place.

datatrac Want to maximize your online ROI? ABOUT datatrac you ve come to the right place. ABOUT datatrac Datatrac is a leading ASP of hosted e-mail marketing software that allows permission-based marketers to manage, send, track, and grow their e-mail campaigns. Leading marketers have incorporated

More information

what is Interactive Content & why it works

what is Interactive Content & why it works what is Interactive Content & why it works About SnapApp SnapApp s content marketing platform gives companies the power to drive engagement, generate leads and increase revenue by easily creating, publishing,

More information

Threat Spotlight: Angler Lurking in the Domain Shadows

Threat Spotlight: Angler Lurking in the Domain Shadows White Paper Threat Spotlight: Angler Lurking in the Domain Shadows Over the last several months Talos researchers have been monitoring a massive exploit kit campaign that is utilizing hijacked registrant

More information

Security Practices for Online Collaboration and Social Media

Security Practices for Online Collaboration and Social Media Cisco IT Best Practice Collaboration Security Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 2013 Cisco and/or its affiliates. All rights reserved.

More information

Frequency Matters. The keys to optimizing email send frequency

Frequency Matters. The keys to optimizing email send frequency The keys to optimizing email send frequency Email send frequency requires a delicate balance. Send too little and you miss out on sales opportunities and end up leaving money on the table. Send too much

More information

Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media

Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 All contents are Copyright 1992 2012 Cisco Systems, Inc. All rights reserved. This document

More information

DIRECT MARKETING 101: Online Fundraising

DIRECT MARKETING 101: Online Fundraising DIRECT MARKETING 101: Online Fundraising March 2014 Barb Perell Avalon Consulting Group Takeaways from this session: The foundation of any online program How to integrate online with other direct marketing

More information

http://connectwise.reflexion.net/login?domain=connectwise.net

http://connectwise.reflexion.net/login?domain=connectwise.net ConnectWise Total Control: Managed Email Threat Protection Version: 1.5 Creation Date: 11-September-2009 Last Updated: 24-August-2012 LOGGING IN An e-mail will be or has sent with your username and password.

More information

Introduction. Special thanks to the following individuals who were instrumental in the development of the toolkits:

Introduction. Special thanks to the following individuals who were instrumental in the development of the toolkits: Introduction In this digital age, we rely on our computers and devices for so many aspects of our lives that the need to be proactive and vigilant to protect against cyber threats has never been greater.

More information

Digital Messaging Platform. Digital Messaging Platform. AgilityHarmony. Orchestrate more meaningful relationships between you and your customers

Digital Messaging Platform. Digital Messaging Platform. AgilityHarmony. Orchestrate more meaningful relationships between you and your customers Digital Messaging Platform Digital Messaging Platform AgilityHarmony Orchestrate more meaningful relationships between you and your customers By marketers for marketers Epsilon Agility Harmony brings together

More information

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services Real World Healthcare Security Exposures Brian Selfridge, Partner, Meditology Services 2 Agenda Introduction Background and Industry Context Anatomy of a Pen Test Top 10 Healthcare Security Exposures Lessons

More information

Fighting spam in Australia. A consumer guide

Fighting spam in Australia. A consumer guide Fighting spam in Australia A consumer guide Fighting spam Use filtering software Install anti-virus software Use a personal firewall Download security patches Choose long and random passwords Protect your

More information

Presented by Evan Sylvester, CISSP

Presented by Evan Sylvester, CISSP Presented by Evan Sylvester, CISSP Who Am I? Evan Sylvester FAST Information Security Officer MBA, Texas State University BBA in Management Information Systems at the University of Texas Certified Information

More information

Conducting an Email Phishing Campaign

Conducting an Email Phishing Campaign Conducting an Email Phishing Campaign WMISACA/Lansing IIA Joint Seminar May 26, 2016 William J. Papanikolas, CISA, CFSA Sparrow Health System Estimated cost of cybercrime to the world economy in 2015 was

More information

Attack Intelligence: Why It Matters

Attack Intelligence: Why It Matters Attack Intelligence: Why It Matters WHITE PAPER Core Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com A Proactive Strategy Attacks against your organization are more prevalent than ever,

More information

2010 AICPA Top Technology Initiatives. About the Presenter. Agenda. Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP

2010 AICPA Top Technology Initiatives. About the Presenter. Agenda. Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP 2010 AICPA Top Technology Initiatives Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP Georgia Society of CPAs Annual Convention June 16, 2010 About the Presenter Partner-in-Charge, Habif,

More information

PROOFPOINT COMMUNICATION SERVICE (PCS)

PROOFPOINT COMMUNICATION SERVICE (PCS) INTRODUCING THE PROOFPOINT COMMUNICATION SERVICE (PCS) Customer Reference Guide March 2015 Version 2.0 TABLE OF CONTENTS Introduction...3 Important Notes...3 Using the Proofpoint Communication Service

More information

Ten Strategies for Business To Business Email Marketing

Ten Strategies for Business To Business Email Marketing Ten Strategies for Business To Business Email Marketing Done right, email can be the most highly effective medium for communicating with your customers, clients, or prospects. Measurable and inexpensive,

