When it comes to security awareness, there’s no such thing as a blank canvas. Your audience will already have pre-conceived notions about your topic. The language, tone and media you use will invoke associations in people’s mind, both helpful and unhelpful. These associations will influence how people view the root causes, likelihood and potential outcomes.…
DetailsThe landing gear light indicated a problem. The captain, first officer and flight engineer of Eastern Air Lines Flight 401 tried to figure out what was wrong. They removed the light assembly and the flight engineer left his position to go to the avionics bay and investigate. They were so preoccupied with a burnt out…
DetailsOther than educational initiatives for schools, governments haven’t traditionally run large scale security awareness campaigns directly to the public. This has changed the United Kingdom with the introduction of the CyberStreetWise Campaign. CyberStreetWise is a cross-government campaign funded by the National Cyber Security Programme using the agency M&C Saatchi. The website features interactive security advice…
DetailsSo you’re an IT geek and you’ve just been put in charge of your organisation’s security awareness? If only there was a manual or a white paper about how to program those tricky humans to be more reliable. Unfortunately, there’s no such batch job as fix_humans. The next best thing is to build your understanding…
DetailsLong suffering readers of this column will be familiar with the importance of security culture in driving behavioural change. This month I caught up with Kai Roer, founder of the Roer Group and author of Build a Security Culture. Kai has created a free resource called the Security Culture Framework and runs a blog at…
DetailsIn our efforts to promote secure behaviour, our task is often made more difficult by the fact that often the people we need to influence are often not the same people who would suffer in the event of a security breach. Typically, the people who would suffer most in the event of a breach are…
DetailsShould we try to reason with criminals? Is the threat of punishment the only influence that criminals will respond to? What should we do when we suspect people are taking data with them when they leave a company, leaking to the competition or stealing equipment from the office but can’t prove it? As well as…
DetailsI’m always genuinely excited to find someone doing something new in the field of security awareness. This month I caught up with Sarah Janes, Managing Director at Layer 8 Ltd. Sarah started her career running security awareness at British Telecom (BT) and has delivered award winning behavioural change programmes to FTSE 100 companies. Her team…
DetailsSecurity policies are a great opportunity to influence behaviour. Unfortunately, for a variety of reasons they’re not usually as effective as they could be. Despite our efforts to sell the value of information security, actually reading a policy is less popular than a fart on a plane. There’s a reason that a security policy has…
DetailsFor those not familiar with the case, TJ Hooper was a landmark in tort law that established an important standard for negligence. The case was heard in 1932 to assign liability for a lost cargo. A tug towing the cargo on a barge had set to sea in good weather but later that night there…
Details
