SlideShare a Scribd company logo
1 of 22
Building a Culture of
Digital Self Defense
Ben Woelk, CISSP, CPTC
Program Manager
Rochester Institute of Technology
4 October 2018
Why Build a Culture of Digital Self Defense?
OR
Who Am I?
• Member, EDUCAUSE HEISC Awareness and
Training Working Group
• Vice President, Society for Technical
Communication, Associate Fellow (2018)
• Adjunct professor teaching Intro to Computing
Security and technical communication classes at
the Rochester Institute of Technology
• Practice areas in security awareness, policies
and procedures, introverted leadership
development, mentoring
© Ben Woelk 2018
Key Points
• The Problem
• Changing the Culture
• Awareness Plan Basics
• Measuring Your Success
© Ben Woelk 2018
THE PROBLEM
© Ben Woelk 2018
Security Awareness isn’t Working
– Why not?
– “The fact is that people know the answer to awareness
questions but they do not act accordingly to their real life
(ISF, 2014, NIST, 2003).” (Bada and Sasse, 2014)
© Ben Woelk 2018
Why Not?
1. Not understanding what security awareness really is
2. Reliance on checking the box
3. Failing to acknowledge that awareness is a unique discipline
4. Lack of engaging and appropriate materials
5. Not collecting metrics
6. Unreasonable expectations
7. Relying upon a single training exercise
Winkler Ira and Manke Samantha (2013). 7 Reasons for Security Awareness Failure, CSO Magazine, July
10. Retrieved from http://www.csoonline.com/article/2133697/metrics-budgets/7-reasons-for-security-awareness-failure.html
© Ben Woelk 2018
Wrong Behaviors?
• What are we saying our users should do?
• Google Research
http://googleonlinesecurity.blogspot.com/2015/07/new-research-comparing-how-security.html
© Ben Woelk 2018
THE SOLUTION
© Ben Woelk 2018
Culture Change
• Culture--the set of shared attitudes, values, goals, and
practices that characterizes an institution or
organization (Merriam Webster)
• What would culture change look like?
© Ben Woelk 2018
Success Factors
1. Security awareness has to be professionally prepared and organised in
order to work.
2. Invoking fear in people is not an effective tactic, since it could scare
people who can least afford to take risks.
3. Security education has to be more than providing information to users – it
needs to be targeted, actionable, doable and provide feedback.
4. Once people are willing to change, training and continuous feedback is
needed to sustain them through the change period.
5. Emphasis is necessary on different cultural contexts and characteristics
when creating cyber security-awareness campaigns.
Bada, Maria; Sasse, Angela; Nurse, Jason R. C. Cyber Security Awareness Campaigns Why do they
fail to change behavior? Conference paper. January 2015.
© Ben Woelk 2018
Making Good Security Habitual
• Contextualization
• Repetition and Branding
• Reward
© Ben Woelk 2018
© Ben Woelk 2018
An impossible dream?
© Ben Woelk 2018
AWARENESS PLANS
© Ben Woelk 2018
Building the Plan
• Determine Goal
• Identify and Profile Audience
• Develop Messages
• Select Communication Channels
• Choose Activities and Materials
• Establish Partnerships
• Implement the Plan
• Evaluate and Make Mid-Course Corrections
© Ben Woelk 2018
Woelk and Schaufler, It Doesn’t Take Magic: It Doesn't Take Magic: Tricks of the Trade to Create an Effective Security Awareness Program
Implementing the Plan
Topics and Activities (Monthly or Quarterly)
– Topics (top three cyber security issues)
– Specific audiences and deliverables
– Calendar of Deliverables
© Ben Woelk 2018
METRICS
© Ben Woelk 2018
Measuring Your Success
• What can and should we measure?
– Number of incidents?
– Engagement?
– Specific areas
• Phishing
• Compliance issues
• BYOD or mobile device management
• Data loss/leakage prevention
McElroy, Lori, and Eric Weakland. “Measuring the Effectiveness of Security Awareness Programs” (Research Bulletin). Louisville, CO: EDUCAUSE Center for Analysis and Research,
December 16, 2013
© Ben Woelk 2018
Discuss
Ben Woelk
Ben.woelk@rit.edu
ben@benwoelk.com
20
Resources
• Woelk, Ben. “Building a Culture of Digital Self Defense,” EDUCAUSE Review
Security Matters blog, September 20, 2016
• Woelk, Ben. The Successful Security Awareness Professional: Foundational Skills
and Continuing Education Strategies. Research bulletin. Louisville, CO: ECAR,
August 10, 2016
• _________W.H. Kellogg Foundation, Strategic Communication Plan,
https://www.wkkf.org/resource-directory/resource/2006/01/template-for-
strategic-communications-plan
• Various, EDUCAUSE Security Awareness
https://library.educause.edu/topics/cybersecurity/security-awareness
• Templates, Presentation, Resources list
https://drive.google.com/drive/folders/0B45bhFW7CueDbkVGQ1JXMzdFYXM?usp=s
haring
© Ben Woelk 2018
Thank You

