Martin Luther King said ‘I have a dream’, not ‘I have a plan’
– Simon Sinek
Engaging end users using marketing, psychology and safety theory.
About Geordie Stewart
His award winning masters thesis at the Royal Holloway Information Security Group examined information security awareness from a fresh perspective as a marketing and communications challenge. In his regular speaking appearances at international information security conferences such as RSA, ISACA and ISSA he challenges conventional thinking on risk culture and communication.
In addition to senior security management roles in large UK organisations Geordie writes the security awareness column for the ISSA international journal.
It’s been a huge year for information security in the public eye. Security was constantly in the news and has popped up in ways we never expected. Who could have guessed that phishing attacks and a private email server would help derail a US presidential campaign? We had Apple vs the FBI. Much like the…Details
There’s an on-going battle to influence public opinion about the balance between privacy and surveillance. Law enforcement officials tell us we’re in danger. Security experts offer commentary. A movie is coming out about Snowden. Some participants in the debate are trying to help inform the public. Others are polluting the debate by cynically exploiting people’s…Details
It’s been a huge year for security awareness. Terrorist attacks, corporate security breaches and ongoing concerns about government surveillance have meant that people are more aware of information security than ever before. Everyone from politicians to pensioners has been talking about who has access to their data. The beginning of the year saw a lively…Details
Most people have no idea of the dozens of ways that their information could be used to cause them harm. As security professionals, we try to raise awareness that all information and computers have an intrinsic value. That no matter how small or trivial, someone out there would like to steal it, leak it or…Details
Have security professionals helped make the privacy of citizens around the world ‘collateral damage’ in the hunt for terrorists?
Due to Edward Snowden’s disclosures we are now aware that millions of people have been unwittingly monitored by systems of indiscriminate surveillance. Many of these systems, having been developed in secret, were only possible due to the support of a large number of security professionals. We can suppose that the creators and operators of these systems are attempting to achieve legitimate objectives on behalf of their respective societies. What is less clear is if these systems do more harm than good or if the costs and risks of these activities have been fully understood, let alone accepted by the societies that bear the costs. Do the costs and potential harms of indiscriminate systems outweigh the benefits? Has privacy been compromised without due cause? If so, is it ethical for security professionals to support such systems?Details
A common objective of information security awareness is to encourage whistleblowers to use internal mechanisms to report their concerns. External whistleblowing and the airing of concerns in public view risks brand damage and exposure of sensitive information. The Snowden affair has shown how divided we are on the ethics of external whistleblowing. To date, much of the debate has been speculation about Snowden’s character flaws. Sometimes when trying to understand a controversial decision such as Snowden’s it helps to understand the chain of events leading up to the decision since failures in complex systems can rarely be given justice in a single newsbyte. In this case there are a series of failures that occurred prior to the employee of a subcontractor deciding to flee the country and leak sensitive information to foreign journalists:Details