Transformational Security Awareness
eBook - ePub

Transformational Security Awareness

What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

Transformational Security Awareness

What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors

About this book

Expert guidance on the art and science of driving secure behaviors

Transformational Security Awareness empowers security leaders with the information and resources they need to assemble and deliver effective world-class security awareness programs that drive secure behaviors and culture change.

When all other processes, controls, and technologies fail, humans are your last line of defense. But, how can you prepare them? Frustrated with ineffective training paradigms, most security leaders know that there must be a better way. A way that engages users, shapes behaviors, and fosters an organizational culture that encourages and reinforces security-related values. The good news is that there is hope. That's what Transformational Security Awareness is all about.

Author Perry Carpenter weaves together insights and best practices from experts in communication, persuasion, psychology, behavioral economics, organizational culture management, employee engagement, and storytelling to create a multidisciplinary masterpiece that transcends traditional security education and sets you on the path to make a lasting impact in your organization.

  • Find out what you need to know about marketing, communication, behavior science, and culture management
  • Overcome the knowledge-intention-behavior gap
  • Optimize your program to work with the realities of human nature
  • Use simulations, games, surveys, and leverage new trends like escape rooms to teach security awareness
  • Put effective training together into a well-crafted campaign with ambassadors
  • Understand the keys to sustained success and ongoing culture change
  • Measure your success and establish continuous improvements

Do you care more about what your employees know or what they do? It's time to transform the way we think about security awareness. If your organization is stuck in a security awareness rut, using the same ineffective strategies, materials, and information that might check a compliance box but still leaves your organization wide open to phishing, social engineering, and security-related employee mistakes and oversights, then you NEED this book.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Transformational Security Awareness by Perry Carpenter in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Wiley
Year
2019
Print ISBN
9781119566342
eBook ISBN
9781119566359
Edition
1
Topic
Computer Science
Subtopic
Cyber Security
Index
Computer Science

II
The Tools of Transformation

In This Part

  • Chapter 3: Marketing and Communications 101 for Security Awareness Leaders
  • Chapter 4: Behavior Science 101 for Security Awareness Leaders
  • Chapter 5: Culture Management 101 for Security Awareness Leaders
  • Chapter 6: What's in a Modern Security Awareness Leader’s Toolbox?
  • Chapter 7: Voices of Transformation: Interviews with Security Awareness Vendors

3
Marketing and Communications 101 for Security Awareness Leaders

More than 80% of security awareness professionals have highly technical backgrounds. That's great—they understand the problem—but that's bad because they're really bad at communicating the solution.
Lance Spitzner, Director SANS Security Awareness1
Have you ever watched someone trying to communicate with a person who doesn't speak the same language, but they hope that talking louder and slower2 will somehow magically help? Yeah—Security awareness communications can feel like that.
We expect a lot of our employees when it comes to making secure decisions, protecting customer and organizational information, and behaving in a secure manner. Doing all of this can require a pretty complex collection of steps; and, while humans are generally pretty good at performing complex tasks that they've practiced and care about, they are not near as good at consistently performing complex tasks when they don't yet possess the required proficiency or motivation. But that hasn't stopped us as an industry from hoping that if we simply give people the right information, they will suddenly start acting in a more secure manner.
In Chapters 1 and 2, I introduced one of the fundamental problems that we must deal with: even if someone is aware, that doesn't mean that they care. Moreover, we can put out a ton of great information aimed at helping raise the awareness of our people, but we probably don't even know if our information dissemination has translated to understanding. And even if they understand and care, we can't guarantee that they understand to the extent that they'd be able to correctly apply the information in a different context than the way in which the information was first presented.
So, how do we deal with these disconnects? That's where a better understanding of communication techniques and the psychology of communication will help us.

THE ROLE OF COMMUNICATION

Forrester Research captured the essence of the critical role of communication techniques for effective security awareness in its research note “Harden Your Human Firewall.”3 Here's how authors Nick Hayes and Claire O'Malley put it:
Communication is the glue that binds and the means of delivery. Just as security professionals provide subject matter expertise, developing an effective campaign requires individuals with good communication skills, familiarity with learning concepts, and knowledge of a variety of tools and techniques. A commonality of winning security campaigns is that the security messages are personal, emotional, and relevant. Getting these messages across also requires a mix of media, materials, and examples that are relevant to your particular environment and organization's culture.

The Communications Conundrum

Often, the first thing you think of when someone says “security awareness” is the communication aspect of the program: that aspect of ensuring that we've exposed our employees to certain security-related facts and practices. And, as we have already discussed, it is this function of the program that seems to consistently fall short of our hopes.
How is it that we continually fail at the quintessential defining feature of awareness? The answer is simple: most security awareness leaders aren't skilled communicators. The 2018 SANS Security Awareness Report captured the reason well. Check it out4:
Consistent with last year's report findings, the 2018 report shows that a clear majority of awareness professionals come from a technical background with less than 20% of individuals coming from non-technical fields such [as] communications, marketing, legal or human resources. While technically skilled professionals have some advantages, in that they have a solid understanding of technology and human-related risks, this can also create a challenge. These same individuals often lack the skills to effectively communicate those risks and engage employees in a way that changes behavior.
So, here is the crux of the issue. Most security awareness leaders are technical professionals who understand cybersecurity thoroughly but have a difficult time packaging the security facts and messages they want to convey into a format that the average, nonsecurity person will understand or care about. As the SANS report indicated, less than 20 percent of awareness leaders come from backgrounds inherently tied to skill sets related to training, influencing others, or communicating complex topics in understandable ways.
The phenomena of experts having difficulty communicating with “normal” people is well known. Ramit Sethi, author of I Will Teach You to Be Rich and founder of GrowthLab.com, captures the reason for this issue well. Ramit says that experts have difficulty in this context because they can't remember what it's like to be a beginner. Here's how he explains it; see if you can relate5:
Sometimes the very best are horrible teachers.
That's because they just can't remember what it's like being a beginner!
Go talk to Mariah Carey and ask her how to break into the business. She doesn't know! She's been a diva for so long—she requires that her music is played when she enters a room—that she has no idea what it's like to be a beginner.
Love you, Mariah.
Smart people have spent so many years working on something that they often forget what it's like to be a beginner.
Like my computer science professor in college who once looked at my problem—which I was hopelessly stuck on—and he told me to “Harness the power of C.”
PLEASE DIE!!!
As you get more and more advanced in your career (or relationship or business or pretty much anything), it becomes h...

Table of contents

  1. Cover
  2. Table of Contents
  3. Foreword
  4. Introduction
  5. I: The Case for Transformation
  6. II: The Tools of Transformation
  7. III: The Process of Transformation
  8. Appendix: Seven Key Reminder Nudges to Help Your Recall
  9. Index
  10. End User License Agreement