More Related Content

Similar to Building a Culture of Digital Self Defense

Analytics in Action - Introduction
Analytics in Action - IntroductionAnalytics in Action - Introduction
Analytics in Action - IntroductionLee Schlenker
 
GP Safety Culture in NB - finished
GP Safety Culture in NB - finishedGP Safety Culture in NB - finished
GP Safety Culture in NB - finishedLarry Harlow
 
Successful Social Media for Mortgage Lenders: Engage With Your Audience While...
Successful Social Media for Mortgage Lenders: Engage With Your Audience While...Successful Social Media for Mortgage Lenders: Engage With Your Audience While...
Successful Social Media for Mortgage Lenders: Engage With Your Audience While...Smarsh
 
Security Awareness Training for Community Colleges 2009
Security Awareness Training for Community Colleges 2009Security Awareness Training for Community Colleges 2009
Security Awareness Training for Community Colleges 2009Donald E. Hester
 
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...Health IT Conference – iHT2
 
AI, Productivity, Innovation, and Sustainability
AI, Productivity, Innovation, and SustainabilityAI, Productivity, Innovation, and Sustainability
AI, Productivity, Innovation, and SustainabilityRobin Teigland
 
Getting started with your 2020/21 digital experience insights surveys
Getting started with your 2020/21 digital experience insights surveysGetting started with your 2020/21 digital experience insights surveys
Getting started with your 2020/21 digital experience insights surveysJisc
 
Our Digital Futures
Our Digital FuturesOur Digital Futures
Our Digital FuturesLisa Harris
 
Fetc 2022 Cybersecurity Panel
Fetc 2022 Cybersecurity PanelFetc 2022 Cybersecurity Panel
Fetc 2022 Cybersecurity PanelJulie Evans
 
Technologies and Innovation - Introduction
Technologies and Innovation - IntroductionTechnologies and Innovation - Introduction
Technologies and Innovation - IntroductionLee Schlenker
 
Keeping learners safe online presentation
Keeping learners safe online presentationKeeping learners safe online presentation
Keeping learners safe online presentationJisc
 
Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)
Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)
Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)Keri Ramirez
 
Trucano saber-ict - hdne drecording - 20-dec2011
Trucano   saber-ict - hdne drecording - 20-dec2011Trucano   saber-ict - hdne drecording - 20-dec2011
Trucano saber-ict - hdne drecording - 20-dec2011Valeria Kelly
 
Building a Knowledge-Centric Organization
Building a Knowledge-Centric OrganizationBuilding a Knowledge-Centric Organization
Building a Knowledge-Centric OrganizationOlivier Serrat
 
Product Management
Product ManagementProduct Management
Product ManagementCindy Royal
 

Similar to Building a Culture of Digital Self Defense (20)

Analytics in Action - Introduction
Analytics in Action - IntroductionAnalytics in Action - Introduction
Analytics in Action - Introduction
 
Delphi2 results (Cycle 2) and towards Delphi3
Delphi2 results (Cycle 2) and towards Delphi3Delphi2 results (Cycle 2) and towards Delphi3
Delphi2 results (Cycle 2) and towards Delphi3
 
GP Safety Culture in NB - finished
GP Safety Culture in NB - finishedGP Safety Culture in NB - finished
GP Safety Culture in NB - finished
 
Successful Social Media for Mortgage Lenders: Engage With Your Audience While...
Successful Social Media for Mortgage Lenders: Engage With Your Audience While...Successful Social Media for Mortgage Lenders: Engage With Your Audience While...
Successful Social Media for Mortgage Lenders: Engage With Your Audience While...
 
