3. SECU RITY RISK AND CRISIS MANAGEMENT
AWARENESS BEHAVIOR CULTURE
“To reduce our security risk, our training program must not only
raise awareness, it must also change behavior and build the
right culture.”
4. SECU RITY AWARENESS MAD E EASYSECU RITY AWARENESS MAD E EASY
CHANGE BEHAVIOR
SECURITY AWARENESS
“IF YOU HAD A MAGIC WAND, WHAT WOULD YOU LIKE
YOUR TRAVELERS START OR STOP DOING?”
5. SECU RITY AWARENESS MAD E EASY
PHYSICAL TRAVEL CYBER
▪ Avoid tailgating
▪ Don’t lend badges
▪ Don’t open doors
to strangers
▪ Wear badges
▪ Properly host
visitors
▪ Approach those
out of place
▪ Don’t prop open
doors
▪ Research before
trips
▪ Know support
available to you
▪ Use approved
accommodation/
transport
▪ Be aware – security
mindset
▪ Know what to do in
case of incident
▪ Adhere to internal
processes
▪ Have good
password
management
▪ Safe guard removal
media
▪ Use VPN when
traveling
▪ Keep clean desks
▪ Be wary of emails
that don’t seem
right
TYPICAL BEHAVIOR RELATED ISSUES
SECURITY AWARENESS
SOCIAL ENGINERRING REPORTING
▪ Know threats and
tactics & be able to
spot them
▪ Have appreciation
of the value of
information
▪ Know whom you
are talking to (CEO
fraud)
▪ Security threats
and incidents
▪ Report suspicious
encounters
▪ Report lost devices
asap
6. SECU RITY AWARENESS MAD E EASY
WHY STEAL FROM MARKETING?
Getting attention and influencing
good behavior
7. SECU RITY AWARENESS MAD E EASY
CAR SAFETY FEATURES
….SUBJECT MATTER EXPERTS
HOW IS THE APPROACH DIFFERENT?
AUTONOMOUS EMERGENCY BRAKING (AEB)
LANE ASSISTANT
BLIND SPOT DETECTION
DRIVER, PASSENGER AND CURTAIN AIRBAGS
STRONG OCCUPANT COMPARTMENT
CRUMBLE ZONES
SIDE IMPACT PROTECTION
SEAT BELTS
HEAD RESTS FOR ALL SEATS
9. SECU RITY AWARENESS MAD E EASY
2 TYPES OF THINKING
CONSCIOUS
LOGICAL
SUBCONSCIOUS
EMOTIONAL
10. SECU RITY AWARENESS MAD E EASY
WHAT WE SHOULD STEAL
1 CUSTOMER OBSESSION
2 GOOD COPYWRITING
3 CAMPAIGN BASED APPROACH
4 AUTOMATION
5 OBSESSION WITH DATA
T
11. SECU RITY AWARENESS MAD E EASY
… LEARNER PERSONAS
CUSTOMER OBSESSION
Background
▪ …
Demographics
▪ …
General interests
▪ …
Biggest travel related
concerns
▪ …
Common objections /
frustrations with current
approach
▪ …
How do they access content?
When and where?
▪ …
NAME
13. SECU RITY AWARENESS MAD E EASYSECU RITY AWARENESS MAD E EASY
… IS RUTHLESSLY RELEVANT?
CONTENT STRATEGIES…
“IT’S PERFECT WHEN WE CAN’T TAKE ANYTHING AWAY
ANYMORE WITHOUT LOSING KEY MESSAGES AND CONTEXT.”
14. SECURITY PRINCIPLES
Protect our sensitive
information
CYBER
Protect our sites
PHYSICAL
Travel safely
TRAVEL
Know whom you are
talking to
SOCIAL ENGINEERING REPORTING
See something, say
something
15. SECU RITY RISK AND CRISIS MANAGEMENT
One time,
mandatory training
Ongoing, bite
sized campaign
or
16. SECU RITY AWARENESS MAD E EASY
INTRODUCTION
E-LEARNING
or VIDEO SURVEY/QUIZ
SOCIAL
PLATFORM
EMAIL – SUPPORTING
TOOL
AWARENESS JOURNEY
CAMPAIN BASED APPROACH
MICRO
LEARNING
17. SECU RITY AWARENESS MAD E EASY
… AND DYNAMIC CONTENT
AUTOMATION
Initial video
Email 1
Opened? Email 2
Email 1
Follow up
Email 3Campaign site
Final surveyEmail 2
Follow up
18. SECU RITY AWARENESS MAD E EASY
A/B TEST EMAIL SUBJECT LINES
AUTOMATION
Subject: TRAVEL BRIEFING
Subject: Your Beirut trip, important information
19. SECU RITY AWARENESS MAD E EASY
General program metrics
▪ Number of people trained vs. identified in the training matrix
▪ Online videos: views, dropouts
▪ Intranet, articles, emails: click analytics
▪ End user survey feedback (usefulness question)
Impact metrics
▪ How can we measure improvements of the core behaviors?
▪ Survey questions
▪ Incidents reported
THE METRICS THAT MATTER THE MOST
OBESSION WITH DATA
LEARNING
REACTION
IMPACT
BEHAVIOR
20. SECU RITY AWARENESS MAD E EASYSECU RITY AWARENESS MAD E EASY
PEOPLE TO FOLLOW FOR INSPIRATION
Mike Taylor
Bianca Baumann
Sam Rogers
ACKNOWLEDGMENT