Pushing the Envelope on Data-Driven Security Awareness Mark T. Chapman CFE CISSP CISM CRISC
|
|
- Liliana Spencer
- 8 years ago
- Views:
Transcription
1 Pushing the Envelope on Data-Driven Security Awareness Mark T. Chapman CFE CISSP CISM CRISC Presentation Overview The Importance of Perspective. The diagram at the right represents the four perspectives of an effective information security awareness program. Risk Based Continuous Improvement. October 22 & 23, 2014 Disney s Contemporary Resort Orlando, Florida US #ISSAConf Follow a program from basic to advanced levels. Identify key activities, common problems, and success. Share Stories Use real Stories from the Trenches based on redacted real-world examples. Basic Level Just Get Started Program How to win executive sponsorship, approval and funding? How can I do this while doing my real job? Can we mimic another successful program? Training Should we only start with compliance-related training? How do we get people to actually take training? Attacker Does the organizational culture and environment support testing? How to effectively communicate the intentions and results? How sophisticated should the mock-social engineering tests be? Employee How do we get employee feedback? Can we get an online feedback form or suggestion box? 1
2 2
3 Integrating the Training and Attacker Perspective Mock Spearphishing Test Company sends fake phishing s to employees to see who clicks on suspicious links. Online Training Videos or Games When a user clicks, they are told what they did wrong, and the system uses the Teachable Moment to direct the user to online training. Rinse and Repeat? What measurable effect does this process have on your information security posture? Intermediate Level Establish Credibility Hypothesis-Based Testing Parameters Program How to define the scope and measure the success of the program? How to make sure the program is relevant? How to formally plan the next steps? Training What kind of training is best? In person? Computer-based? Beyond training records, how to measure success? Does it work? How to leverage other perspectives to provide better context? Attacker Are we always starting with an objective or hypothesis? Could the results lead to concrete actions beyond just training? Are we truly simulating the attacker perspective? How do we know? Employee Can we use risk-based survey techniques to improve? What have we learned that is or is not effective? Have there been any surprises? Define your hypothesis BEFORE you design or run your tests. Identify potential actions based on proving or disproving the hypothesis. It does not matter if you are right or wrong, if you knew the answer before testing then why test? Be sure your hypothesis helps improve the credibility of your program. 3
4 Hypothesis-Based Intermediate Examples Hypothesis: Users will not share data. Users will not enter sensitive data on unauthorized web forms. Users are less likely to click on unsubscribe links than on other links. Users are more susceptible to sophisticated phishing attempts. Users are more likely to respond in their native language. Our training program reduces susceptibility to phishing attacks and the results last for at least six months. Be sure to plan ahead! This could be a good source to drive additional campaign activity. It also may be something that should not be collected due to privacy laws. Hypothesis: Users will notice subtle changes. Hypothesis: Sophisticated=Dangerous? Example Result: At a ratio of 1.5:1, users were more likely to click on the less sophisticated message. Although whitelisting removed this variable, the less sophisticated messages had a lower spam score and are more likely to be delivered without whitelisting. Can this type of test help credibility? 4
5 Hypothesis: Native Language. Example Result: In Brazil, the click-through rate was essentially identical between English and Portuguese. Also, it was an almost exact match with the click-through rate of Spanish Speakers who received the English message. The outlier is the significantly lower rate of Spanish Speakers who received the Spanish message. unsubscribe LINK Example Result: Out of the users who clicked, it was a 1:1 ratio of clickers vs. unsubscribe clickers. How would you use this information? What could go wrong? UNSUBSCRIBE LINK Actionable Results Approximately 50% of all engagement activities were for users clicking the unsubscribe button vs. clicking on other links, viewing images, or replying to an . If users feel it is safe to click on unsubscribe links, the organization may be exposed to similar threats as any other click-through behavior. Share the preliminary results with users that about half the time a user clicks on a suspicious link, it is of the unsubscribe variety. Train on the importance of ignoring unauthorized unsubscribe links. Future campaign idea: Consider performing a test where an unsubscribe link would provide a form for users to enter their address. Only after actually submitting the unsubscribe form would a You ve been phished and training message follow. Out of Office - Information Disclosure 5
