Date Author Title
2021-05-29Guy BruneauSpear-phishing Email Targeting Outlook Mail Clients
2019-03-06Johannes UllrichMarch Edition of Ouch! Newsletter: Securely Disposing Mobile Devices https://www.sans.org/security-awareness-training/resources/disposing-your-mobile-device
2017-09-18Johannes UllrichSANS Securingthehuman posted a follow up to their Equifax breach webcast: https://securingthehuman.sans.org/blog/2017/09/15/equifax-webcast-follow-up
2017-08-13Didier StevensThe Good Phishing Email
2017-02-15Xavier MertensHow was your stay at the Hotel La Playa?
2017-01-11Johannes UllrichJanuary 2017 Edition of Ouch! Security Awareness Newsletter Released: https://securingthehuman.sans.org/ouch
2016-04-02Russell EubanksWhy Can't We Be Friends?
2015-10-27Xavier MertensThe "Yes, but..." syndrome
2015-10-18Russell EubanksSecurity Awareness for Security Professionals
2015-10-17Russell EubanksCIS Critical Security Controls - Version 6.0
2015-09-23Daniel WesemannMaking our users unlearn what we taught them
2015-05-07Chris MohanSecurity Awareness? How do you keep your staff safe?
2014-07-02Johannes UllrichJuly Ouch! Security Awareness Newsletter Released. E-mail Do's and Don'ts http://www.securingthehuman.org/resources/newsletters/ouch/2014#july2014
2014-02-05Johannes UllrichSANS Ouch Security Awareness Newsletter What is Malware http://www.securingthehuman.org/ouch
2013-10-01Adrien de BeaupreCSAM! Send us your logs!
2013-08-07Johannes UllrichNew edition of the Ouch! Security Awareness Newsletter is out: http://www.securingthehuman.org/resources/newsletters/ouch/2013
2012-12-18Rob VandenBrinkAll I Want for Christmas is to Not Get Hacked !
2012-10-30Mark HofmanCyber Security Awareness Month - Day 30 - DSD 35 mitigating controls
2012-10-29Kevin ShorttCyber Security Awareness Month - Day 29 - Clear Desk: The Unacquainted Standard
2012-10-26Russ McReeCyber Security Awareness Month - Day 26 - Attackers use trusted domain to propagate Citadel Zeus variant
2012-10-25Richard PorterCyber Security Awareness Month - Day 25 - Pro Audio & Video Packets on the Wire
2012-10-24Russ McReeCyber Security Awareness Month - Day 24 - A Standard for Information Security Incident Management - ISO 27035
2012-10-23Rob VandenBrinkCyber Security Awareness Month - Day 23: Character Encoding Standards - ASCII and Successors
2012-10-21Johannes UllrichCyber Security Awareness Month - Day 22: Connectors
2012-10-19Johannes UllrichCyber Security Awareness Month - Day 19: Standard log formats and CEE.
2012-10-18Rob VandenBrinkCyber Security Awareness Month - Day 18 - Vendor Standards: The vSphere Hardening Guide
2012-10-17Rob VandenBrinkCyber Security Awareness Month - Day 17 - A Standard for Risk Management - ISO 27005
2012-10-16Richard PorterCyberAwareness Month - Day 15, Standards Body Soup (pt2), Same Soup Different Cook.
2012-10-16Johannes UllrichCyber Security Awareness Month - Day 16: W3C and HTML
2012-10-14Pedro BuenoCyber Security Awareness Month - Day 14 - Poor Man's File Analysis System - Part 1
2012-10-13Guy BruneauNew Poll - Cyber Security Awareness Month Activities 2012 - https://isc.sans.edu/poll.html
2012-10-12Mark HofmanCyber Security Awareness Month - Day 12 PCI DSS
2012-10-11Rob VandenBrinkCyber Security Awareness Month - Day 11 - Vendor Agnostic Standards (Center for Internet Security)
2012-10-10Kevin ShorttCyber Security Awareness Month - Day 10 - Standard Sudo - Part Two
2012-10-09Johannes UllrichCyber Security Awreness Month - Day 9 - Request for Comment (RFC)
2012-10-08Mark HofmanCyber Security Awareness Month - Day 8 ISO 27001
2012-10-07Tony CarothersCyber Security Awareness Month - Day 7 - Rollup Review of CSAM Week 1
2012-10-06Manuel Humberto Santander PelaezCyber Security Awareness Month - Day 6 - NERC: The standard that enforces security on power SCADA
2012-10-05Johannes UllrichCyber Security Awareness Month - Day 5: Standards Body Soup, So many Flavors in the bowl.
