Intro
Welcome back! This is episode 31 of The Insider Threat podcast, for the week of January 15th, 2018.
This has been an interesting couple of weeks. I've passed along leadership on one organization that I am a member of, while trying to become a better leader in my day job. I've also joined a team of very competent virtual CISOs, where we'll serve in that capacity for small or medium sized businesses who can't afford to have a CISO hired on full time.
I've had a little bit of time for intraspection and maybe it is the new year getting to me, but I've been focused on ways to improve myself this year in many areas.
Enough about me though...
Infosec Trivia Question
It's time for your Infosec Trivia Question, where Google is king and the prize is nonexistent!
The question last episode was "Quite a long time ago in a distant place, the biggest weapon ever developed was completely destroyed by exploiting a vulnerability intentionally left by an insider threat. What was the name of this weapon and who was the insider threat?"
The answer was "Galen Erso".
For 39 years there was a bug in the deathstar's design that allowed the Rebel Alliance to take it out relatively easily. It was put there intentionally by our insider threat during its design phase. In our world, you could call this a back door and a vulnerability that was readily exploitable.
Congratulations to Sean from Providence, Sara from Germany, Noah from Calgary, and Joe from Decatur for getting the correct answer.
Here's your question for this episode: "In the book titled "Little Brother", the main character is able to bypass government surveillance techniques and pass secure messages. What kind of device did he hack in order to accomplish this task?"
Send your response to InfosecAnswer@gmail.com. Be sure to include your first name, location, and the hashtag "BART".
Discussion Topic for the Episode
This episode’s discussion topic is tips and tricks for giving in-person user awareness training
First, this isn't the only type of user awareness training, but some organizations only go this route
Just like any other public speaking or training
Use the organizational policies as the base
Include realistic stories, scenarios, and/or case studies
Start with a joke or question to get attendees interested and engaged
Incorporate role playing to keep them engaged and stimulate group-think
Very important: go over reporting procedures and include it in role play
Make them the superheroes - they are a very important part of the program
Lightly imply the types of technology used to monitor employee behavior and systems
End with an open door policy
News
Meltdown and Spectre
Closing Thought
Our closing thought comes from Allan Bloom, an American philosopher. He said, "Education is the movement from darkness to light."
Outro
Thank you for listening to episode 31 of The Insider Threat podcast. Please remember to subscribe and review in your favorite podcast app, and also share with everyone you know! Those reviews are key to building this out and improving for later episodes, so please feel free to leave suggestions.
You can contact me on twitter @stevehigdon or send an email to steve@theinsiderthreatpodcast.com. Go to our website, www.theinsiderthreatpodcast.com, to find the show notes for this and every other episode, as well as links to the topics we've covered. You can also go to the website to find a link to the Patreon page and subscribe to the newsletter to get up-to-date information on current episodes and news for the show. Call and leave a voicemail at (443) 292-2287 to have a conversation, get a comment added to the show, or even ask a question.
Thanks again and I'll see you folks next time!
Contact information:
Call in number: (443) 292-2287
Email - steve@theinsiderthreatpodcast.com
Blog - http://www.stephenhigdon.com
Twitter - https://twitter.com/stevehigdon
LinkedIn - https://www.linkedin.com/in/stevehigdon-infosec/
Linkswww.observeit.com
Spectre and Meltdown: What you need to know going forward | CSO Online
Comentarios