Security Awareness Planning Kit

And here’s a Security Awareness Planning Kit, if you ever wanted one (I did!): https://sans.org/sites/default/files/2020-06/SANS-SecurityAwarenessPlanningKit.zip

Example Project Charter: Project Charters are the first step in planning any large-scale project or initiative. This covers the key elements of a Project Charter for a new Security Awareness Program.
Example Project Plan: A detailed example of what a complete Project Plan can look like for a comprehensive Security Awareness Program.
Presentation: Slide deck to help you gain leadership’s support for your security awareness program.
Metrics Matrix: This interactive matrix identifies and documents numerous ways to measure security behaviors, culture and strategic impact of your security awareness program.
Phishing Planning Guide: This strategic guide walks you through the key elements of planning a successful phishing program.
Maturity Model: The Security Awareness Maturity Model is a key part of planning and communicating your awareness program. Both the model and a detailed breakdown of each stage is provided in your planning kit.
Annual Program Schedule: These templates provide examples of how you can visually document your overall security awareness plan.
SANS Security Awareness Report: This annual data driven report enables you to benchmark your program against other organizations and prioritize your resources and initiatives.
Working from Home Deployment Kit: Everything you need to quickly plan and deploy a Work from Home security awareness training program. Includes a strategic planning guide, training videos and additional materials in over thirty languages.

OAuth2: short summarized overview

Background

  • Authenticating a third-party application with credentials
  • credentials (passwords) must be stored in third-party application
  • no restriction of third-party application access – because of credentials

Roles

  • Resource owner: entity granting access to a resource, could be an end-user
  • Resource server: providing the protected resource (data), accepting
  • Client application: e.g. an application making
  • Authorization server: authorizing the client application to access the resource data by issuing

Continue reading “OAuth2: short summarized overview”