More information

Thomas J. Schlagel Chief Information Officer, BNL

Thomas J. Schlagel Chief Information Officer, BNL Thomas J. Schlagel Chief Information Officer, BNL PhD in Nuclear Physics from the University of Illinois at Urbana-Champaign in 1990 Joined BNL in 1990 as a Postdoctoral Associate in the Nuclear Theory

More information

PRODUCT DESCRIPTIONS AND METRICS

PRODUCT DESCRIPTIONS AND METRICS PRODUCT DESCRIPTIONS AND METRICS Adobe PDM Adobe Campaign Managed Services (2014v1) The Products and Services described in this PDM are subject to the applicable Sales Order, the terms of this PDM, the

More information

TEN COMMANDMENTS OF EFFECTIVE SECURITY AWARENESS TRAINING

TEN COMMANDMENTS OF EFFECTIVE SECURITY AWARENESS TRAINING Ralph Massaro VP of Operations TEN COMMANDMENTS OF EFFECTIVE SECURITY AWARENESS TRAINING 10/26/2012 1 Humans - The Weakest Link? 82% of large organizations had staff driven security breaches(1) 47% had

More information

Inbound Marketing Overview. January 26, 2015 BEC 382

Inbound Marketing Overview. January 26, 2015 BEC 382 Inbound Marketing Overview January 26, 2015 BEC 382 Past Week Presented Marketing Plan to Nonprofit Interviews for Fund Raising Campaign Pitched Robotics Firm Met with University admissions Met with two

More information

EMAIL + CRM: Engaging and Retaining Your B2B Customers. John Johnston Director, Digital Marketing Volvo Construction Equipment

EMAIL + CRM: Engaging and Retaining Your B2B Customers. John Johnston Director, Digital Marketing Volvo Construction Equipment EMAIL + CRM: Engaging and Retaining Your B2B Customers John Johnston Director, Digital Marketing Volvo Construction Equipment TODAY S AGENDA What are we doing? How are we doing it? What have we learned?

More information

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com SAINT Integrated Network Vulnerability Scanning and Penetration Testing www.saintcorporation.com Introduction While network vulnerability scanning is an important tool in proactive network security, penetration

More information

How To Create Aweber List & Follow Up Emails

How To Create Aweber List & Follow Up Emails How To Create Aweber List & Follow Up Emails Step 1 Login to Aweber Go to http://aweber.com/?316320. Now enter your customer login (affiliate ID) and password, then click on Login To My Account (image

More information

Countermeasures against Bots

Countermeasures against Bots Countermeasures against Bots Are you sure your computer is not infected with Bot? Information-technology Promotion Agency IT Security Center http://www.ipa.go.jp/security/ 1. What is a Bot? Bot is a computer

More information

Reviewer s Guide Kaspersky Internet Security for Mac

Reviewer s Guide Kaspersky Internet Security for Mac Reviewer s Guide Kaspersky Internet Security for Mac 1 Protection for Mac OS X The main window shows all key features such as Scan, Update, Safe Money, and Parental Control in a single place. The current

More information

The Cloud App Visibility Blind Spot

The Cloud App Visibility Blind Spot WHITE PAPER The Cloud App Visibility Blind Spot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Line-of-business leaders everywhere are bypassing IT departments

More information

Rational Growth. An introduction to growing user signups via data and analytical thinking. By Sandi MacPherson Via interviews with Andrew Chen

Rational Growth. An introduction to growing user signups via data and analytical thinking. By Sandi MacPherson Via interviews with Andrew Chen Rational Growth An introduction to growing user signups via data and analytical thinking By Sandi MacPherson Via interviews with Andrew Chen Kindly sponsored by: 1 Rational Growth We live in world where

More information

About MicroSolved, Inc. Company Profile, Experience, Capabilities and Differentiators

About MicroSolved, Inc. Company Profile, Experience, Capabilities and Differentiators About MicroSolved, Inc. Company Profile, Experience, Capabilities and Differentiators Profile MicroSolved, Inc. is an Ohio corporation with a Dun and Bradstreet number of 022904119. Since 1992, MSI has

More information

Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.

Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined. Contents Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined. Technical OverView... Error! Bookmark not defined. Network Intrusion Detection

More information

EMAIL MARKETING BENCHMARKS REPORT 2014

EMAIL MARKETING BENCHMARKS REPORT 2014 EMAIL MARKETING BENCHMARKS REPORT 2014 CONTENTS: WHAT YOU CAN FIND INSIDE INTRODUCTION... 2 OPEN RATES... 3 Observations... 3 CLICK-THROUGH RATES... 4 Observations... 4 CLICK-TO-OPEN RATES... 5 Observations...

More information

Ensighten Activate USE CASES. Ensighten Pulse. Ensighten One

Ensighten Activate USE CASES. Ensighten Pulse. Ensighten One USE CASES Ensighten Activate Ensighten One Ensighten Pulse Use Case: On-Site Targeting based on Off-Site Display Ad Deliver relevant content to customers after they viewed or clicked through an Off-Site

More information

Advanced Threat Protection with Dell SecureWorks Security Services

Advanced Threat Protection with Dell SecureWorks Security Services Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5

More information