PeopleSec Blog


SOX Compliance

Sox Compliance Requirements a Basic Outline

Introduction The Sarbanes-Oxley Act is the law as of 2002. You may remember the infamous corporations that were the driving force behind the Act, such as WorldCom and Enron. SOX accordingly expanded and defined new requirements for all public companies as well as management accounting firms. In addition, boards of public organizations in the United States hold […]

NIST Special Publication 800 53

NIST Special Publication 800 53

What Is NIST Special Publication 800 53? NIST Special Publication 800 53, developed by the National Institute of Standards and Technology, provides Federal organizations with a dossier of security controls for the information systems under the purview of the concerned agency. This catalog is not applicable to information systems that are related to national security. […]

FISMA Compliance Checklist

The Federal Information Security Management Act (FISMA) and Compliance Requirements

An introduction to FISMA The Federal Information Security Management Act (FISMA) is a landmark piece of federal legislation that was enacted by the United States in 2002 under the E-Government Act of 2002. The federal government enacted the law in order to acknowledge the growing importance of information security to the political, economic, military, and […]

security awareness

Security Awareness Training & Education Program, Crucial Elements to Incorporate

Does your organization take security awareness seriously? Would your employees be able to defend against social engineering attacks? Is the effectiveness of your organizational security frequently tested? You should be answering a resounding “Yes” to all of these questions.  If you answer “no” or “I don’t know” this may be a sign that your organization has serious security vulnerabilities. The following is […]

Information Security Awareness Tips from a Newborn

While the linked post may be stretching a correlation, the points are accurate, entertaining, and what Information Security loving expert doesn’t want to buy that onesie.  The top tip, Putting in only 45 minutes a year is bad, PeopleSec is in full agreement.  A single 45-minute training a year is not a good practice. Information Security Experts need […]

Phishing with emotion and stress results in bad choices

Recently on one of my personal sites, I received the below phishing attempt: I see a ton of phishing examples as part of PeopleSec’s Security Awareness Training and Education (SATE) program.  It is not often a phish in the wild catches my eye and looks like anything other than spam.  This email is an excellent […]

CEO fraud attacks spoof or hijack executive email or other accounts to get employees to wire money or reveal sensitive information

“CEO Fraud Attack” Readiness is Only Assumed

CEO fraud attacks succeed due to untested, unjustified confidence in employee readiness. Enterprises must take them more seriously. The scam’s tactics and techniques are hardly indefensible. Employees simply are not prepared. Quick confession: I once thought such confidence was warranted. However, numerous real-life examples changed my mind. We need others to change their mind too. CEO Fraud Problem Pervasiveness […]

Manage Risk

The secret sauce for IT to Manage Risk – You would never guess it!

Over the last thirty years, the prevailing belief has been that process, technology and technique, manage risk. While it is true that processes and engineering & technology controls play a significant role in our risk strategy, it is ultimately people that manage risk. The dilemma is that people are very complicated; we don’t always act […]

Password security

Password security tips to keep you safe online

Do NOT use the same password for everything, this drastically reduces password security It’s a bad idea. If that password is disclosed, the “bad guy” would have the keys to all your information. Furthermore, if that password is used to access your email address, all other account passwords may be reset using the “Forgot My Password” Link. Not using the same password for everything is the […]

Social Engineering

Social Engineering Attacks Driving Security Awareness

Social engineering and cybercrime are on the rise around the world. Business owners need to pay attention to current trends in the world of information security (infosec). In 2005, the United States Bureau of Justice Statistics reported that 60 percent of American companies had detected at least one instance of cybercrime. Tech giant IBM believes that […]

security awareness training and education

7 Steps for Success with Security Awareness Training and Education (SATE)

The term “company culture” is a buzzword that has been floating around for the last few years. While that brings to mind images of ping pong competition and in-office happy hours, there’s another element of company culture on the rise: security. Even companies with the best product or service can fail with a weak security […]

Hacker

Phishing Training: How Not to Be Hacker-Proof

.Ah, the Internet, such a wonderful trove of information and opportunity. Isn’t it the neighborly thing to do to share the resources you have with others? Some people are a little more ambitious than others when it comes to procuring that information. Who are you to stop them? After all, one person’s security awareness is […]