SlideShare une entreprise Scribd logo

Building a Culture of Digital Self Defense

Télécharger en tant que PPTX, PDF
Ben Woelk, CISSP, CPTC
Ben Woelk, CISSP, CPTC

NYSERNET Conference presentation on building a cyber security culture in higher education: thinking strategically, building a communications plan, best practices in security awareness.

Formation
1  sur  22
Building a Culture of Digital Self Defense Ben Woelk, CISSP, CPTC Program Manager Rochester Institute of Technology 4 October 2018
Why Build a Culture of Digital Self Defense? OR
Who Am I? • Member, EDUCAUSE HEISC Awareness and Training Working Group • Vice President, Society for Technical Communication, Associate Fellow (2018) • Adjunct professor teaching Intro to Computing Security and technical communication classes at the Rochester Institute of Technology • Practice areas in security awareness, policies and procedures, introverted leadership development, mentoring © Ben Woelk 2018
Key Points • The Problem • Changing the Culture • Awareness Plan Basics • Measuring Your Success © Ben Woelk 2018
THE PROBLEM © Ben Woelk 2018
Security Awareness isn’t Working – Why not? – “The fact is that people know the answer to awareness questions but they do not act accordingly to their real life (ISF, 2014, NIST, 2003).” (Bada and Sasse, 2014) © Ben Woelk 2018
Why Not? 1. Not understanding what security awareness really is 2. Reliance on checking the box 3. Failing to acknowledge that awareness is a unique discipline 4. Lack of engaging and appropriate materials 5. Not collecting metrics 6. Unreasonable expectations 7. Relying upon a single training exercise Winkler Ira and Manke Samantha (2013). 7 Reasons for Security Awareness Failure, CSO Magazine, July 10. Retrieved from http://www.csoonline.com/article/2133697/metrics-budgets/7-reasons-for-security-awareness-failure.html © Ben Woelk 2018
Wrong Behaviors? • What are we saying our users should do? • Google Research http://googleonlinesecurity.blogspot.com/2015/07/new-research-comparing-how-security.html © Ben Woelk 2018
THE SOLUTION © Ben Woelk 2018
Culture Change • Culture--the set of shared attitudes, values, goals, and practices that characterizes an institution or organization (Merriam Webster) • What would culture change look like? © Ben Woelk 2018
Success Factors 1. Security awareness has to be professionally prepared and organised in order to work. 2. Invoking fear in people is not an effective tactic, since it could scare people who can least afford to take risks. 3. Security education has to be more than providing information to users – it needs to be targeted, actionable, doable and provide feedback. 4. Once people are willing to change, training and continuous feedback is needed to sustain them through the change period. 5. Emphasis is necessary on different cultural contexts and characteristics when creating cyber security-awareness campaigns. Bada, Maria; Sasse, Angela; Nurse, Jason R. C. Cyber Security Awareness Campaigns Why do they fail to change behavior? Conference paper. January 2015. © Ben Woelk 2018
Making Good Security Habitual • Contextualization • Repetition and Branding • Reward © Ben Woelk 2018
© Ben Woelk 2018
An impossible dream? © Ben Woelk 2018
AWARENESS PLANS © Ben Woelk 2018
Building the Plan • Determine Goal • Identify and Profile Audience • Develop Messages • Select Communication Channels • Choose Activities and Materials • Establish Partnerships • Implement the Plan • Evaluate and Make Mid-Course Corrections © Ben Woelk 2018 Woelk and Schaufler, It Doesn’t Take Magic: It Doesn't Take Magic: Tricks of the Trade to Create an Effective Security Awareness Program
Implementing the Plan Topics and Activities (Monthly or Quarterly) – Topics (top three cyber security issues) – Specific audiences and deliverables – Calendar of Deliverables © Ben Woelk 2018
METRICS © Ben Woelk 2018
Measuring Your Success • What can and should we measure? – Number of incidents? – Engagement? – Specific areas • Phishing • Compliance issues • BYOD or mobile device management • Data loss/leakage prevention McElroy, Lori, and Eric Weakland. “Measuring the Effectiveness of Security Awareness Programs” (Research Bulletin). Louisville, CO: EDUCAUSE Center for Analysis and Research, December 16, 2013 © Ben Woelk 2018
Discuss Ben Woelk Ben.woelk@rit.edu ben@benwoelk.com 20
Resources • Woelk, Ben. “Building a Culture of Digital Self Defense,” EDUCAUSE Review Security Matters blog, September 20, 2016 • Woelk, Ben. The Successful Security Awareness Professional: Foundational Skills and Continuing Education Strategies. Research bulletin. Louisville, CO: ECAR, August 10, 2016 • _________W.H. Kellogg Foundation, Strategic Communication Plan, https://www.wkkf.org/resource-directory/resource/2006/01/template-for- strategic-communications-plan • Various, EDUCAUSE Security Awareness https://library.educause.edu/topics/cybersecurity/security-awareness • Templates, Presentation, Resources list https://drive.google.com/drive/folders/0B45bhFW7CueDbkVGQ1JXMzdFYXM?usp=s haring © Ben Woelk 2018
Thank You

