Today’s Whatis.com Word of the Day is security awareness training, a formal process for educating employees about corporate policies and procedures for working with information technology (IT).

With all the pressures a busy security manager has to deal with, documenting end user security awareness is often low on the list.  That’s why computer-based training (CBT) is so popular.

Unfortunately, CBT can be boring.  It’s SO boring, in fact, that in education it’s often referred to as “drill and kill.”

At last, it seems as if security end user awareness trainers are taking a look at how elementary school educators keep drills interesting — they turn them into games and personalize them.

For instance, if you were an elementary teacher and had to get your students through a daunting amount of word problems to prepare students for standardized testing, you might substitute the names the textbook uses in the word problems for that of your own students and insert students photos or drawing next to the problem.

Or you might turn a drill into a game of Pictionary or Jeopardy or Wheel of Fortune.  The bottom line is that anything you can do to make learning fun is as important for adult learners as it is for young ones.

Today’s WhatIs.com Word of the Day is context-aware network access control (CANAC), an approach to managing the security by granting access to network resources according to contextual-based security policies. The endpoint device is granted access, quarantined or blocked from the network depending on the device’s type, location, identity and the operating system or applications running on it.

Today’s WhatIs.com Word of the Day is smart meter hack.  If you live way out in the country, you may still have an old-fashioned spinning mechanical electrical meter, but you are fast becoming the exception. Ironically, the very features that motivate power companies to install smart meters also make them vulnerable to new kinds of attacks. According to an FBI bulletin, smart meter hacks may end up costing utility companies about $400 million per year.

Keep your eye out for a new kind of service provider who will independently verify the security of AMI components and the smart networks they use.

Today’s WhatIs.com Word of the Day is iris recognition, the identification of an individual based on the unique patterns within the ring-shaped region surrounding the pupil of the eye.

Melissa Hathaway, Government Must Keep Pace with Cybersecurity Threats

Today’s WhatIs.com Word of the Day is Cybersecurity Enhancement Act 2009. Melissa Hathaway does an excellent job summarizing all the cybersecurity legislation efforts currently in place.

Dr. David Basin, Integrating security into the system development process

Today’s WhatIs.com Word of the Day is Common Criteria.

Robert Westervelt, Security expert predicts criminals to take cyber extortion tactics to the U.S.

Today’s WhatIs.com Word of the Day is cyberextortion.

Robert Jamison, as quoted in Analysis: Einstein and U.S. cybersecurity

Today’s WhatIs.com Word of the Day is EINSTEIN.

Roger L. Caslow,as quoted in New Document Provides Framework for Interagency Data Sharing

Roger L. Caslow is chief of the Risk and Information Assurance Program Division, Office of the Associate Director of National Intelligence and Chief Information Officer. He’s talking about NIST Special Publication 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach (NIST SP 800-37) and apparently he doesn’t like to have his picture taken.

Henry Kenyon describes the special publication as a six-step risk management framework (RMF); a common information security framework for the federal government and the contractors who support it. The official diagram is below:

Bob Sullivan, Give me your money, or your computer gets it

Today’s WhatIs.com Word of the Day is ransomware.