2012-10-04Johannes UllrichCyber Security Awareness Month - Day 4: Crypto Standards
2012-10-03Kevin ShorttCyber Security Awareness Month - Day 3 - Standard Sudo - Part One
2012-10-02Russ McReeCyber Security Awareness Month - Day 2 - PCI Security Standard: Mobile Payment Acceptance Security Guidelines
2012-10-01Johannes UllrichCyber Security Awareness Month
2012-07-14Tony CarothersUser Awareness and Education
2011-10-29Richard PorterThe Sub Critical Control? Evidence Collection
2011-10-28Daniel WesemannCritical Control 20: Security Skills Assessment and Training to fill Gaps
2011-10-28Russ McReeCritical Control 19: Data Recovery Capability
2011-10-27Mark BaggettCritical Control 18: Incident Response Capabilities
2011-10-26Rick WannerCritical Control 17:Penetration Tests and Red Team Exercises
2011-10-17Rob VandenBrinkCritical Control 11: Account Monitoring and Control
2011-10-13Guy BruneauCritical Control 10: Continuous Vulnerability Assessment and Remediation
2011-10-12Kevin ShorttCritical Control 8 - Controlled Use of Administrative Privileges
2011-10-11Swa FrantzenCritical Control 7 - Application Software Security
2011-10-10Jim ClausingCritical Control 6 - Maintenance, Monitoring, and Analysis of Security Audit Logs
2011-10-07Mark HofmanCritical Control 5 - Boundary Defence
2011-10-04Rob VandenBrinkCritical Control 2 - Inventory of Authorized and Unauthorized Software
2011-10-04Johannes UllrichCritical Control 3 - Secure Configurations for Hardware and Software on Laptops, Workstations and Servers
2011-10-03Mark HofmanCritical Control 1 - Inventory of Authorized and Unauthorized Devices
2011-10-03Mark BaggettWhat are the 20 Critical Controls?
2011-10-03Tom ListonSecurity 101 : Security Basics in 140 Characters Or Less
2011-10-02Mark HofmanCyber Security Awareness Month Day 1/2 - Schedule
2011-10-02Mark HofmanCyber Security Awareness Month Day 1/2 - Introduction to the controls
2011-09-21Mark HofmanOctober 2011 Cyber Security Awareness Month
2011-09-15Johannes UllrichSeptember OUCH! awareness newsletter released - How to use social networking sites safely. http://bit.ly/ja6TMH
2011-08-17Johannes UllrichAugust edition of security awareness newsletter OUCH! released. Focus: Updating your Software http://t.co/ftRVetZ
2011-06-15Johannes UllrichLatest issue of "Ouch!" is out http://www.securingthehuman.org/resources/newsletters/ouch
2011-05-31Chris MohanGetting the IT security word out there to the rest of the world
2011-05-21Daniel WesemannWeekend reading
2011-04-13Johannes UllrichApril issue of SANS Security Awareness Newsletter is out http://www.securingthehuman.org/resources/ouch
2010-10-31Marcus SachsCyber Security Awareness Month - Day 31 - Tying it all together
2010-10-30Guy BruneauCyber Security Awareness Month - Day 30 - Role of the network team
2010-10-29Manuel Humberto Santander PelaezCyber Security Awareness Month - Day 29- Role of the office geek
2010-10-28Rick WannerCyber Security Awareness Month - Day 27 - Social Media use in the office
2010-10-28Tony CarothersCyber Security Awareness Month - Day 28 - Role of the employee
2010-10-26Pedro BuenoCyber Security Awareness Month - Day 26 - Sharing Office Files
2010-10-25Kevin ShorttCyber Security Awareness Month - Day 25 - Using Home Computers for Work
2010-10-24Swa FrantzenCyber Security Awarenes Month - Day 24 - Using work computers at home
2010-10-23Mark HofmanCyber Security Awareness Month - Day 23 - The Importance of compliance
2010-10-22Daniel WesemannCyber Security Awareness Month - Day 22 - Security of removable media
2010-10-21Chris CarboniCyber Security Awareness Month - Day 21 - Impossible Requests from the Boss
2010-10-20Jim ClausingCyber Security Awareness Month - Day 20 - Securing Mobile Devices
2010-10-19Rob VandenBrinkCyber Security Awareness Month - Day 19 - Remote Access Tools
2010-10-19Rob VandenBrinkCyber Security Awareness Month - Day 19 - Remote User VPN Tunnels - to Split or not to Split?
