Barbara McCraryChief Information Security

Officer

Three C’s of Security Awareness:Culture, Change and Creativity

• Culture • Change • Creativity

The Three C’s of Security

Culture, change, and creativity are central to protecting an organization’s data and assets.

• A Company’s Way of Life – Behavior and Practice– Standards– Habits and Routines– Traditions

Culture

Behavior and Practices

– Organization Silos– Communication– Productivity– Environment

Change IT’s Ideas About Effectual Security

• Update Standards• Habits and Routines– Process pertinent data first– Simplify

• Automate Traditional Processes

To improve security and security awareness:

Change!

Change

Keys to Change

• Protecting data is a shared responsibility.

• Encourage active participation from all stakeholders.

Change Everyone’s Idea of Security Awareness

Training• Regular, daily, weekly, monthly

campaigns that look more like conversations than training.– Focused and Small Bites– Reinforce– Applicable

Change Everyone’s Idea of Normal

• Inspire thought and conversation about ethical computing.– Change unethical norms. – Redesign decision processes.– Reinforce organizational ethics

using reminders and currently held communication tools.

What can we really do to encourage ethical and secure corporate behavior?

Get Creative!

Creativity

Incorporate a Variety of Awareness Tools

• Add security to process training.• Send info on trending and current

events.• Include info that applies to

personal lives, families and personal finance.

Designing Security Awareness Materials

• Consider the differences:– generations– gender – seniority

Summing It Up

To quote ― St. Francis of Assisi

“Start by doing what is necessary, then what is possible, and suddenly you are doing the impossible.”

QUESTIONS?