Security Awareness Training for Community Colleges 2009
Security Awareness Training for Community Colleges 2009Security Awareness Training for Community Colleges 2009
Security Awareness Training for Community Colleges 2009
 
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
 
AI, Productivity, Innovation, and Sustainability
AI, Productivity, Innovation, and SustainabilityAI, Productivity, Innovation, and Sustainability
AI, Productivity, Innovation, and Sustainability
 
Getting started with your 2020/21 digital experience insights surveys
Getting started with your 2020/21 digital experience insights surveysGetting started with your 2020/21 digital experience insights surveys
Getting started with your 2020/21 digital experience insights surveys
 
Jisc e-safety
Jisc e-safety Jisc e-safety
Jisc e-safety
 
Introduction
IntroductionIntroduction
Introduction
 
Our Digital Futures
Our Digital FuturesOur Digital Futures
Our Digital Futures
 
Fetc 2022 Cybersecurity Panel
Fetc 2022 Cybersecurity PanelFetc 2022 Cybersecurity Panel
Fetc 2022 Cybersecurity Panel
 
Spotlight Webinar: Evidence Informed Decision Making (EIDM) Competence Measure
Spotlight Webinar: Evidence Informed Decision Making (EIDM) Competence MeasureSpotlight Webinar: Evidence Informed Decision Making (EIDM) Competence Measure
Spotlight Webinar: Evidence Informed Decision Making (EIDM) Competence Measure
 
Technologies and Innovation - Introduction
Technologies and Innovation - IntroductionTechnologies and Innovation - Introduction
Technologies and Innovation - Introduction
 
Your skills your future
Your skills your futureYour skills your future
Your skills your future
 
Keeping learners safe online presentation
Keeping learners safe online presentationKeeping learners safe online presentation
Keeping learners safe online presentation
 
Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)
Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)
Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)
 
Trucano saber-ict - hdne drecording - 20-dec2011
Trucano   saber-ict - hdne drecording - 20-dec2011Trucano   saber-ict - hdne drecording - 20-dec2011
Trucano saber-ict - hdne drecording - 20-dec2011
 
Building a Knowledge-Centric Organization
Building a Knowledge-Centric OrganizationBuilding a Knowledge-Centric Organization
Building a Knowledge-Centric Organization
 
Product Management
Product ManagementProduct Management
Product Management
 

More from Ben Woelk, CISSP, CPTC

Creating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual WorkforceCreating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual WorkforceBen Woelk, CISSP, CPTC
 
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptxCreating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptxBen Woelk, CISSP, CPTC
 
Saying "Yes, and...?" to Leadership Opportunities
Saying "Yes, and...?" to Leadership OpportunitiesSaying "Yes, and...?" to Leadership Opportunities
Saying "Yes, and...?" to Leadership OpportunitiesBen Woelk, CISSP, CPTC
 
Perspectives on Mentoring: Selected Stories
Perspectives on Mentoring: Selected StoriesPerspectives on Mentoring: Selected Stories
Perspectives on Mentoring: Selected StoriesBen Woelk, CISSP, CPTC
 
We're All Winners--Gamification and Security Awareness
We're All Winners--Gamification and Security AwarenessWe're All Winners--Gamification and Security Awareness
We're All Winners--Gamification and Security AwarenessBen Woelk, CISSP, CPTC
 
The Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for SuccessThe Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for SuccessBen Woelk, CISSP, CPTC
 
Harnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted LeadershipHarnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted LeadershipBen Woelk, CISSP, CPTC
 
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18Ben Woelk, CISSP, CPTC
 
Follow the yellow brick road: A Leadership Journey to the Emerald City
Follow the yellow brick road: A Leadership Journey to the Emerald CityFollow the yellow brick road: A Leadership Journey to the Emerald City
Follow the yellow brick road: A Leadership Journey to the Emerald CityBen Woelk, CISSP, CPTC
 
