Martin Luther King said ‘I have a dream’, not ‘I have a plan’
– Simon Sinek
Engaging end users using marketing, psychology and safety theory.
About Geordie Stewart
His award winning masters thesis at the Royal Holloway Information Security Group examined information security awareness from a fresh perspective as a marketing and communications challenge. In his regular speaking appearances at international information security conferences such as RSA, ISACA and ISSA he challenges conventional thinking on risk culture and communication.
In addition to senior security management roles in large UK organisations Geordie writes the security awareness column for the ISSA international journal.
When people use their work email addresses to register for external websites it causes a security risk because so many people reuse the same password for all their accounts. When an external account is breached and the password is disclosed it means that our internal systems could be at risk as well as other external…Details
We’re struggling to manage cyber security risk. Partly it’s because attackers are more agile than defenders. But it’s also because we struggle to get accurate information to make good risk management decisions. To make good risk management decisions we need to understand who the threat actors are, their capabilities, how likely it is that we…Details
It’s been a huge year for information security in the public eye. Security was constantly in the news and has popped up in ways we never expected. Who could have guessed that phishing attacks and a private email server would help derail a US presidential campaign? We had Apple vs the FBI. Much like the…Details
This month I caught up with Lance Spitzner, Director of SANS Securing The Human. Lance has over 20 years of security experience in cyber threat research, awareness and training. He invented the concept of honeynets, founded the Honeynet Project and has published three security books. Lance has worked and consulted in over 25 countries and helped more than 350 organizations plan, maintain…Details
There’s great news in the quest for improving security awareness. Help is at hand from a new joint publication from the Research Institute in Science of Cyber Security (RISCS), Hewlett Packard Enterprise (HPE) and CESG – the UK government’s National Technical Authority for Information Assurance. Awareness Is Only The First Step is a superb précis of best…Details
The challenge of how we structure, analyse and select the security advice we deliver to end users has been a reoccurring topic in this column. We can’t provide unlimited advice to unlimited people so we need to prioritise. Costs need to be understood. We need to consider not just the displacement of productive activities for…Details