6 Out of Office Another Perspective Intermediate Level Risk Based Surveys 6.2% of the outbound campaign s received out of office notifications which disclosed information about the people, coworkers and the organization. The information gathered through out of office notifications may enable an attacker to perform more advanced social engineering or other attacks against the people or organization. Configure the systems to not allow out of office notifications to be sent outside the organization or to unknown addresses unless there is a specific business reason to do so. Train users to limit the amount of information shared within any out of office notification. Look for other ways to share the detailed information in a controlled manner such as an Intranet site. Intermediate Level Risk Based Surveys Advanced Level Make a Difference Program Can we positively impact our overall security posture? Can we admit when something isn t working and fix or abandon it? Is it an integrated riskbased continuous improvement process? Training Are we targeting the right training to the right people based on risk? Can advanced training techniques make a difference? Can we leverage the context of actual realtime risk-based events? Attacker Can test planning and results be based on big data risk analytics? Are all tests and results integrated with the infosec program? Can we leverage the context of actual realtime risk-based events? Employee Are we tied into other risk-related programs? Is there a way to measure real-time in the context of events? Are people wanting to mimic our effective program? 6
7 Voice Testing Scenarios 1. Send an or SMS with instructions to Call and enter code 4732 to see if you are a winner. 2. Traditional vishing, with an auto-dialer calling to say Cross-Platform Attack Simulation Send a text message with a link. Have the landing page be a full-screen emulation of the login screen. Do users attempt to unlock their phones? (Be careful to not actually collect passwords.) This is the IT Department, we have seen a problem with your machine, press 1 to let us remotely access your computer. SMS as an Attack Vector SMS text messaging may be an underestimated threat vector. Recommendations: Instruct employees of the dangers of interacting with mobile messaging both from a technical and non-technical perspective. Consider extending, implementing, and validating SMS-specific antispam controls on company-owned mobile devices. Ensure that anti-virus, web-content filtering and similar controls apply to the company-owned mobile devices. The theme for this campaign was an imaginary joke of the day subscription service. The campaign sent an SMS message to each user indicating they subscribed to a daily joke service. The message invited users to unsubscribe by replying to the message with the word bummer or by clicking on a web link that was unique to them. If a user clicked on the link, the landing page simply accepted the unsubscribe request. Did more people Reply or Click? Out of those who replied, how many followed the directions? 7
8 Click-Through (Failure) Rate SMS Click or Reply Users who responded were approximately 2 to 3 times more likely to reply to the SMS than to click on the link. Attackers may exploit consistent behavior in cross-channel attacks to thwart controls that focus on a single vector. Consider future campaign designs to evaluate other likely cross-channel social engineering attack vectors. Following Arbitrary Unauthorized Instructions People who replied to the message precisely followed arbitrary unsubscribe instructions 91% of the time. By itself, the potential business impact of following the unsubscribe instructions for this campaign were minimal. The bigger potential concern builds on PhishLine.com aggregate industry data that indicates once a user starts engaging in any stage of a campaign they are more likely to perform all steps. Encourage users to ignore arbitrary instructions received from an untrusted or unverified source. Consider future campaign designs to exploit the vulnerability associated with the concept of compliance to specific arbitrary instructions combined with the concept that once a user starts interacting with one step in a campaign, they are likely to continue. For example, ask users to perform some innocuous task just to get them engaged or distracted before making additional