- Blog
- December 2009
December 2009
Published on December 20, 2009 by Karen Letain in News, Other
http://www.forbes.com/2009/12/10/adobe-hackers-microsoft-technology-cio-network-software.html
Forbes recently compiled a list of the seven Most-Hacked software titles for 2009. They took a survey of security professionals from various companies including Verisign, TippingPoint, iDefense and Qualys. Based on this survey, Forbes found that the following were the most hacked software titles from 2009.
- Adobe Reader
- Internet Explorer
- Mozilla Firefox
- Adobe Flash
- Apple Quicktime
- Microsoft Office
- Microsoft Windows
Even though Adobe has become a major focus for hackers, old targets such as Explorer and Firefox are still far from secure. Researchers also note that hackers are turning awary from bugs in operating systems to focus on applications. Partly because operating systems are more securely coded and are systematically patched more frequently than applications that run on them. Application patches are not implemented as frequently by users even after they are issued by a vendor.
For the new year, make sure you keep on top of your ptaches and make sure you are especially dilligent with patches released by your application vendors.
Have a safe and prosperous new year! Our best wishes to all of our clients and followers for the new year.
Published on December 14, 2009 by Karen Letain in Planning, Reinforcement Tools
I purchased a new pair of runners for my 7 year old and these had laces. I had taught him to tie his shoes in Kindergarten but with most of the shoes and boots having velcro, I did not realize that the lesson taught in Kindergarten did not stick. I was both shocked and dismayed to realize that my Grade 2 child did not know how to tie his shoes! As a parent I also had that wonderful "guilt" feeling that goes along with realizing that I probably didn't do a very good job initially as I was in a rush (as always) and should have probably spent more time having him practice so that he retained the knowledge. I also should have bought him more shoes with laces!
So...how does this relate to security awareness? Like any type of training or learning, if a person does not practice what has been learned it does not get retained. Security awareness is even more difficult since we are ultimately trying to change behavior. Individuals are already set in their ways of performing various job tasks throughout the day. Security awareness is about changing the way in which those tasks are performed. Teaching a security awareness class once a year and providing no other reinforcement or communication on the subject will not sufficiently change behavior of your end users.
Not putting aside enough time as an educator to ensure that your security awareness program is planned and supported properly will lead to additional stress, guilt and ultimately to the failure of the awareness program.
So...what do we do? We must ensure that awareness is done in small bite sized amounts that are easily digestible and then follow up with reinforcement tools or methods - ie., posters, newsletters, video clips, spot checks or walkabout reminders that catch people doing what was taught correctly or not correctly. Providing continuous training throughout the year will aid in retention. Providing rewards and or encouragement for the training being accomplished and for a change in behavior will provide you with a better and more widely accepted security awareness program.
Published on December 04, 2009 by Karen Letain in Other, Planning
At schools and colleges across the country and around the world, the use of the Internet and Web for learning and teaching is causing a major change in the landscape of education. Building upon decades of computer networking activities (e.g. e-mail and bulletin board systems), the Internet has produced phenomenal growth in the extent and scope of online education.
Online education has created a new paradigm for teaching and learning different from the traditional classroom experience, and also different from earlier attempts at computer-based instruction. instructional methods and strategies employed in online courses are essentially the same as those used by instructors in their traditional classes, with the exception of student interaction and collaboration.
While online education certainly has it benefits from an ROI perspective over traditional classroom methods, what is inherently missing is the "interaction and collaboration" part. As social media and online communities continue to expand and grow in popularity, educators will need to be able to tap into this new method of communication and adapt online education to fit with the new bite-sized, instantaneous learning methodology. How can we use tools like twitter to get the message through and make it stick? Here is our opportunity to build social education communities and interact with each other regardless of distance to share and learn in a community fashion. How inspiring is that? How are you going to use this new medium in your training plans?