2010-10-19Rob VandenBrinkCyber Security Awareness Month - Day 19 - VPN Architectures – SSL or IPSec?
2010-10-19Rob VandenBrinkCyber Security Awareness Month - Day 19 - Remote User VPN Access – Are things getting too easy, or too hard?
2010-10-19Rob VandenBrinkCyber Security Awareness Month - Day 19 - VPN and Remote Access Tools
2010-10-18Manuel Humberto Santander PelaezCyber Security Awareness Month - Day 18 - What you should tell your boss when there's a crisis
2010-10-17Stephen HallCyber Security Awareness Month - Day 17 - What a boss should and should not have access to
2010-10-15Marcus SachsCyber Security Awareness Month - Day 15 - What Teachers Need to Know About Their Students
2010-10-15Guy BruneauCyber Security Awareness Month - Day 16 - Securing a donated computer
2010-10-14Johannes UllrichCyber Security Awareness Month - Day 14 - Securing a public computer
2010-10-13Deborah HaleCyber Security Awareness Month - Day 13 - Online Bullying
2010-10-12Scott FendleyCyber Security Awareness Month - Day 12 - Protecting and Managing Your Digital Identity On Social Media Sites
2010-10-11Rick WannerCyber Security Awareness Month - Day 11 - Safe Browsing for Teens
2010-10-10Kevin ListonCyber Security Awareness Month - Day 10 - Safe browsing for pre-teens
2010-10-09Kevin ShorttCyber Security Awareness Month - Day 9 - Disposal of an Old Computer
2010-10-08Rick WannerCyber Security Awareness Month - Day 8 - Patch Management and System Updates
2010-10-06Rob VandenBrinkCyber Security Awareness Month - Day 7 - Remote Access and Monitoring Tools
2010-10-06Marcus SachsCyber Security Awareness Month - Day 6 - Computer Monitoring Tools
2010-10-05Rick WannerCyber Security Awareness Month - Day 5 - Sites you should stay away from
2010-10-04Daniel WesemannCyber Security Awareness Month - Day 4 - Managing EMail
2010-10-03Adrien de Beaupre Cyber Security Awareness Month - Day 3 - Recognizing phishing and online scams
2010-10-02Mark HofmanCyber Security Awareness Month - Day 2 - Securing the Family Network
2010-10-01Marcus SachsCyber Security Awareness Month - 2010
2010-10-01Marcus SachsCyber Security Awareness Month - Day 1 - Securing the Family PC
2010-08-08Marcus SachsThinking about Cyber Security Awareness Month in October
2010-05-07Rob VandenBrinkSecurity Awareness – Many Audiences, Many Messages (Part 2)
2010-05-02Mari NicholsZbot Social Engineering
2010-04-07Rob VandenBrinkThe Many Paths to Security Awareness
2010-03-07Mari NicholsDHS issues Cybersecurity challenge
2010-02-20Mari NicholsIs "Green IT" Defeating Security?
