Security Awareness Blog: Category - Security Awareness Planning

Security Awareness Blog:

Human Behavior Modeling - #SecAwareSummit

GeordieEditor's Notes: Geordie Stewart is Principal Consultant for Risk Intelligence and one of the speakers for the upcoming EU Security Awareness Summit in London on 10 July. Geordie is an international speaker on the topic of security awareness and writes a regular risk communications column for the ISSA international journal. Below he discusses his talk and what you will learn from it.

The Human Operating System' is a great concept to


New Approach to Security Behaviour - #SecAwareSummit

Angela Sasse_06Editor's Note:M. Angela Sasse is the Professor of Human-Centred Technology and Head of Information Security Research in the Department of Computer Science at UCL. She is one of the speakers for the upcoming EU Security Awareness Summit in London on 10 July. Below she discusses what her talk will be on and what you can learn from it.

This is the 'cat among pigeons' talk of the security awareness summit: I am going to argue that most security awareness we currently do is misguided. Far too often, we are telling staff to follow security rules that put them in conflict with their main work goals and productivity.


Behaviors First, Then Culture

STH-Image-SecurityAwarenessMaturityModel-TextI'm beginning to notice a trend within the world of security awareness, different groups of people talking about changing behaviors vs. changing culture. Some people talk as if they are separate projectsor even separate goals. While they are different, they are very much related.

Behaviors are the actions or manners of individuals within an environment. To learn more about behavior and changing behaviors I highly recommend the BJ Fogg Behavior Model. Culture is a bit more squishy, it is the attitudes, beliefs and behavioral norms of a group. So which one is more important,


Creating a Security Champions Network - #SecAwareSummit

J.Haren(3)Editor's Notes: John Haren is the head of security awareness for Diageo and one of the speakers for the upcoming EU Security Awareness Summit in London on 10 July. Below he discusses what his talk will be on and what you will learn from it.

Hi folks — I'm John Haren and I will be presenting in London on my experience around creating a network of security champions.I have worked for Diageo for 16 years in a variety of IT roles and I've been in the Information Security area for the last 4 years. I'm married with three children (14, 11, 7) and live just outside Dublin in Ireland. This family life does, as you can imagine, make life


Motivating Staff to Join the Awareness Cause: What the Ambassador Pilot Taught Us

AngelaPappasEditors Note: Today's guest post is from Angela Pappas. Angela helps lead the awareness program at Thomson Reuters, a global organization with over 58,000 people. In this series of blogs Angela shares with us how she established their Security Ambassador Program.

About a month ago I wrote a blog about the Information Security Ambassador program at my company, Thomson Reuters. Our program enlists employees from around the world to educate and raise awareness with staff at their locations. In my blog, I promised to follow up with additional information related to lessons learned, success stories, ideas