less-innocuous requests. Repliers Who Precisely Followed the Arbitrary Instructions Other Response 9% Arbitrary Instructions Followed 91% How to test the effectiveness of Security Awareness Training Day Test random sample before training. Test another sample the day after training. Test 1,2,3 weeks after training to see when it wears off. The Effects of Training Day on Click Through Rates 18.0% 16.0% 14.0% 12.0% 10.0% 8.0% 6.0% 4.0% 2.0% 0.0% Pre- Test Week 0 Week 1 Week 2 Week 3 Week 4 Hypothesis 15.7% 2.5% 2.6% 2.9% 3.4% 8.9% Actual % 15.5% 15.1% 15.9% 15.3% 15.6% Actual % 4.5% 4.9% 4.6% 4.8% 5.0% Did training work? The campaign results did not show that those who took the offered training (17.8%) were less susceptible to new campaigns vs. those who did not take the training (15.8%) The campaign result indicated that the supplied training made no significant difference. Repeat the test with other training content and methods to see if there is a difference. 8
9 What can go wrong? Emotional Responses The dangers of focusing only on clickthrough rates especially as the only metric for the effectiveness/justification of the security awareness program. Side effects of too many phishing simulations? What works? Share the results with users without overstating the scientific validity of the test. It is very powerful to share company-specific data with employees, especially if the metrics are understandable. Incorporate the results into security awareness training curriculum. The point is that people should be aware that certain times of day they may let their guard down. (See blog article Escape Click-Through-Rate Captivity at Five-Second Rule Conclusions The Importance of Perspective. We reviewed 4 perspectives. Risk Based Continuous Improvement. We followed a program from basic to advanced levels. We identified key activities, common problems, and defined success with examples. Thank You! Mark T. Chapman, CFE CISSP CISM CRISC President and Founder, PhishLine.com mchapman nospam@ nolinkkeef dphishline.com Share Stories Hopefully, the stories helped you gain at least one insight you can act on regardless of where your program is. 9
Anti-Phishing Training Modules Teach employees to recognize and avoid phishing and spear phishing attacks
Anti-Phishing Training Modules Teach employees to recognize and avoid phishing and spear phishing attacks Improve Phishing Knowledge and Reduce Susceptibility to Attack Do you already have some form of
More informationSIMULATED ATTACKS. Evaluate Susceptibility Using PhishGuru, SmishGuru, and USBGuru MEASURE ASSESS
SIMULATED ATTACKS Evaluate Susceptibility Using PhishGuru, SmishGuru, and USBGuru Technical safeguards like firewalls, antivirus software, and email filters are critical for defending your infrastructure,
More information5 Reasons Why Your Security Education Program isn t Working (and how to fix it)
5 Reasons Why Your Security Education Program isn t Working (and how to fix it) February 2015 Presentation Agenda 5 Reasons Your Program isn t Working 10 Learning Science Principles Continuous Training
More informationSPEAR PHISHING AN ENTRY POINT FOR APTS
SPEAR PHISHING AN ENTRY POINT FOR APTS threattracksecurity.com 2015 ThreatTrack, Inc. All rights reserved worldwide. INTRODUCTION A number of industry and vendor studies support the fact that spear phishing
More informationSecurity Awareness Training Solutions
DATA SHEET Security Awareness Training Solutions A guide to available Dell SecureWorks services At Dell SecureWorks, we strive to be a trusted security advisor to our clients. Part of building this trust
More information5 Reasons Why Your Security Education Program isn t Working (and how to fix it)
5 Reasons Why Your Security Education Program isn t Working (and how to fix it) February 2015 Presentation Agenda Importance of Secure End User Behavior 5 Reasons Your Program isn t Working 10 Learning
More informationTechnical Testing. Network Testing DATA SHEET
DATA SHEET Technical Testing Network Testing The Dell SecureWorks Technical Testing services deliver the independent expertise, experience and perspective you need to enhance your security posture, reduce
More informationTraining Employees to Recognise & Avoid Advanced Threats
Training Employees to Recognise & Avoid Advanced Threats Joe Ferrara, President & CEO, Wombat Security Technologies Rashmi Knowles, Chief Security Architect EMEA, RSA The Security Division of EMC Session
More informationEMAIL MARKETING TIPS. From Our InfoUSA Email Experts
EMAIL MARKETING TIPS From Our InfoUSA Email Experts In order to assist you every step of the way while creating an Email Marketing Campaign, our InfoUSA Email Experts have compiled lists of their best
More informationHow to select the right Marketing Cloud Edition
