Engaging end users using marketing, psychology and safety theory.
About Geordie Stewart
His award winning masters thesis at the Royal Holloway Information Security Group examined information security awareness from a fresh perspective as a marketing and communications challenge. In his regular speaking appearances at international information security conferences such as RSA, ISACA and ISSA he challenges conventional thinking on risk culture and communication.
In addition to senior security management roles in large UK organisations Geordie writes the security awareness column for the ISSA international journal.
Awareness Blog
Angela’s Ashes: Exploding the Myth of Usable Security
This month I caught up with Angela Sasse, Professor of Human-Centred Technology in the Department of Computer Science at University College London, UK. She has had a huge impact on the field of usable security having worked in this field since 1996. Her background in psychology has enabled her to look at human security problems…
DetailsFive Minutes With Bernadette Palmer
This month I caught up with Bernadette Palmer, Head of Head of Communications at The Security Company (International) which is a UK based security awareness agency. Bernadette has more than 18 years experience in communications focusing on behavioural change. How much do you think it has helped you in the security awareness field to have…
DetailsThe Slippery Slope
Liu Tienan didn’t start out taking millions of dollars in bribes. His first bribe in 2002 was for three thousand dollars. Over time the bribes escalated. When he was caught in 2013 it’s estimated that he accepted nearly six million dollars for abusing his position as Deputy Head of China’s National Development and Reform Commission (NDRC). The…
DetailsBaby Steps
There’s great news in the quest for improving security awareness. Help is at hand from a new joint publication from the Research Institute in Science of Cyber Security (RISCS), Hewlett Packard Enterprise (HPE) and CESG – the UK government’s National Technical Authority for Information Assurance. Awareness Is Only The First Step is a superb précis of best…
DetailsThe Security Advice Magic Quadrant
The challenge of how we structure, analyse and select the security advice we deliver to end users has been a reoccurring topic in this column. We can’t provide unlimited advice to unlimited people so we need to prioritise. Costs need to be understood. We need to consider not just the displacement of productive activities for…
DetailsSecurity Awareness in 2015
It’s been a huge year for security awareness. Terrorist attacks, corporate security breaches and ongoing concerns about government surveillance have meant that people are more aware of information security than ever before. Everyone from politicians to pensioners has been talking about who has access to their data. The beginning of the year saw a lively…
Details