Collaborating securely: Protecting Your Community and Yourself
Collaborating securely: Protecting Your Community and YourselfCollaborating securely: Protecting Your Community and Yourself
Collaborating securely: Protecting Your Community and YourselfBen Woelk, CISSP, CPTC
 
Digital self defense iia isaca it audit seminar
Digital self defense iia isaca it audit seminarDigital self defense iia isaca it audit seminar
Digital self defense iia isaca it audit seminarBen Woelk, CISSP, CPTC
 
Cyber Safety for Middle School Students and Parents
Cyber Safety for Middle School Students and ParentsCyber Safety for Middle School Students and Parents
Cyber Safety for Middle School Students and ParentsBen Woelk, CISSP, CPTC
 
Staying Safe Online for HR Professionals
Staying Safe Online for HR ProfessionalsStaying Safe Online for HR Professionals
Staying Safe Online for HR ProfessionalsBen Woelk, CISSP, CPTC
 
Shockproofing your Use of Social Media: 2014
Shockproofing your Use of Social Media: 2014Shockproofing your Use of Social Media: 2014
Shockproofing your Use of Social Media: 2014Ben Woelk, CISSP, CPTC
 

More from Ben Woelk, CISSP, CPTC (20)

Creating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual WorkforceCreating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual Workforce
 
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptxCreating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
 
Saying "Yes, and...?" to Leadership Opportunities
Saying "Yes, and...?" to Leadership OpportunitiesSaying "Yes, and...?" to Leadership Opportunities
Saying "Yes, and...?" to Leadership Opportunities
 
Perspectives on Mentoring: Selected Stories
Perspectives on Mentoring: Selected StoriesPerspectives on Mentoring: Selected Stories
Perspectives on Mentoring: Selected Stories
 
We're All Winners--Gamification and Security Awareness
We're All Winners--Gamification and Security AwarenessWe're All Winners--Gamification and Security Awareness
We're All Winners--Gamification and Security Awareness
 
The Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for SuccessThe Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for Success
 
Harnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted LeadershipHarnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted Leadership
 
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
 
Digital self defense 101 me rit
Digital self defense 101 me ritDigital self defense 101 me rit
Digital self defense 101 me rit
 
Follow the yellow brick road: A Leadership Journey to the Emerald City
Follow the yellow brick road: A Leadership Journey to the Emerald CityFollow the yellow brick road: A Leadership Journey to the Emerald City
Follow the yellow brick road: A Leadership Journey to the Emerald City
 
Collaborating securely: Protecting Your Community and Yourself
Collaborating securely: Protecting Your Community and YourselfCollaborating securely: Protecting Your Community and Yourself
Collaborating securely: Protecting Your Community and Yourself
 
An Introvert's Journey to Leadership
An Introvert's Journey to LeadershipAn Introvert's Journey to Leadership
An Introvert's Journey to Leadership
 
Digital self defense iia isaca it audit seminar
Digital self defense iia isaca it audit seminarDigital self defense iia isaca it audit seminar
Digital self defense iia isaca it audit seminar
 
Digital Self Defense at RIT
Digital Self Defense at RITDigital Self Defense at RIT
Digital Self Defense at RIT
 
Cyber Safety for Middle School Students and Parents
Cyber Safety for Middle School Students and ParentsCyber Safety for Middle School Students and Parents
Cyber Safety for Middle School Students and Parents
 
Staying Safe Online for HR Professionals
Staying Safe Online for HR ProfessionalsStaying Safe Online for HR Professionals
Staying Safe Online for HR Professionals
 
Succession Planning and Volunteering
Succession Planning and VolunteeringSuccession Planning and Volunteering
Succession Planning and Volunteering
 
Digital Self Defense
Digital Self DefenseDigital Self Defense
Digital Self Defense
 
Shockproofing your Use of Social Media: 2014
Shockproofing your Use of Social Media: 2014Shockproofing your Use of Social Media: 2014
Shockproofing your Use of Social Media: 2014
 
A Techcomm Bestiary Summit14
A Techcomm Bestiary Summit14A Techcomm Bestiary Summit14
A Techcomm Bestiary Summit14
 

