28 days of awareness: day 28

Well here we are at the climactic end of another successful month. 

The ransomware awareness materials were all packaged up and despatched to our customers with our good wishes. Job done for us - well almost. We've also updated the website and this blog, and generally tidied up in the office. 

This is how the completed module ended up:

There are 34 files and 56 Mb of content (52 megs zipped), all fresh and most of it prepared from scratch this month.

If these awareness materials would be of value to your security awareness program, please let me know. Is ransomware of concern in your organization? Do you have all the relevant controls in place, and are they all working well - including the all-important vigilance of workers using email and the web, competent management oversight and incident responders primed to leap into action at the first inkling of trouble? We can help you with all that, and more. We'd love to help.

Meanwhile, there are customers to contact, sales prospects to chase up, new inquiries to deal with, salaries and bills to pay, accounts to maintain, broken IT things to fix (again) and all the other things that go on in any business. March is the end of our financial year so we need to get up to date with our invoices and expenses and all that bean-counter jazz. As a manager once told me, we need to "Keep our balls in the air", a disturbing image that has haunted me for decades.

Before leaping lithely back aboard the hamster wheel to prepare the next awareness module, we might just manage a short break - well, when I say 'break' I actually mean doing something other than awareness. There is never a shortage of things on the to-do list - fences and cattle yards to mend, animals to shuffle around the paddocks, rooms to decorate, holes to dig, water to pump. Right now there are guys with big chainsaws and monstrous machines clearing trees from the forest along our track which means an over-abundance of both firewood (great) and potholes (not so great). 

I'm part way through writing a set of security metrics for ISO/IEC 27001, one of those jobs that sounded great but turned out to be a slog. The metrics for the management system part are pretty much done, leaving the small matter of developing and documenting metrics for well over 100 information security controls in Annex A of the standard. It turns out I'm literally writing a book.

On top of that, we've kindly been donated additional materials for the free ISO27k Toolkit, and received an offer to translate some of the existing stuff into Polish. Earlier this morning a polite Belgian gent was seeking permission to use the ISO27k materials in a massive project, so a Flemish version might be handy, except my foreign language skills are abysmal and I don't know any native Flemish speakers with an interest in information security and too much free time on their hands!