2009-10-29Kyle HaugsnessCyber Security Awareness Month - Day 29 - dns port 53
2009-10-28Johannes UllrichCyber Security Awareness Month - Day 28 - ntp (123/udp)
2009-10-25Lorna HutchesonCyber Security Awareness Month - Day 25 - Port 80 and 443
2009-10-22Adrien de BeaupreCyber Security Awareness Month - Day 22 port 502 TCP - Modbus
2009-10-21Pedro BuenoCyber Security Awareness Month - Day 21 - Port 135
2009-10-19Daniel WesemannCyber Security Awareness Month - Day 19 - ICMP
2009-10-18Mari NicholsComputer Security Awareness Month - Day 18 - Telnet an oldie but a goodie
2009-10-16Adrien de BeaupreCyber Security Awareness Month - Day 16 - Port 1521 - Oracle TNS Listener
2009-10-11Mark HofmanCyber Security Awareness Month - Day 12 Ports 161/162 Simple Network Management Protocol (SNMP)
2009-10-09Rob VandenBrinkCyber Security Awareness Month - Day 9 - Port 3389/tcp (RDP)
2009-10-06Adrien de BeaupreCyber Security Awareness Month - Day 6 ports 67&68 udp - bootp and dhcp
2009-10-05Adrien de BeaupreCyber Security Awareness Month - Day 5 port 31337
2009-10-02Stephen HallCyber Security Awareness Month - Day 2 - Port 0
2009-09-20Mari NicholsInsider Threat and Security Awareness
2009-06-20Scott FendleySituational Awareness: Spam Crisis and China
2008-11-04Marcus SachsCyber Security Awareness Month 2008 - Summary and Links
2008-11-03Joel EslerDay 34 -- Feeding The Lessons Learned Back to the Preparation Phase
2008-11-02Mari NicholsDay 33 - Working with Management to Improve Processes
2008-11-01Koon Yaw TanDay 32 - What Should I Make Public?
2008-10-31Rick WannerDay 31 - Legal Awareness
2008-10-30Kevin ListonDay 30 - Applying Patches and Updates
2008-10-29Deborah HaleDay 29 - Should I Switch Software Vendors?
2008-10-28Jason LamDay 28 - Avoiding Finger Pointing and the Blame Game
2008-10-27Johannes UllrichDay 27 - Validation via Vulnerability Scanning
2008-10-25Koon Yaw TanDay 25 - Finding and Removing Hidden Files and Directories
2008-10-25Rick WannerDay 26 - Restoring Systems from Backup
2008-10-24Stephen HallDay 24 - Cleaning Email Servers and Clients
2008-10-22Johannes UllrichDay 22 - Wiping Disks and Media
2008-10-22Chris CarboniDay 23 - Turning off Unused Services
2008-10-21Johannes UllrichDay 21 - Removing Bots, Keyloggers, and Spyware
2008-10-20Raul SilesDay 20 - Eradicating a Rootkit
2008-10-19Lorna HutchesonDay 19 - Eradication: Forensic Analysis Tools - What Happened?
2008-10-17Patrick NolanDay 17 - Containing a DNS Hijacking
2008-10-17Rick WannerDay 18 - Containing Other Incidents
2008-10-16Mark HofmanDay 16 - Containing a Malware Outbreak
2008-10-15Rick WannerDay 15 - Containing the Damage From a Lost or Stolen Laptop
2008-10-14Swa FrantzenDay 14 - Containment: a Personal IdentityTheft Incident
2008-10-13Adrien de BeaupreDay 13 - Containment: Containing on Production Systems Such as a Web Server
2008-10-12Mari NicholsDay 12 Containment: Gathering Evidence That Can be Used in Court
2008-10-11Stephen HallDay 11 - Identification: Other Methods of Identifying an Incident
2008-10-10Marcus SachsDay 10 - Identification: Using Your Help Desk to Identify Security Incidents
2008-10-09Marcus SachsDay 9 - Identification: Log and Audit Analysis
2008-10-08Johannes UllrichDay 8 - Global Incident Awareness
2008-10-07Kyle HaugsnessDay 7 - Identification: Host-based Intrusion Detection Systems
2008-10-06Jim ClausingDay 6 - Network-based Intrusion Detection Systems
2008-10-05Stephen HallDay 5 - Identification: Events versus Incidents
2008-10-04Marcus SachsDay 4 - Preparation: What Goes Into a Response Kit
2008-10-03Jason LamDay 3 - Preparation: Building Checklists
2008-10-02Marcus SachsDay 2 - Preparation: Building a Response Team
2008-10-01Marcus SachsDay 1 - Preparation: Policies, Management Support, and User Awareness
2008-09-30Marcus SachsCyber Security Awareness Month - Daily Topics
2008-09-21Mari NicholsYou still have time!