Barbara McCraryChief Information Security
Officer
Three C’s of Security Awareness:Culture, Change and Creativity
• Culture • Change • Creativity
The Three C’s of Security
Culture, change, and creativity are central to protecting an organization’s data and assets.
• A Company’s Way of Life – Behavior and Practice– Standards– Habits and Routines– Traditions
Culture
Behavior and Practices
– Organization Silos– Communication– Productivity– Environment
Change IT’s Ideas About Effectual Security
• Update Standards• Habits and Routines– Process pertinent data first– Simplify
• Automate Traditional Processes
To improve security and security awareness:
Change!
Change
Keys to Change
• Protecting data is a shared responsibility.
• Encourage active participation from all stakeholders.
Change Everyone’s Idea of Security Awareness
Training• Regular, daily, weekly, monthly
campaigns that look more like conversations than training.– Focused and Small Bites– Reinforce– Applicable
Change Everyone’s Idea of Normal
• Inspire thought and conversation about ethical computing.– Change unethical norms. – Redesign decision processes.– Reinforce organizational ethics
using reminders and currently held communication tools.
What can we really do to encourage ethical and secure corporate behavior?
Get Creative!
Creativity
Incorporate a Variety of Awareness Tools
• Add security to process training.• Send info on trending and current
events.• Include info that applies to
personal lives, families and personal finance.
Designing Security Awareness Materials
• Consider the differences:– generations– gender – seniority
Summing It Up
To quote ― St. Francis of Assisi
“Start by doing what is necessary, then what is possible, and suddenly you are doing the impossible.”
QUESTIONS?