How to select the right Marketing Cloud Edition Email, Mobile & Web Studios ith Salesforce Marketing Cloud, marketers have one platform to manage 1-to-1 customer journeys through the entire customer lifecycle
More informationState of the Phish 2015
Introduction The threat is real Phishing continues to pose a growing threat to the security of industries of every kind from financial organizations to government contractors to healthcare firms. Though
More informationMay 2011 Report #53. The following trends are highlighted in the May 2011 report:
May 2011 Report #53 The unexpected raid and resulting death of Osama Bin Laden shocked the world. As always, spammers were quick to jump on this headline, and send a variety of spam messages leveraging
More information7 Ways Predictive Intelligence Can Elevate Your Email Marketing
7 Ways Predictive Intelligence Can Elevate Your Email Marketing Email is the cornerstone of digital marketing. In fact, 68% of marketers say that email is core to their business 1. With competition for
More informationeprism Email Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide
eprism Email Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide This guide is designed to help the administrator configure the eprism Intercept Anti-Spam engine to provide a strong spam protection
More informationTHE THREE Es OF MODERN EMAIL SECURITY FOR PHISHING
THE THREE Es OF MODERN EMAIL SECURITY FOR PHISHING AN ACCUVANT VIEWPOINT By James Robinson, Director, Office of the CISO Attempting to keep up with the ever-changing world of cyber security threats can
More informationTop 10 Tips to Improve Your Email Permission
BES T PR AC TICES GUIDE EMAIL MARKE TING Learn How to Get (and Keep) Email Permission INSIGHT PROVIDED BY www.constantcontact.com 1-866-876-8464 2011 Constant Contact, Inc. 10-1720 BEST PRACTICES GUIDE
More informationSocial Engineering & How to Counteract Advanced Attacks. Ralph Massaro, VP of Sales Wombat Security Technologies, Inc.
Social Engineering & How to Counteract Advanced Attacks Ralph Massaro, VP of Sales Wombat Security Technologies, Inc. Agenda Social Engineering DEFCON Competition Source of Problem Countermeasures Social
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationENDPOINT SECURITY WHITE PAPER. Endpoint Security and Advanced Persistent Threats WWW.COMODO.COM
WHITE PAPER Endpoint Security and Advanced Persistent Threats The Invisible Threat They re out there waiting. Sitting at their computers hoping for you to make a mistake. And you will. Because no one is
More informationDeveloping a Successful Security Awareness Training Program. Shea Garber, Sr. Account Executive Wombat Security Technologies, Inc.
Developing a Successful Security Awareness Training Program Shea Garber, Sr. Account Executive Wombat Security Technologies, Inc. Agenda The human element of cyber security Building your case Building
More informationEMAIL MARKETING MODULE OVERVIEW ENGINEERED FOR ENGAGEMENT
PLATFORM PEOPLE STRATEGY EMAIL MARKETING MODULE OVERVIEW ENGINEERED FOR ENGAGEMENT Contents p1 E-Newsletter Overview p2 E-Newsletter Sample p3 Forward Article p4 p5 p6 p7 Print Article Read More Subscription
More informationContents. McAfee Internet Security 3
User Guide i Contents McAfee Internet Security 3 McAfee SecurityCenter... 5 SecurityCenter features... 6 Using SecurityCenter... 7 Fixing or ignoring protection problems... 16 Working with alerts... 21
More informationDecember 2010 Report #48
December 2010 Report #48 With the holidays in full gear, Symantec observed an increase of 30 percent in the product spam category as spammers try to push Christmas gifts and other products. While the increase
More informationWHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION
WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION Table of Contents Executive Summary...3 Vulnerability Scanners Alone Are Not Enough...3 Real-Time Change Configuration Notification is the
More informationContextual Authentication: A Multi-factor Approach
Contextual Authentication: A Multi-factor Approach Multi-factor Authentication Layer v.3.2-003 PortalGuard dba PistolStar, Inc. PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200 Fax: 617.674.2727 E-mail:
More informationLeaving Money On The Table
10 Ways Retailers Are Leaving Money On The Table Page 1 Let s face it: gaining and retaining customers can often feel like a high stakes match. What s the right balance between what you ll give in the
More informationOverview of Registered Envelopes. Registered Envelope Notification Message
Overview of Registered Envelopes A Registered Envelope is a type of encrypted email message. Some Registered Envelopes are password-protected, while others are encrypted but do not require a password.