Recently uploaded

How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17Celine George
 
Using Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea DevelopmentUsing Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea Developmentchesterberbo7
 
Indexing Structures in Database Management system.pdf
Indexing Structures in Database Management system.pdfIndexing Structures in Database Management system.pdf
Indexing Structures in Database Management system.pdfChristalin Nelson
 
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Association for Project Management
 
Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17Celine George
 
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing  Postmodern Elements in  Literature.pptxUnraveling Hypertext_ Analyzing  Postmodern Elements in  Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxDhatriParmar
 
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxGrade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxkarenfajardo43
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
CHEST Proprioceptive neuromuscular facilitation.pptx
CHEST Proprioceptive neuromuscular facilitation.pptxCHEST Proprioceptive neuromuscular facilitation.pptx
CHEST Proprioceptive neuromuscular facilitation.pptxAneriPatwari
 
ARTERIAL BLOOD GAS ANALYSIS........pptx
ARTERIAL BLOOD  GAS ANALYSIS........pptxARTERIAL BLOOD  GAS ANALYSIS........pptx
ARTERIAL BLOOD GAS ANALYSIS........pptxAneriPatwari
 
How to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseHow to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseCeline George
 
Mythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWMythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWQuiz Club NITW
 
Narcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdfNarcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdfPrerana Jadhav
 
4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptx4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptxmary850239
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptxmary850239
 
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvRicaMaeCastro1
 

Recently uploaded (20)

How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17
 
Using Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea DevelopmentUsing Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea Development
 
Indexing Structures in Database Management system.pdf
Indexing Structures in Database Management system.pdfIndexing Structures in Database Management system.pdf
Indexing Structures in Database Management system.pdf
 
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
 
Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17Tree View Decoration Attribute in the Odoo 17
Tree View Decoration Attribute in the Odoo 17
 
prashanth updated resume 2024 for Teaching Profession
prashanth updated resume 2024 for Teaching Professionprashanth updated resume 2024 for Teaching Profession
prashanth updated resume 2024 for Teaching Profession
 
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing  Postmodern Elements in  Literature.pptxUnraveling Hypertext_ Analyzing  Postmodern Elements in  Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
 
Paradigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTAParadigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTA
 
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxGrade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
CHEST Proprioceptive neuromuscular facilitation.pptx
CHEST Proprioceptive neuromuscular facilitation.pptxCHEST Proprioceptive neuromuscular facilitation.pptx
CHEST Proprioceptive neuromuscular facilitation.pptx
 
ARTERIAL BLOOD GAS ANALYSIS........pptx
ARTERIAL BLOOD  GAS ANALYSIS........pptxARTERIAL BLOOD  GAS ANALYSIS........pptx
ARTERIAL BLOOD GAS ANALYSIS........pptx
 
How to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseHow to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 Database
 
Mythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWMythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITW
 
Narcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdfNarcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdf
 
4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptx4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptx
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx
 
Faculty Profile prashantha K EEE dept Sri Sairam college of Engineering
Faculty Profile prashantha K EEE dept Sri Sairam college of EngineeringFaculty Profile prashantha K EEE dept Sri Sairam college of Engineering
Faculty Profile prashantha K EEE dept Sri Sairam college of Engineering
 
Mattingly "AI & Prompt Design: Large Language Models"
Mattingly "AI & Prompt Design: Large Language Models"Mattingly "AI & Prompt Design: Large Language Models"
Mattingly "AI & Prompt Design: Large Language Models"
 
