SANS cyber security awareness training for eager utility employees ... and their regulators

I recently stumbled upon some excellent online training materials from the well respected SANS Institute that could be quite useful to you and your organization.

In a series of online modules, many of them tailored to the particular needs of utilities, SANS "Securing the Human" courseware seems to be an easily digestible, self-paced way to get important cyber security awareness messages across to a large number of users.

Note: NERC CIP content here is constructed around version 3, so with newer versions now approved by NERC and FERC, SANS will want to update certain modules accordingly. But 99% of the material is right on the mark, and would be appropriate for electric sector personnel outside the US as well.

Wherever you fit in the ecosystem, whether you're an executive or a rank and file worker bee, whether you're in a utility, a regulatory agency, a vendor, or just a user of digital technology who wants to stay safe, recommend you check it out.

---------------

SANS URL:

http://www.securingthehuman.org/utility/index

Cyber Achilles Heal Afflicts Electric Sector (and other) Senior Leaders

Just for fun, let's begin with a few quotes from an article in yesterday's Wall Street Journal of the mind-blower variety:

Executives are disconnected from reality when it comes to IT and security.

Top leaders seem particularly inclined to do things their IT departments warn against, such as opening email from unfamiliar senders, or clicking on links.

During ... simulated attacks, top executives are 25% more likely to click on the links that in a real attack could install malware. One reason ... is that most senior leaders skip company programs on developing cautious email habits.

You can visit this WSJ page below for the full article and attribution.

But wow. What a cyber Achilles Heal we've got if the folks with access to the most important, most sensitive info in our companies are the easiest to scam into coughing it up.