Recommandé

Data and AI in education
Data and AI in educationData and AI in education
Data and AI in educationJisc
 
Supporting staff to teach effectively online
Supporting staff to teach effectively onlineSupporting staff to teach effectively online
Supporting staff to teach effectively onlineJisc
 
Jisc toolkit: supporting the digital experience of new students
Jisc toolkit: supporting the digital experience of new studentsJisc toolkit: supporting the digital experience of new students
Jisc toolkit: supporting the digital experience of new studentsJisc
 
Km general-apr2011-smcmenemy
Km general-apr2011-smcmenemyKm general-apr2011-smcmenemy
Km general-apr2011-smcmenemySherry McMenemy
 
Foodpro "Future of Audits" July 2017
Foodpro "Future of Audits" July 2017Foodpro "Future of Audits" July 2017
Foodpro "Future of Audits" July 2017iComplied
 
Future of food safety audits
Future of food safety audits Future of food safety audits
Future of food safety audits Kiran Bhagat
 
Dl jisc connect wales 2015
Dl jisc connect wales 2015Dl jisc connect wales 2015
Dl jisc connect wales 2015Jisc
 
Online Assessment
Online AssessmentOnline Assessment
Online AssessmentEADTU
 

Recommandé

Data and AI in education
Data and AI in educationData and AI in education
Data and AI in educationJisc
 
Supporting staff to teach effectively online
Supporting staff to teach effectively onlineSupporting staff to teach effectively online
Supporting staff to teach effectively onlineJisc
 
Jisc toolkit: supporting the digital experience of new students
Jisc toolkit: supporting the digital experience of new studentsJisc toolkit: supporting the digital experience of new students
Jisc toolkit: supporting the digital experience of new studentsJisc
 
Km general-apr2011-smcmenemy
Km general-apr2011-smcmenemyKm general-apr2011-smcmenemy
Km general-apr2011-smcmenemySherry McMenemy
 
Foodpro "Future of Audits" July 2017
Foodpro "Future of Audits" July 2017Foodpro "Future of Audits" July 2017
Foodpro "Future of Audits" July 2017iComplied
 
Future of food safety audits
Future of food safety audits Future of food safety audits
Future of food safety audits Kiran Bhagat
 
Dl jisc connect wales 2015
Dl jisc connect wales 2015Dl jisc connect wales 2015
Dl jisc connect wales 2015Jisc
 
Online Assessment
Online AssessmentOnline Assessment
Online AssessmentEADTU
 
Analytics in Action - Introduction
Analytics in Action - IntroductionAnalytics in Action - Introduction
Analytics in Action - IntroductionLee Schlenker
 
Delphi2 results (Cycle 2) and towards Delphi3
Delphi2 results (Cycle 2) and towards Delphi3Delphi2 results (Cycle 2) and towards Delphi3
Delphi2 results (Cycle 2) and towards Delphi3Grial - University of Salamanca
 
