Jan 26 2023

ENISA gives out toolbox for creating security awareness programs

Category: Security Awareness,Security ToolsDISC @ 9:33 am
ENISA gives out toolbox for creating security awareness programs

The European Union Agency for Cybersecurity (ENISA) has made available Awareness Raising in a Box (AR-in-a-BOX), a “do it yourself” toolbox to help organizations in their quest to create and implement a custom security awareness raising program

security awareness toolbox

The package includes:

  • A guideline on how to build an internal cyber-awareness raising program tailored to employees’ needs
  • A guideline on creating an awareness campaign targeted at external stakeholders
  • A how-to guide on how to select the appropriate tools and channels to best reach the target audience and tips for effective communication in social media
  • Instructions on selecting the right metrics and developing key performance indicators (KPIs) to evaluate the effectiveness of a program or campaign
  • A guide for the development of a communication strategy
  • An awareness raising game, in different versions and styles, for a generic audience and for an audience in the energy sector. It also comes with a guide on how it should be played
  • An awareness raising quiz to test comprehension and retention of key information (e.g., how to create good passwords)

Why security awareness matters

People have become cyber-attackers’ primary attack vector, which means that programs for raising cyber awareness are crucial for an organization’s cybersecurity strategy. The goal of these programs is to promote good cybersecurity practices of employees, managers and executives and improve their cybersecurity behavior.

A lot of advice can be found online on how to upgrade your security awareness efforts and engage your employees with better cybersecurity training, but sometimes organizations don’t know where to start.

AR-in-a-BOX can help them wrap their head around the task and push them towards realization.

“AR-in-a-Box is offered by ENISA to public bodies, operators of essential services, large private companies as well as small and medium ones (SMEs). [It] is dynamic and will be regularly updated and enriched,” the agency noted.

ENISA has previously published helpful materials for cybersecurity awareness campaigns aimed at electricity operators and the healthcare sector.

Checkout our previous posts on Security Awareness

DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Follow DISC #InfoSec blog

Ask DISC an InfoSec & compliance related question

Tags: free cybersecurity tools, Security Awareness

Feb 19 2022

CISA compiled a list of free cybersecurity tools and services

Category: Security ToolsDISC @ 9:45 pm
CISA compiled a list of free cybersecurity tools and services

The U.S. CISA has created a list of free cybersecurity tools and services that can help organizations increase their resilience.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced this week that it has compiled a list of free cybersecurity tools and services that can help organizations to reduce cybersecurity risk and increase resilience.

The list is part of an ongoing project, it will be continuously updated by CISA that also plans to allow third parties to propose their resources to include in the list.

The list includes open source tools and free resources provided by government organizations and private cybersecurity firms.

The tools cover a broad range of activities normally conducted by defenders, from incident response to threat detection.

“As part of our continuing mission to reduce cybersecurity risk across U.S. critical infrastructure partners and state, local, tribal, and territorial governments, CISA has compiled a list of free cybersecurity tools and services to help organizations further advance their security capabilities. This living repository includes cybersecurity services provided by CISA, widely used open source tools, and free tools and services offered by private and public sector organizations across the cybersecurity community. CISA will implement a process for organizations to submit additional free tools and services for inclusion on this list in the future.” reads the announcement published by CISA. “The list is not comprehensive and is subject to change pending future additions.”

The US agency proposed the following categorization according to the four goals outlined in CISA Insights: Implement Cybersecurity Measures Now to Protect Against Critical Threats:

  1. Reducing the likelihood of a damaging cyber incident;
  2. Detecting malicious activity quickly;
  3. Responding effectively to confirmed incidents; and
  4. Maximizing resilience.

The list already includes cybersecurity tools and services from major IT and cybersecurity firms, including ones provided by CISA, AT&T Cybersecurity, Cloudflare, Cisco, Center for Internet Security, CrowdStrike, Google, IBM, Microsoft, Mandiant, Splunk, SANS, Secureworks, Tenable, and Palo Alto Networks. The list also includes tens of tools are open source.

CISA pointed out that it does not endorse any commercial product or service.

DISC InfoSec Tools and training

DISC InfoSec Books

DISC InfoSec Services

Tags: CISA, free cybersecurity tools

Feb 24 2021

6 free cybersecurity tools CISOs need to know about

Category: CISO,vCISODISC @ 3:11 pm
Contact DISC

6 free cybersecurity tools for 2021

1: Infection Monkey

Infection Monkey is an open source Breach and Attack Simulation tool that lets you test the resilience of private and public cloud environments to post-breach attacks and lateral movement, using a range of RCE exploiters.

Infection Monkey was created by Israeli cybersecurity firm Guardicore to test its own segmentation offering. Developer Mike Salvatore told told The Stack: “Infection Monkey was inspired by Netflix’s Chaos Monkey.

“Chaos Monkey randomly disables production instances to incentivize engineers to design services with reliability and resilience in mind. We felt that the same principles that guided Netflix to create a tool to improve fault tolerance could be applied to network security. Infection Monkey can be run continuously so that security-related shortcomings in a network’s architecture can be quickly identified and remediated.”

The company recently added a Zero Trust assessment, as well as reports based on the MITRE ATT&CK framework.

Source: 6 free cybersecurity tools CISOs need to know about

Tags: free cybersecurity tools, Infection Monkey