Services

Organizations have few resources to guide them as to how their Security Awareness program should be designed. The resulting program may or may not be acceptable within industry and sector norms. With that in mind Secure Mentem embarked on a groundbreaking research endeavor to isolate and benchmark security awareness efforts throughout industry and by sector for the Fortune 500. We further validated our research by surveying hundreds of security professionals around the world. The result is an extensive, proprietary Security Awareness reservoir of research that allows Secure Mentem to compare an organization to like organizations and industry as a whole. This provides Security Awareness managers and stakeholders the data that they need to request additional resources or to provide auditors and customers with documented proof of the efficacy of their efforts. This service is usually completed as part of a general program assessment, but is also available for organizations that just want to understand how they specifically rate, or to validate their current program.

For organizations that do not want our full Security Awareness as a Service solution, Secure Mentem provides a Security Awareness Program Design Service. This service provides a custom designed Security Awareness program that is tailored to the needs of the organization and their culture. The program includes the identification of the unique cultures that require individualized Awareness programs, integration of metrics, recommendations of topics to be addressed by the program, components that will best suit the different cultures, and a delivery schedule. Secure Mentem also provides guidance on the ongoing evaluation of the Security Awareness program.

Secure Mentem embeds metrics into every Security Awareness program and service that we develop and implement. We also offer metrics as a stand-alone service for organizations to examine and measure efficacy of their current security awareness efforts. Our experts have studied common security awareness topics in-depth and determined ways to measure the root behaviors that demonstrate the effectiveness of security awareness efforts. Additionally, we identified methods to measure the efficacy of the individual awareness components commonly utilized. Our metrics service analyzes the Security Awareness topics addressed and the components implemented by an organization. We then determine the technical resources available to collect metrics. Our report then recommends the metrics to collect, how to collect them, required resources to collect the metrics to ensure that behavioral changes are being accomplished and that Security Awareness components are properly received.

Perhaps the most difficult part of any multinational Security Awareness program is creating the program to impact the entire targeted audience. For a large enterprise, this involves addressing many diverse demographics, cultures, languages, etc. Our Security Awareness Program Internationalization service provides for our experts to examine your organization, and determine the appropriate concerns for creating the same level of success for the Security Awareness Program throughout all geographic regions. We work to determine the appropriate languages, regionally based awareness programs, involvement from local resources and executives, and metrics to ensure a successful international roll-out of a Security Awareness Program.

Secure Mentem’s staff includes experts trained in human intelligence and collection. While many vendors claim to perform Social Engineering few have people who had formal training in human elicitation as a science, as do our staff. We approach Human Elicitation, aka Social Engineering, in such a way as to create metrics in the process. We do not randomly attempt to compromise an organization, but do it in a way that samples the organization as desired to determine the full scope of the problem. This allows us to repeat our tests in the future to determine the effectiveness of the awareness program in place, and be able to recommend specific improvements in the tactics employed in awareness efforts.

When required, we also create Teachable Moments that combine a Social Engineering simulation with Security Awareness materials. In this way, your employees see the immediate effects of poor security behaviors and receive education at the time they are most likely to be receptive to the training. At Secure Mentem, we consider ourselves security professionals. Our goal is to improve security, not just break security, so even when we perform Social Engineering, it is not to just prove that there are Security Awareness flaws, but to determine how to improve the organization’s security culture.

Secure Mentem has extensive experience conceiving and executing a wide variety of Security Awareness related events. We provide instructions and support on how to create and hold a wide variety of events, displays, games, exercises, etc. We provide world class speakers for in-house events, details on creating Computer Security Awareness Month displays and campaigns, among many other outreach efforts. We provide any level of support required to enhance Security Awareness.
Go to Top

Using former Intelligence and Special Forces operatives, Secure Mentem performs Espionage Simulations, where we simulate an attack by a extremely skilled adversary. Using a holistic approach, we exploit an organization in a highly systematic approach. This allows for the collection of metrics, and more importantly, we target information that has clear and distinct value to the organization. This allows us to put a value to poor security awareness behaviors. The outcome is an empirical result that allows organizations to make a valid business decision.
Go to Top

Many Security Awareness programs do not have the staff and/or expertise to be executed properly. Secure Mentem has experts with a wide variety of security awareness expertise to provide required direct or supplemental support for an internal staff. Please contact us with your needs and we will see how we can help.
Go to Top

Phishing is possibly the most widely used Security Awareness tools. Many organizations require support on how to implement Phishing exercises properly, and require support from Secure Mentem. We provide a variety of Phishing support services that ranges from managing the entire Phishing program to assessing the resulting metrics. The most commonly requested services include designing Phishing pretexts, creating Phishing message landing pages, creating videos, and assessing Phishing services to best match the business needs of the organization.