GP Safety Culture in NB - finished
GP Safety Culture in NB - finishedGP Safety Culture in NB - finished
GP Safety Culture in NB - finishedLarry Harlow
 
Successful Social Media for Mortgage Lenders: Engage With Your Audience While...
Successful Social Media for Mortgage Lenders: Engage With Your Audience While...Successful Social Media for Mortgage Lenders: Engage With Your Audience While...
Successful Social Media for Mortgage Lenders: Engage With Your Audience While...Smarsh
 
Security Awareness Training for Community Colleges 2009
Security Awareness Training for Community Colleges 2009Security Awareness Training for Community Colleges 2009
Security Awareness Training for Community Colleges 2009Donald E. Hester
 
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...Health IT Conference – iHT2
 
AI, Productivity, Innovation, and Sustainability
AI, Productivity, Innovation, and SustainabilityAI, Productivity, Innovation, and Sustainability
AI, Productivity, Innovation, and SustainabilityRobin Teigland
 
Getting started with your 2020/21 digital experience insights surveys
Getting started with your 2020/21 digital experience insights surveysGetting started with your 2020/21 digital experience insights surveys
Getting started with your 2020/21 digital experience insights surveysJisc
 
Jisc e-safety
Jisc e-safety Jisc e-safety
Jisc e-safety Jisc RSC East Midlands
 
Introduction
IntroductionIntroduction
IntroductionLee Schlenker
 
Our Digital Futures
Our Digital FuturesOur Digital Futures
Our Digital FuturesLisa Harris
 
Fetc 2022 Cybersecurity Panel
Fetc 2022 Cybersecurity PanelFetc 2022 Cybersecurity Panel
Fetc 2022 Cybersecurity PanelJulie Evans
 
Spotlight Webinar: Evidence Informed Decision Making (EIDM) Competence Measure
Spotlight Webinar: Evidence Informed Decision Making (EIDM) Competence MeasureSpotlight Webinar: Evidence Informed Decision Making (EIDM) Competence Measure
Spotlight Webinar: Evidence Informed Decision Making (EIDM) Competence MeasureThe National Collaborating Centre for Methods and Tools
 
Technologies and Innovation - Introduction
Technologies and Innovation - IntroductionTechnologies and Innovation - Introduction
Technologies and Innovation - IntroductionLee Schlenker
 
Your skills your future
Your skills your futureYour skills your future
Your skills your futureNina Obraztsova
 
Keeping learners safe online presentation
Keeping learners safe online presentationKeeping learners safe online presentation
Keeping learners safe online presentationJisc
 
Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)
Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)
Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)Keri Ramirez
 
Trucano saber-ict - hdne drecording - 20-dec2011
Trucano saber-ict - hdne drecording - 20-dec2011Trucano saber-ict - hdne drecording - 20-dec2011
Trucano saber-ict - hdne drecording - 20-dec2011Valeria Kelly
 
Building a Knowledge-Centric Organization
Building a Knowledge-Centric OrganizationBuilding a Knowledge-Centric Organization
Building a Knowledge-Centric OrganizationOlivier Serrat
 
Product Management
Product ManagementProduct Management
Product ManagementCindy Royal
 
Creating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual WorkforceCreating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual WorkforceBen Woelk, CISSP, CPTC
 
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptxCreating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptxBen Woelk, CISSP, CPTC
 

Contenu connexe

Similaire à Building a Culture of Digital Self Defense

Analytics in Action - Introduction
Analytics in Action - IntroductionAnalytics in Action - Introduction
Analytics in Action - IntroductionLee Schlenker
 
GP Safety Culture in NB - finished
GP Safety Culture in NB - finishedGP Safety Culture in NB - finished
GP Safety Culture in NB - finishedLarry Harlow
 
Successful Social Media for Mortgage Lenders: Engage With Your Audience While...
Successful Social Media for Mortgage Lenders: Engage With Your Audience While...Successful Social Media for Mortgage Lenders: Engage With Your Audience While...
Successful Social Media for Mortgage Lenders: Engage With Your Audience While...Smarsh
 