More informationTechnical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments
DATA SHEET Technical Testing Application, Network and Red Team Testing The Dell SecureWorks Technical Testing services deliver the independent expertise, experience and perspective you need to enhance
More informationTechnical Report - Practical measurements of Security Systems
A Short Study on Security Indicator Interfaces Technical Report UCSC-WASP-15-04 November 2015 D J Capelis mail@capelis.dj Working-group on Applied Security and Privacy Storage Systems Research Center University
More informationTable of Contents. Copyright 2011 Synchronous Technologies Inc / GreenRope, All Rights Reserved
Table of Contents Introduction: Gathering Website Intelligence 1 Customize Your System for Your Organization s Needs 2 CRM, Website Analytics and Email Integration 3 Action Checklist: Increase the Effectiveness
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationWhat the Financial & Insurance Industries Can Learn from Retailers
What the Financial & Insurance Industries Can Learn from Retailers 1 Retailers have long understood that personalization is a strong business driver that helps them market to their customers with more
More informationAdministrator's Guide
Administrator's Guide Copyright SecureAnywhere Mobile Protection Administrator's Guide November, 2012 2012 Webroot Software, Inc. All rights reserved. Webroot is a registered trademark and SecureAnywhere
More informationThree pillars of successful email deliverability
Three pillars of successful email deliverability Ensuring safe arrival and optimum placement in the inbox An Experian Marketing Services white paper Contents Introduction...1 Data integrity...2 Relevance...3
More informationIBM Marketing Cloud adds enterprise packages and offers new capabilities for all packages
IBM United States Software Announcement 215-492, dated October 27, 2015 adds enterprise packages and offers new capabilities for all packages Table of contents 1 Overview 6 Publications 2 Key prerequisites
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More information11 emerging. trends for DIGITAL MARKETING FINANCIAL SERVICES. By Clifford Blodgett. Demand Generation and Digital Marketing Manager
11 emerging DIGITAL MARKETING trends for FINANCIAL SERVICES By Clifford Blodgett Demand Generation and Digital Marketing Manager Exploiting your Technology Vendors Customer Engagement and Maintaining a
More informationContinuous Penetration Testing
Continuous Penetration Testing SyCom Technologies 1.0 Continuous Penetration Testing Imagine a service that continuously monitors and reports on any new threats that emerge real time and provides a tactical
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationENABLING FAST RESPONSES THREAT MONITORING
ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger,
More informationEmail Marketing Basics
Email Marketing Basics Email Marketing Basics Background Since 1994, Visual Data Systems has been a leader in: Website Design Software Integration Search Engine Optimization & Marketing Technology Consultation
More informationTargeted attacks: Tools and techniques
Targeted attacks: Tools and techniques Performing «red-team» penetration tests Lessons learned Presented on 17/03/2014 For JSSI OSSIR 2014 By Renaud Feil Agenda Objective: Present tools techniques that
More informationUSING SOCIAL MEDIA EFFECTIVELY TO MAKE
[Type text] 3/23/2012 HMI USING SOCIAL MEDIA EFFECTIVELY TO MAKE THE MOST OF YOUR FARM BUSINESS Contents What Is Inbound Marketing?... 2 Part I: Introduction to Inbound Marketing... 3 Part II: Get Found
More informationSecurity Practices for Online Collaboration and Social Media
Cisco IT Best Practice Collaboration Security Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 2013 Cisco and/or its affiliates. All rights reserved.