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
 

Building a Culture of Digital Self Defense

  • 1. Building a Culture of Digital Self Defense Ben Woelk, CISSP, CPTC Program Manager Rochester Institute of Technology 4 October 2018
  • 2. Why Build a Culture of Digital Self Defense? OR
  • 3. Who Am I? • Member, EDUCAUSE HEISC Awareness and Training Working Group • Vice President, Society for Technical Communication, Associate Fellow (2018) • Adjunct professor teaching Intro to Computing Security and technical communication classes at the Rochester Institute of Technology • Practice areas in security awareness, policies and procedures, introverted leadership development, mentoring © Ben Woelk 2018
  • 4. Key Points • The Problem • Changing the Culture • Awareness Plan Basics • Measuring Your Success © Ben Woelk 2018
  • 5. THE PROBLEM © Ben Woelk 2018
  • 6. Security Awareness isn’t Working – Why not? – “The fact is that people know the answer to awareness questions but they do not act accordingly to their real life (ISF, 2014, NIST, 2003).” (Bada and Sasse, 2014) © Ben Woelk 2018
  • 7. Why Not? 1. Not understanding what security awareness really is 2. Reliance on checking the box 3. Failing to acknowledge that awareness is a unique discipline 4. Lack of engaging and appropriate materials 5. Not collecting metrics 6. Unreasonable expectations 7. Relying upon a single training exercise Winkler Ira and Manke Samantha (2013). 7 Reasons for Security Awareness Failure, CSO Magazine, July 10. Retrieved from http://www.csoonline.com/article/2133697/metrics-budgets/7-reasons-for-security-awareness-failure.html © Ben Woelk 2018
  • 8. Wrong Behaviors? • What are we saying our users should do? • Google Research http://googleonlinesecurity.blogspot.com/2015/07/new-research-comparing-how-security.html © Ben Woelk 2018
  • 9. THE SOLUTION © Ben Woelk 2018
  • 10. Culture Change • Culture--the set of shared attitudes, values, goals, and practices that characterizes an institution or organization (Merriam Webster) • What would culture change look like? © Ben Woelk 2018
  • 11. Success Factors 1. Security awareness has to be professionally prepared and organised in order to work. 2. Invoking fear in people is not an effective tactic, since it could scare people who can least afford to take risks. 3. Security education has to be more than providing information to users – it needs to be targeted, actionable, doable and provide feedback. 4. Once people are willing to change, training and continuous feedback is needed to sustain them through the change period. 5. Emphasis is necessary on different cultural contexts and characteristics when creating cyber security-awareness campaigns. Bada, Maria; Sasse, Angela; Nurse, Jason R. C. Cyber Security Awareness Campaigns Why do they fail to change behavior? Conference paper. January 2015. © Ben Woelk 2018
  • 12. Making Good Security Habitual • Contextualization • Repetition and Branding • Reward © Ben Woelk 2018
  • 13. © Ben Woelk 2018
  • 14. An impossible dream? © Ben Woelk 2018
  • 16. Building the Plan • Determine Goal • Identify and Profile Audience • Develop Messages • Select Communication Channels • Choose Activities and Materials • Establish Partnerships • Implement the Plan • Evaluate and Make Mid-Course Corrections © Ben Woelk 2018 Woelk and Schaufler, It Doesn’t Take Magic: It Doesn't Take Magic: Tricks of the Trade to Create an Effective Security Awareness Program
  • 17. Implementing the Plan Topics and Activities (Monthly or Quarterly) – Topics (top three cyber security issues) – Specific audiences and deliverables – Calendar of Deliverables © Ben Woelk 2018
  • 19. Measuring Your Success • What can and should we measure? – Number of incidents? – Engagement? – Specific areas • Phishing • Compliance issues • BYOD or mobile device management • Data loss/leakage prevention McElroy, Lori, and Eric Weakland. “Measuring the Effectiveness of Security Awareness Programs” (Research Bulletin). Louisville, CO: EDUCAUSE Center for Analysis and Research, December 16, 2013 © Ben Woelk 2018
  • 21. Resources • Woelk, Ben. “Building a Culture of Digital Self Defense,” EDUCAUSE Review Security Matters blog, September 20, 2016 • Woelk, Ben. The Successful Security Awareness Professional: Foundational Skills and Continuing Education Strategies. Research bulletin. Louisville, CO: ECAR, August 10, 2016 • _________W.H. Kellogg Foundation, Strategic Communication Plan, https://www.wkkf.org/resource-directory/resource/2006/01/template-for- strategic-communications-plan • Various, EDUCAUSE Security Awareness https://library.educause.edu/topics/cybersecurity/security-awareness • Templates, Presentation, Resources list https://drive.google.com/drive/folders/0B45bhFW7CueDbkVGQ1JXMzdFYXM?usp=s haring © Ben Woelk 2018

Editor's Notes

  1. How do we get there? Strategic communications, not just reactive Tactical implementation