Security Awareness Training for Community Colleges 2009
Security Awareness Training for Community Colleges 2009Security Awareness Training for Community Colleges 2009
Security Awareness Training for Community Colleges 2009Donald E. Hester
 
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...Health IT Conference – iHT2
 
AI, Productivity, Innovation, and Sustainability
AI, Productivity, Innovation, and SustainabilityAI, Productivity, Innovation, and Sustainability
AI, Productivity, Innovation, and SustainabilityRobin Teigland
 
Getting started with your 2020/21 digital experience insights surveys
Getting started with your 2020/21 digital experience insights surveysGetting started with your 2020/21 digital experience insights surveys
Getting started with your 2020/21 digital experience insights surveysJisc
 
Our Digital Futures
Our Digital FuturesOur Digital Futures
Our Digital FuturesLisa Harris
 
Fetc 2022 Cybersecurity Panel
Fetc 2022 Cybersecurity PanelFetc 2022 Cybersecurity Panel
Fetc 2022 Cybersecurity PanelJulie Evans
 
Technologies and Innovation - Introduction
Technologies and Innovation - IntroductionTechnologies and Innovation - Introduction
Technologies and Innovation - IntroductionLee Schlenker
 
Keeping learners safe online presentation
Keeping learners safe online presentationKeeping learners safe online presentation
Keeping learners safe online presentationJisc
 
Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)
Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)
Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)Keri Ramirez
 
Trucano saber-ict - hdne drecording - 20-dec2011
Trucano saber-ict - hdne drecording - 20-dec2011Trucano saber-ict - hdne drecording - 20-dec2011
Trucano saber-ict - hdne drecording - 20-dec2011Valeria Kelly
 
Building a Knowledge-Centric Organization
Building a Knowledge-Centric OrganizationBuilding a Knowledge-Centric Organization
Building a Knowledge-Centric OrganizationOlivier Serrat
 
Product Management
Product ManagementProduct Management
Product ManagementCindy Royal
 

Similaire à Building a Culture of Digital Self Defense (20)

Analytics in Action - Introduction
Analytics in Action - IntroductionAnalytics in Action - Introduction
Analytics in Action - Introduction
 
Delphi2 results (Cycle 2) and towards Delphi3
Delphi2 results (Cycle 2) and towards Delphi3Delphi2 results (Cycle 2) and towards Delphi3
Delphi2 results (Cycle 2) and towards Delphi3
 
GP Safety Culture in NB - finished
GP Safety Culture in NB - finishedGP Safety Culture in NB - finished
GP Safety Culture in NB - finished
 
Successful Social Media for Mortgage Lenders: Engage With Your Audience While...
Successful Social Media for Mortgage Lenders: Engage With Your Audience While...Successful Social Media for Mortgage Lenders: Engage With Your Audience While...
Successful Social Media for Mortgage Lenders: Engage With Your Audience While...
 
Security Awareness Training for Community Colleges 2009
Security Awareness Training for Community Colleges 2009Security Awareness Training for Community Colleges 2009
Security Awareness Training for Community Colleges 2009
 
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
 
AI, Productivity, Innovation, and Sustainability
AI, Productivity, Innovation, and SustainabilityAI, Productivity, Innovation, and Sustainability
AI, Productivity, Innovation, and Sustainability
 
Getting started with your 2020/21 digital experience insights surveys
Getting started with your 2020/21 digital experience insights surveysGetting started with your 2020/21 digital experience insights surveys
Getting started with your 2020/21 digital experience insights surveys
 
Jisc e-safety
Jisc e-safety Jisc e-safety
Jisc e-safety
 
Introduction
IntroductionIntroduction
Introduction
 
Our Digital Futures
Our Digital FuturesOur Digital Futures
Our Digital Futures
 
Fetc 2022 Cybersecurity Panel
Fetc 2022 Cybersecurity PanelFetc 2022 Cybersecurity Panel
Fetc 2022 Cybersecurity Panel
 
