Security Awareness Resources

Tools, references, and learning materials for the Human Firewall: Security Awareness course

Human Firewall: Security Awareness Resources

This page contains additional resources, references, and tools to support your learning journey in security awareness and program development.

Security Awareness Frameworks and Guides

Program Development Frameworks

• SANS Security Awareness Maturity Model - Framework for program development
• NIST SP 800-50 - Building an Information Technology Security Awareness Program
• NIST SP 800-16 - Information Security Training Requirements
• ISO/IEC 27001:2022 Annex A.7.2.2 - Information security awareness, education, and training
• CIS Controls v8 - Control 14 - Security Awareness and Skills Training

Behavior and Culture Models

• Security Culture Framework - Methodology for building security culture
• BJ Fogg Behavior Model - Understanding motivation, ability, and prompts
• COM-B Model - Capability, Opportunity, Motivation, Behavior
• MINDSPACE Framework - Influences on behavior
• Security Behavior Intentions Scale (SeBIS) - Measuring security attitudes

Threat Intelligence Resources

Phishing and Social Engineering

• APWG Phishing Activity Trends Reports - Quarterly analysis of phishing trends
• Phishing.org - Educational resources on phishing
• PhishTank - Community-verified phishing URL database
• Social-Engineer.org - Social Engineering Framework
• Cofense Phishing Threat Center - Phishing threat intelligence

Threat Reports and Analysis

• Verizon Data Breach Investigations Report - Annual analysis of breach trends
• IBM X-Force Threat Intelligence Index - Global threat landscape
• Proofpoint State of the Phish Report - Phishing trends analysis
• Microsoft Digital Defense Report - Global threat trends
• ENISA Threat Landscape - European perspective on threats

Training and Awareness Tools

Phishing Simulation Platforms

• KnowBe4 - Security awareness training and phishing simulation
• Cofense PhishMe - Phishing simulation platform
• Infosec IQ - Security awareness platform
• Terranova Security - Security awareness and phishing
• Gophish - Open-source phishing framework

Learning Management Systems

• Moodle - Open-source learning platform
• Canvas LMS - Learning management system
• TalentLMS - Cloud-based learning platform
• Docebo - AI-powered learning platform
• SAP Litmos - Training platform

Content Creation Tools

• Articulate 360 - E-learning development suite
• Adobe Captivate - Interactive learning content
• Canva - Graphic design platform
• Powtoon - Animated video creation
• H5P - Interactive content creation

Gamification and Engagement

• Kahoot! - Game-based learning platform
• Badgr - Digital badges and credentials
• Quizlet - Learning tools and flashcards
• Mentimeter - Interactive presentations
• Classcraft - Gamification platform

Security Awareness Content

Free Awareness Materials

• SANS Security Awareness Resources - Free security awareness materials
• National Cyber Security Centre (UK) - Security guidance and resources
• FTC Business Resources - Privacy and security resources
• CISA Cybersecurity Resources - Security awareness materials
• Stop.Think.Connect - Cybersecurity awareness campaign

Video Resources

• SANS Security Awareness YouTube Channel - Security awareness videos
• National Cybersecurity Alliance Videos - Cybersecurity education videos
• Cybersecurity & Infrastructure Security Agency (CISA) Videos - Security awareness content
• Infosec IQ YouTube Channel - Security awareness videos
• Hacker Awareness Videos - Educational hacker videos for awareness

Interactive Training

• OUCH! Newsletter - Monthly security awareness newsletter
• Have I Been Pwned - Check if accounts have been compromised
• Password Strength Testers - Test password strength
• Phishing Quiz - Google’s phishing identification quiz
• Cyber Hygiene Quiz - Test basic security knowledge

Measurement and Analytics

Survey and Assessment Tools

• SurveyMonkey - Online survey platform
• Google Forms - Free survey tool
• Qualtrics - Experience management platform
• LimeSurvey - Open-source survey software
• Microsoft Forms - Survey and quiz tool

Analytics Platforms

• Google Analytics - Web analytics service
• Matomo - Open-source web analytics
• Power BI - Business analytics tool
• Tableau - Data visualization software
• R - Statistical computing environment

Security Metrics Resources

• Security Metrics: A Beginner’s Guide - CIS guide to metrics
• NIST SP 800-55 - Performance Measurement Guide for Information Security
• Measuring Security Awareness - SANS guidance
• Return on Security Investment (ROSI) Calculator - ENISA tool
• Security Culture Survey - Assessment tool

Learning Resources

Books

• Managing the Human Factor in Information Security by David Lacey
• Security Awareness: Applying Practical Security in Your World by Mark Ciampa
• The Security Culture Playbook by Perry Carpenter and Kai Roer
• Social Engineering: The Science of Human Hacking by Christopher Hadnagy
• Transformational Security Awareness by Perry Carpenter

Academic Research

• Journal of Cybersecurity - Academic cybersecurity research
• Computers & Security - Journal focusing on security
• Journal of Information Security and Applications - Security research
• Human-Centric Computing and Information Sciences - Human aspects of computing
• Psychology of Security Bibliography - Curated by Bruce Schneier

Online Courses

• SANS Security Awareness Professional (SSAP) - Professional certification
• Coursera Cybersecurity Awareness and Innovation - University of Colorado course
• edX Cybersecurity Awareness - RITx course
• LinkedIn Learning Security Awareness Training - Various courses
• MOOC Cybersecurity Awareness - Introduction to cybersecurity

Podcasts and Webinars

• Security Awareness Podcast - SANS podcast
• The Social-Engineer Podcast - Social engineering focus
• Smashing Security - Security news with humor
• Human Factor Security - Human aspects of security
• Defensive Security Podcast - Security from a defensive perspective

Professional Communities

Organizations and Associations

• SANS Security Awareness Community - Awareness professionals
• National Cybersecurity Alliance - Public-private partnership
• Anti-Phishing Working Group (APWG) - Anti-phishing coalition
• Information Security Forum (ISF) - Security professionals organization
• Association of Information Security Professionals (AISP) - Professional association

Online Communities

• Reddit r/cybersecurity - Cybersecurity community
• Reddit r/AskNetSec - Security questions and answers
• LinkedIn Security Awareness Professionals Group - Professional networking
• Spiceworks Security - IT professional community
• Stack Exchange Information Security - Q&A for security professionals

Course-Specific Materials

Templates and Tools

• Awareness program charter template
• Phishing simulation communication templates
• Security awareness content calendar
• Training needs assessment questionnaire
• Security culture survey template
• Metrics dashboard template
• Security champion program toolkit
• Incident response guide for employees
• Security awareness budget planning tool
• Program effectiveness evaluation framework

Awareness Campaign Materials

• Sample email templates
• Poster and digital signage designs
• Newsletter templates
• Infographic templates
• Microlearning module examples
• Security tips and one-pagers
• Desktop wallpaper and screensaver samples
• Security awareness event planning guide
• Recognition and reward program examples

---

This resource list will be updated throughout the course. If you have suggestions for additional resources, please share them in the course forum.