More informationFrom Traditional Functional Testing to Enabling Continuous Quality in Mobile App Development
From Traditional Functional Testing to Enabling Continuous Quality in Mobile App Development Introduction Today s developers are under constant pressure to launch killer apps and release enhancements as
More informationU.S. Bank Secure Email Quick Start Guide
Welcome to U.S. Bank s Secure Email Service! US Bank has partnered with Cisco to leverage their secure email solution, Cisco Registered Envelope Service (CRES). This guide will show you the steps for opening
More informationCarbon Black and Palo Alto Networks
Carbon Black and Palo Alto Networks Bring Together Next-Generation Endpoint and Network Security Solutions Endpoints and Servers in the Crosshairs of According to a 2013 study, 70 percent of businesses
More informationEmail Graphic Design Best Practices
Email For Advocacy and Community Organizing: Basics, Essentials, and Best Practices Email Graphic Design Best Practices These training materials have been prepared by Aspiration in partnership with Radical
More informationTOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY. Mark Villinski @markvillinski
TOP 10 TIPS FOR EDUCATING EMPLOYEES ABOUT CYBERSECURITY Mark Villinski @markvillinski Why do we have to educate employees about cybersecurity? 2014 Corporate Threats Survey 94% of business s suffered one
More informationGetting started with your email tool
Getting started with your email tool GETTING STARTED WITH YOUR EMAIL TOOL 1 This is a step-by-step guide to sending your first campaign with our email marketing tool. Follow the instructions on this page
More informationThexyz Premium Webmail
Webmail Access all the benefits of a desktop program without being tied to the desktop. Log into Thexyz Email from your desktop, laptop, or mobile phone, and get instant access to email, calendars, contacts,
More informationFighting Off an Advanced Persistent Threat & Defending Infrastructure and Data. Dave Shackleford February, 2012
Fighting Off an Advanced Persistent Threat & Defending Infrastructure and Data Dave Shackleford February, 2012 Agenda Attacks We ve Seen Advanced Threats what s that mean? A Simple Example What can we
More informationSecuring mobile devices in the business environment
IBM Global Technology Services Thought Leadership White Paper October 2011 Securing mobile devices in the business environment By I-Lung Kao, Global Strategist, IBM Security Services 2 Securing mobile
More informationStop the Maelstrom: Using Endpoint Sensor Data in a SIEM to Isolate Threats
Stop the Maelstrom: Using Endpoint Sensor Data in a SIEM to Isolate Threats Jody C. Patilla The Johns Hopkins University Session ID: TECH-107 Session Classification: Intermediate Objectives Get more out
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationSocial Media and Cyber Safety
Social Media and Cyber Safety Presented to the National Association of REALTORS by Andrew Wooten Safety and Security Consultant andrew@justbesafe.com Social Media and Cyber Safety Our instructor today
More informationFrequency Matters. The keys to optimizing email send frequency
The keys to optimizing email send frequency Email send frequency requires a delicate balance. Send too little and you miss out on sales opportunities and end up leaving money on the table. Send too much
More informationdatatrac Want to maximize your online ROI? ABOUT datatrac you ve come to the right place.
ABOUT datatrac Datatrac is a leading ASP of hosted e-mail marketing software that allows permission-based marketers to manage, send, track, and grow their e-mail campaigns. Leading marketers have incorporated
More informationThreat Spotlight: Angler Lurking in the Domain Shadows
White Paper Threat Spotlight: Angler Lurking in the Domain Shadows Over the last several months Talos researchers have been monitoring a massive exploit kit campaign that is utilizing hijacked registrant
More informationThe Proactive Marketer. Ensuring the safe arrival and optimum placement of emails
The Proactive Marketer Ensuring the safe arrival and optimum placement of emails Contents Introduction 4 Data integrity 5 Relevance 6 Reputation 8 Building a firm foundation 10 In summary 11 About the