Spotlight Webinar: Evidence Informed Decision Making (EIDM) Competence Measure
Spotlight Webinar: Evidence Informed Decision Making (EIDM) Competence MeasureSpotlight Webinar: Evidence Informed Decision Making (EIDM) Competence Measure
Spotlight Webinar: Evidence Informed Decision Making (EIDM) Competence Measure
 
Technologies and Innovation - Introduction
Technologies and Innovation - IntroductionTechnologies and Innovation - Introduction
Technologies and Innovation - Introduction
 
Your skills your future
Your skills your futureYour skills your future
Your skills your future
 
Keeping learners safe online presentation
Keeping learners safe online presentationKeeping learners safe online presentation
Keeping learners safe online presentation
 
Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)
Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)
Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)
 
Trucano saber-ict - hdne drecording - 20-dec2011
Trucano saber-ict - hdne drecording - 20-dec2011Trucano saber-ict - hdne drecording - 20-dec2011
Trucano saber-ict - hdne drecording - 20-dec2011
 
Building a Knowledge-Centric Organization
Building a Knowledge-Centric OrganizationBuilding a Knowledge-Centric Organization
Building a Knowledge-Centric Organization
 
Product Management
Product ManagementProduct Management
Product Management
 

Plus de Ben Woelk, CISSP, CPTC

Creating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual WorkforceCreating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual WorkforceBen Woelk, CISSP, CPTC
 
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptxCreating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptxBen Woelk, CISSP, CPTC
 
Saying "Yes, and...?" to Leadership Opportunities
Saying "Yes, and...?" to Leadership OpportunitiesSaying "Yes, and...?" to Leadership Opportunities
Saying "Yes, and...?" to Leadership OpportunitiesBen Woelk, CISSP, CPTC
 
Perspectives on Mentoring: Selected Stories
Perspectives on Mentoring: Selected StoriesPerspectives on Mentoring: Selected Stories
Perspectives on Mentoring: Selected StoriesBen Woelk, CISSP, CPTC
 
We're All Winners--Gamification and Security Awareness
We're All Winners--Gamification and Security AwarenessWe're All Winners--Gamification and Security Awareness
We're All Winners--Gamification and Security AwarenessBen Woelk, CISSP, CPTC
 
The Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for SuccessThe Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for SuccessBen Woelk, CISSP, CPTC
 
Harnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted LeadershipHarnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted LeadershipBen Woelk, CISSP, CPTC
 
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18Ben Woelk, CISSP, CPTC
 
Follow the yellow brick road: A Leadership Journey to the Emerald City
Follow the yellow brick road: A Leadership Journey to the Emerald CityFollow the yellow brick road: A Leadership Journey to the Emerald City
Follow the yellow brick road: A Leadership Journey to the Emerald CityBen Woelk, CISSP, CPTC
 
Collaborating securely: Protecting Your Community and Yourself
Collaborating securely: Protecting Your Community and YourselfCollaborating securely: Protecting Your Community and Yourself
Collaborating securely: Protecting Your Community and YourselfBen Woelk, CISSP, CPTC
 
Digital self defense iia isaca it audit seminar
Digital self defense iia isaca it audit seminarDigital self defense iia isaca it audit seminar
Digital self defense iia isaca it audit seminarBen Woelk, CISSP, CPTC
 
Cyber Safety for Middle School Students and Parents
Cyber Safety for Middle School Students and ParentsCyber Safety for Middle School Students and Parents
Cyber Safety for Middle School Students and ParentsBen Woelk, CISSP, CPTC
 
Staying Safe Online for HR Professionals
Staying Safe Online for HR ProfessionalsStaying Safe Online for HR Professionals
Staying Safe Online for HR ProfessionalsBen Woelk, CISSP, CPTC
 
Shockproofing your Use of Social Media: 2014
Shockproofing your Use of Social Media: 2014Shockproofing your Use of Social Media: 2014
Shockproofing your Use of Social Media: 2014Ben Woelk, CISSP, CPTC
 

Plus de Ben Woelk, CISSP, CPTC (20)

