If you accept all the praise, you have to accept all the critics.
– Chris Brogan, famous blogger
Engaging end users using marketing, psychology and safety theory.
About Geordie Stewart
His award winning masters thesis at the Royal Holloway Information Security Group examined information security awareness from a fresh perspective as a marketing and communications challenge. In his regular speaking appearances at international information security conferences such as RSA, ISACA and ISSA he challenges conventional thinking on risk culture and communication.
In addition to senior security management roles in large UK organisations Geordie writes the security awareness column for the ISSA international journal.
The challenge of how we structure, analyse and select the security advice we deliver to end users has been a reoccurring topic in this column. We can’t provide unlimited advice to unlimited people so we need to prioritise. Costs need to be understood. We need to consider not just the displacement of productive activities for…Details
It’s been a huge year for security awareness. Terrorist attacks, corporate security breaches and ongoing concerns about government surveillance have meant that people are more aware of information security than ever before. Everyone from politicians to pensioners has been talking about who has access to their data. The beginning of the year saw a lively…Details
Exploiting human firewalls through social engineering is an increasingly popular method of attack. Recently, a hacker has claimed that they compromised CIA Director John Brennan’s email by tricking a Verizon employee into divulging details of his account. These human exploits are likely to get worse as technical controls improve and organizations continue to liberalize their…Details
For those not familiar with the case, TJ Hooper was a landmark in tort law that established an important standard for negligence. The case was heard in 1932 to assign liability for a lost cargo. A tug towing the cargo on a barge had set to sea in good weather but later that night there…Details
Security policies are a great opportunity to influence behaviour. Unfortunately, for a variety of reasons they’re not usually as effective as they could be. Despite our efforts to sell the value of information security, actually reading a policy is less popular than a fart on a plane. There’s a reason that a security policy has…Details
I’m always genuinely excited to find someone doing something new in the field of security awareness. This month I caught up with Sarah Janes, Managing Director at Layer 8 Ltd. Sarah started her career running security awareness at British Telecom (BT) and has delivered award winning behavioural change programmes to FTSE 100 companies. Her team…Details