More informationDIRECT MARKETING 101: Online Fundraising
DIRECT MARKETING 101: Online Fundraising March 2014 Barb Perell Avalon Consulting Group Takeaways from this session: The foundation of any online program How to integrate online with other direct marketing
More informationDigital Messaging Platform. Digital Messaging Platform. AgilityHarmony. Orchestrate more meaningful relationships between you and your customers
Digital Messaging Platform Digital Messaging Platform AgilityHarmony Orchestrate more meaningful relationships between you and your customers By marketers for marketers Epsilon Agility Harmony brings together
More information8 TIPS FOR MAKING THE MOST OF GOOGLE ANALYTICS. Brought to you by Geary LSF and Orbital Informatics
8 TIPS FOR MAKING THE MOST OF GOOGLE ANALYTICS Brought to you by Geary LSF and Orbital Informatics TABLE OF CONTENTS 3 5 7 8 9 10 11 12 13 14 15 Introduction 8 Tips for Google Analytics Don t let Google
More informationDealing with spam mail
Vodafone Hosted Services Dealing with spam mail User guide Welcome. This guide will help you to set up anti-spam measures on your email accounts and domains. The main principle behind dealing with spam
More informationReal World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services
Real World Healthcare Security Exposures Brian Selfridge, Partner, Meditology Services 2 Agenda Introduction Background and Industry Context Anatomy of a Pen Test Top 10 Healthcare Security Exposures Lessons
More informationBoost Profits and. Customer Relationships with. Effective E-Mail Marketing
Boost Profits and Customer Relationships with Abstract E-mail marketing is experiencing dramatic growth as marketers in virtually every industry begin to take advantage of this powerful technique that
More information2010 AICPA Top Technology Initiatives. About the Presenter. Agenda. Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP
2010 AICPA Top Technology Initiatives Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP Georgia Society of CPAs Annual Convention June 16, 2010 About the Presenter Partner-in-Charge, Habif,
More informationAttack Intelligence: Why It Matters
Attack Intelligence: Why It Matters WHITE PAPER Core Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com A Proactive Strategy Attacks against your organization are more prevalent than ever,
More informationPROOFPOINT COMMUNICATION SERVICE (PCS)
INTRODUCING THE PROOFPOINT COMMUNICATION SERVICE (PCS) Customer Reference Guide March 2015 Version 2.0 TABLE OF CONTENTS Introduction...3 Important Notes...3 Using the Proofpoint Communication Service
More information1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.
Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is
More informationPRODUCT DESCRIPTIONS AND METRICS
PRODUCT DESCRIPTIONS AND METRICS Adobe PDM Adobe Campaign Managed Services (2014v1) The Products and Services described in this PDM are subject to the applicable Sales Order, the terms of this PDM, the
More informationFighting spam in Australia. A consumer guide
Fighting spam in Australia A consumer guide Fighting spam Use filtering software Install anti-virus software Use a personal firewall Download security patches Choose long and random passwords Protect your
More informationIntegrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com
SAINT Integrated Network Vulnerability Scanning and Penetration Testing www.saintcorporation.com Introduction While network vulnerability scanning is an important tool in proactive network security, penetration
More informationCreating a Culture of Cyber Security at Work
Creating a Culture of Cyber Security at Work Webinar Why is this important? Cybersecurity is a people problem. Cybersecurity is no longer just the IT department s responsibility. It is everyone s responsibility.
More informationHow To Create Aweber List & Follow Up Emails
How To Create Aweber List & Follow Up Emails Step 1 Login to Aweber Go to http://aweber.com/?316320. Now enter your customer login (affiliate ID) and password, then click on Login To My Account (image
More informationWho Controls Your Information in the Cloud?