Creating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual WorkforceCreating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual Workforce
 
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptxCreating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
 
Saying "Yes, and...?" to Leadership Opportunities
Saying "Yes, and...?" to Leadership OpportunitiesSaying "Yes, and...?" to Leadership Opportunities
Saying "Yes, and...?" to Leadership Opportunities
 
Perspectives on Mentoring: Selected Stories
Perspectives on Mentoring: Selected StoriesPerspectives on Mentoring: Selected Stories
Perspectives on Mentoring: Selected Stories
 
We're All Winners--Gamification and Security Awareness
We're All Winners--Gamification and Security AwarenessWe're All Winners--Gamification and Security Awareness
We're All Winners--Gamification and Security Awareness
 
The Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for SuccessThe Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for Success
 
Harnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted LeadershipHarnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted Leadership
 
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
 
Digital self defense 101 me rit
Digital self defense 101 me ritDigital self defense 101 me rit
Digital self defense 101 me rit
 
Follow the yellow brick road: A Leadership Journey to the Emerald City
Follow the yellow brick road: A Leadership Journey to the Emerald CityFollow the yellow brick road: A Leadership Journey to the Emerald City
Follow the yellow brick road: A Leadership Journey to the Emerald City
 
Collaborating securely: Protecting Your Community and Yourself
Collaborating securely: Protecting Your Community and YourselfCollaborating securely: Protecting Your Community and Yourself
Collaborating securely: Protecting Your Community and Yourself
 
An Introvert's Journey to Leadership
An Introvert's Journey to LeadershipAn Introvert's Journey to Leadership
An Introvert's Journey to Leadership
 
Digital self defense iia isaca it audit seminar
Digital self defense iia isaca it audit seminarDigital self defense iia isaca it audit seminar
Digital self defense iia isaca it audit seminar
 
Digital Self Defense at RIT
Digital Self Defense at RITDigital Self Defense at RIT
Digital Self Defense at RIT
 
Cyber Safety for Middle School Students and Parents
Cyber Safety for Middle School Students and ParentsCyber Safety for Middle School Students and Parents
Cyber Safety for Middle School Students and Parents
 
Staying Safe Online for HR Professionals
Staying Safe Online for HR ProfessionalsStaying Safe Online for HR Professionals
Staying Safe Online for HR Professionals
 
Succession Planning and Volunteering
Succession Planning and VolunteeringSuccession Planning and Volunteering
Succession Planning and Volunteering
 
Digital Self Defense
Digital Self DefenseDigital Self Defense
Digital Self Defense
 
Shockproofing your Use of Social Media: 2014
Shockproofing your Use of Social Media: 2014Shockproofing your Use of Social Media: 2014
Shockproofing your Use of Social Media: 2014
 
A Techcomm Bestiary Summit14
A Techcomm Bestiary Summit14A Techcomm Bestiary Summit14
A Techcomm Bestiary Summit14
 

Dernier

INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
FILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipinoFILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipinojohnmickonozaleda
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxCarlos105
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Seán Kennedy
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 

Dernier (20)

INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
FILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipinoFILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipino
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 

