Security Awareness Training
Security Training
Security Certification
Internet Storm Center
Cyber Security Graduate School
ICS/SCADA
Penetration Testing
Cyber Defense Foundations
IT Audit
Computer Forensics
Software Security
A common misconception I run into with awareness materials is they cannot change behaviors. For example, posters. We released a new security awareness poster called "You Are A Target", which explains to Ordinary Computers Users why they are a target and identifies all the different ways criminals can make money off of you. This is a great way to engage people and help them understand why they need to be secure. However a common reply I get from the technical security community is a single poster is lame, it will never change human behavior. Why do we even bother?
*sigh*, of course a single poster will never change human behavior. Nor will a single newsletter, single video nor a single blog post. If you are going to effectively change human behavior, you need to continually reach out to people and reinforce key behaviors. So no, a single poster will not save the day. However, if your poster is combined with newsletters, combine with videos, combined with phishing assessments - over a long period of time, then yes you can and will change human behavior.
For awareness to be effective you can't look at a single item or a single training, you have to look at the entire package, is everything working together towards the same goal. For more resources on how to plan your awareness program be sure to check out our free resources section.
Posted February 13, 2013 at 5:00 PM | Permalink | Reply
Robert David Graham
The SANS/Krebs poster educates. Education is good, awareness is lame. There are too many posters like the humorous Darth Vader Encryption one and not enough like the SANS one.
Posted February 13, 2013 at 5:26 PM | Permalink | Reply
lspitzner
Rob, thanks for joining in! I both agree and disagree with you. Yup, a simple sticker is not going to change any behaviors, it will definitely not educate. But it will remind. So if staff have had training on the importance of encryption, and how to use encryption, fun stickers like this can help remind people to make sure that PII always goes on only encrypted systems. Would this work for a law firm? Nope, not a cultural fit. Would this work for non-corporate cultures, such as tech companies? It just might.