Who Controls Your Information in the Cloud? threat protection compliance archiving & governance secure communication Contents Who Controls Your Information in the Cloud?...3 How Common Are Information
More informationConducting an Email Phishing Campaign
Conducting an Email Phishing Campaign WMISACA/Lansing IIA Joint Seminar May 26, 2016 William J. Papanikolas, CISA, CFSA Sparrow Health System Estimated cost of cybercrime to the world economy in 2015 was
More informationWebmail Friends & Exceptions Guide
Webmail Friends & Exceptions Guide Add email addresses to the Exceptions List and the Friends List in your Webmail account to ensure you receive email messages from family, friends, and other important
More informationSalesforce Installation and Customization Guide for Professional Edition Users
Salesforce Installation and Customization Guide for Professional Edition Users Note: You must have an active Response Wise account. The Response Wise Salesforce App will not work with trial accounts. Please
More informationTEN COMMANDMENTS OF EFFECTIVE SECURITY AWARENESS TRAINING
Ralph Massaro VP of Operations TEN COMMANDMENTS OF EFFECTIVE SECURITY AWARENESS TRAINING 10/26/2012 1 Humans - The Weakest Link? 82% of large organizations had staff driven security breaches(1) 47% had
More informationThe Cloud App Visibility Blind Spot
WHITE PAPER The Cloud App Visibility Blind Spot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Line-of-business leaders everywhere are bypassing IT departments
More informationEnsighten Activate USE CASES. Ensighten Pulse. Ensighten One
USE CASES Ensighten Activate Ensighten One Ensighten Pulse Use Case: On-Site Targeting based on Off-Site Display Ad Deliver relevant content to customers after they viewed or clicked through an Off-Site
More informationFeature Guide. Want to talk it through? pure360.com call: 0844 586 0001 email: contact@pure360.com. Work With Data. Work With Messages
ro Work With Data Import, append & export unlimited lists - with no restrictions on number of contacts De-duplication and list cleaning Dedupe of lists on upload, clean bounces Automatic bounce, opt-out
More informationAbout MicroSolved, Inc. Company Profile, Experience, Capabilities and Differentiators
About MicroSolved, Inc. Company Profile, Experience, Capabilities and Differentiators Profile MicroSolved, Inc. is an Ohio corporation with a Dun and Bradstreet number of 022904119. Since 1992, MSI has
More informationEMAIL + CRM: Engaging and Retaining Your B2B Customers. John Johnston Director, Digital Marketing Volvo Construction Equipment
EMAIL + CRM: Engaging and Retaining Your B2B Customers John Johnston Director, Digital Marketing Volvo Construction Equipment TODAY S AGENDA What are we doing? How are we doing it? What have we learned?
More informationMalware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationCountermeasures against Bots
Countermeasures against Bots Are you sure your computer is not infected with Bot? Information-technology Promotion Agency IT Security Center http://www.ipa.go.jp/security/ 1. What is a Bot? Bot is a computer
More informationwhat is Interactive Content & why it works
what is Interactive Content & why it works About SnapApp SnapApp s content marketing platform gives companies the power to drive engagement, generate leads and increase revenue by easily creating, publishing,
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationContent Security: Protect Your Network with Five Must-Haves
White Paper Content Security: Protect Your Network with Five Must-Haves What You Will Learn The continually evolving threat landscape is what makes the discovery of threats more relevant than defense as
More informationIntroduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.
Contents Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined. Technical OverView... Error! Bookmark not defined. Network Intrusion Detection
More information10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011
10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection September 2011 10 Potential Risks Facing Your IT Department: Multi-layered Security & Network Protection 2 It s
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationIntroduction. Special thanks to the following individuals who were instrumental in the development of the toolkits:
Introduction In this digital age, we rely on our computers and devices for so many aspects of our lives that the need to be proactive and vigilant to protect against cyber threats has never been greater.
More informationDefending Against. Phishing Attacks
Defending Against Today s Targeted Phishing Attacks DeFending Against today s targeted phishing attacks 2 Introduction Is this email a phish or is it legitimate? That s the question that employees and
More informationdotmailer for Dynamics Frequently Asked Questions v 6,0
for Dynamics Frequently Asked Questions v 6,0 Page 1 Contents Introduction... 2 Why should I use the Microsoft Dynamics CRM Connector for dotmailer?... 3 What software needs to be installed?... 3 Can I
More informationDepartment of Homeland Security
Department of Homeland Security National Cybersecurity Assessments & Technical Services (NCATS) Service Overview, Success and Challenges 3/18/2016 1 Agenda Discussion about NCATS Current Programs and Services
More informationThree powerful analytics use cases for Customer Link. How linked data powers smarter analytics and better predictive models
Three powerful analytics use cases for Customer Link 1 How linked data powers smarter analytics and better predictive models 0123 4567 8901 2345 The power of linked data When it comes to adopting new tech
More informationSHS Annual Information Security Training
SHS Annual Information Security Training Information Security: What is It? The mission of the SHS Information Security Program is to Protect Valuable SHS Resources Information Security is Everyone s Responsibility
More information