Building a Culture of Digital Self Defense

  • 1. Building a Culture of Digital Self Defense Ben Woelk, CISSP, CPTC Program Manager Rochester Institute of Technology 4 October 2018
  • 2. Why Build a Culture of Digital Self Defense? OR
  • 3. Who Am I? • Member, EDUCAUSE HEISC Awareness and Training Working Group • Vice President, Society for Technical Communication, Associate Fellow (2018) • Adjunct professor teaching Intro to Computing Security and technical communication classes at the Rochester Institute of Technology • Practice areas in security awareness, policies and procedures, introverted leadership development, mentoring © Ben Woelk 2018
  • 4. Key Points • The Problem • Changing the Culture • Awareness Plan Basics • Measuring Your Success © Ben Woelk 2018
  • 5. THE PROBLEM © Ben Woelk 2018
  • 6. Security Awareness isn’t Working – Why not? – “The fact is that people know the answer to awareness questions but they do not act accordingly to their real life (ISF, 2014, NIST, 2003).” (Bada and Sasse, 2014) © Ben Woelk 2018
  • 7. Why Not? 1. Not understanding what security awareness really is 2. Reliance on checking the box 3. Failing to acknowledge that awareness is a unique discipline 4. Lack of engaging and appropriate materials 5. Not collecting metrics 6. Unreasonable expectations 7. Relying upon a single training exercise Winkler Ira and Manke Samantha (2013). 7 Reasons for Security Awareness Failure, CSO Magazine, July 10. Retrieved from http://www.csoonline.com/article/2133697/metrics-budgets/7-reasons-for-security-awareness-failure.html © Ben Woelk 2018
  • 8. Wrong Behaviors? • What are we saying our users should do? • Google Research http://googleonlinesecurity.blogspot.com/2015/07/new-research-comparing-how-security.html © Ben Woelk 2018
  • 9. THE SOLUTION © Ben Woelk 2018
  • 10. Culture Change • Culture--the set of shared attitudes, values, goals, and practices that characterizes an institution or organization (Merriam Webster) • What would culture change look like? © Ben Woelk 2018
  • 11. Success Factors 1. Security awareness has to be professionally prepared and organised in order to work. 2. Invoking fear in people is not an effective tactic, since it could scare people who can least afford to take risks. 3. Security education has to be more than providing information to users – it needs to be targeted, actionable, doable and provide feedback. 4. Once people are willing to change, training and continuous feedback is needed to sustain them through the change period. 5. Emphasis is necessary on different cultural contexts and characteristics when creating cyber security-awareness campaigns. Bada, Maria; Sasse, Angela; Nurse, Jason R. C. Cyber Security Awareness Campaigns Why do they fail to change behavior? Conference paper. January 2015. © Ben Woelk 2018
  • 12. Making Good Security Habitual • Contextualization • Repetition and Branding • Reward © Ben Woelk 2018
  • 13. © Ben Woelk 2018
  • 14. An impossible dream? © Ben Woelk 2018
  • 16. Building the Plan • Determine Goal • Identify and Profile Audience • Develop Messages • Select Communication Channels • Choose Activities and Materials • Establish Partnerships • Implement the Plan • Evaluate and Make Mid-Course Corrections © Ben Woelk 2018 Woelk and Schaufler, It Doesn’t Take Magic: It Doesn't Take Magic: Tricks of the Trade to Create an Effective Security Awareness Program
  • 17. Implementing the Plan Topics and Activities (Monthly or Quarterly) – Topics (top three cyber security issues) – Specific audiences and deliverables – Calendar of Deliverables © Ben Woelk 2018
  • 19. Measuring Your Success • What can and should we measure? – Number of incidents? – Engagement? – Specific areas • Phishing • Compliance issues • BYOD or mobile device management • Data loss/leakage prevention McElroy, Lori, and Eric Weakland. “Measuring the Effectiveness of Security Awareness Programs” (Research Bulletin). Louisville, CO: EDUCAUSE Center for Analysis and Research, December 16, 2013 © Ben Woelk 2018
  • 21. Resources • Woelk, Ben. “Building a Culture of Digital Self Defense,” EDUCAUSE Review Security Matters blog, September 20, 2016 • Woelk, Ben. The Successful Security Awareness Professional: Foundational Skills and Continuing Education Strategies. Research bulletin. Louisville, CO: ECAR, August 10, 2016 • _________W.H. Kellogg Foundation, Strategic Communication Plan, https://www.wkkf.org/resource-directory/resource/2006/01/template-for- strategic-communications-plan • Various, EDUCAUSE Security Awareness https://library.educause.edu/topics/cybersecurity/security-awareness • Templates, Presentation, Resources list https://drive.google.com/drive/folders/0B45bhFW7CueDbkVGQ1JXMzdFYXM?usp=s haring © Ben Woelk 2018

Notes de l'éditeur

  1. How do we get there? Strategic communications, not just reactive Tactical implementation