SlideShare a Scribd company logo

Building a Culture of Digital Self Defense

Download as PPTX, PDF
Ben Woelk, CISSP, CPTC
Ben Woelk, CISSP, CPTC

NYSERNET Conference presentation on building a cyber security culture in higher education: thinking strategically, building a communications plan, best practices in security awareness.

1 of 22
Building a Culture of Digital Self Defense Ben Woelk, CISSP, CPTC Program Manager Rochester Institute of Technology 4 October 2018
Why Build a Culture of Digital Self Defense? OR
Who Am I? • Member, EDUCAUSE HEISC Awareness and Training Working Group • Vice President, Society for Technical Communication, Associate Fellow (2018) • Adjunct professor teaching Intro to Computing Security and technical communication classes at the Rochester Institute of Technology • Practice areas in security awareness, policies and procedures, introverted leadership development, mentoring © Ben Woelk 2018
Key Points • The Problem • Changing the Culture • Awareness Plan Basics • Measuring Your Success © Ben Woelk 2018
THE PROBLEM © Ben Woelk 2018
Security Awareness isn’t Working – Why not? – “The fact is that people know the answer to awareness questions but they do not act accordingly to their real life (ISF, 2014, NIST, 2003).” (Bada and Sasse, 2014) © Ben Woelk 2018
Why Not? 1. Not understanding what security awareness really is 2. Reliance on checking the box 3. Failing to acknowledge that awareness is a unique discipline 4. Lack of engaging and appropriate materials 5. Not collecting metrics 6. Unreasonable expectations 7. Relying upon a single training exercise Winkler Ira and Manke Samantha (2013). 7 Reasons for Security Awareness Failure, CSO Magazine, July 10. Retrieved from http://www.csoonline.com/article/2133697/metrics-budgets/7-reasons-for-security-awareness-failure.html © Ben Woelk 2018
Wrong Behaviors? • What are we saying our users should do? • Google Research http://googleonlinesecurity.blogspot.com/2015/07/new-research-comparing-how-security.html © Ben Woelk 2018
THE SOLUTION © Ben Woelk 2018
Culture Change • Culture--the set of shared attitudes, values, goals, and practices that characterizes an institution or organization (Merriam Webster) • What would culture change look like? © Ben Woelk 2018
Success Factors 1. Security awareness has to be professionally prepared and organised in order to work. 2. Invoking fear in people is not an effective tactic, since it could scare people who can least afford to take risks. 3. Security education has to be more than providing information to users – it needs to be targeted, actionable, doable and provide feedback. 4. Once people are willing to change, training and continuous feedback is needed to sustain them through the change period. 5. Emphasis is necessary on different cultural contexts and characteristics when creating cyber security-awareness campaigns. Bada, Maria; Sasse, Angela; Nurse, Jason R. C. Cyber Security Awareness Campaigns Why do they fail to change behavior? Conference paper. January 2015. © Ben Woelk 2018
Making Good Security Habitual • Contextualization • Repetition and Branding • Reward © Ben Woelk 2018
© Ben Woelk 2018
An impossible dream? © Ben Woelk 2018
AWARENESS PLANS © Ben Woelk 2018
Building the Plan • Determine Goal • Identify and Profile Audience • Develop Messages • Select Communication Channels • Choose Activities and Materials • Establish Partnerships • Implement the Plan • Evaluate and Make Mid-Course Corrections © Ben Woelk 2018 Woelk and Schaufler, It Doesn’t Take Magic: It Doesn't Take Magic: Tricks of the Trade to Create an Effective Security Awareness Program
Implementing the Plan Topics and Activities (Monthly or Quarterly) – Topics (top three cyber security issues) – Specific audiences and deliverables – Calendar of Deliverables © Ben Woelk 2018
METRICS © Ben Woelk 2018
Measuring Your Success • What can and should we measure? – Number of incidents? – Engagement? – Specific areas • Phishing • Compliance issues • BYOD or mobile device management • Data loss/leakage prevention McElroy, Lori, and Eric Weakland. “Measuring the Effectiveness of Security Awareness Programs” (Research Bulletin). Louisville, CO: EDUCAUSE Center for Analysis and Research, December 16, 2013 © Ben Woelk 2018
Discuss Ben Woelk Ben.woelk@rit.edu ben@benwoelk.com 20
Resources • Woelk, Ben. “Building a Culture of Digital Self Defense,” EDUCAUSE Review Security Matters blog, September 20, 2016 • Woelk, Ben. The Successful Security Awareness Professional: Foundational Skills and Continuing Education Strategies. Research bulletin. Louisville, CO: ECAR, August 10, 2016 • _________W.H. Kellogg Foundation, Strategic Communication Plan, https://www.wkkf.org/resource-directory/resource/2006/01/template-for- strategic-communications-plan • Various, EDUCAUSE Security Awareness https://library.educause.edu/topics/cybersecurity/security-awareness • Templates, Presentation, Resources list https://drive.google.com/drive/folders/0B45bhFW7CueDbkVGQ1JXMzdFYXM?usp=s haring © Ben Woelk 2018
Thank You

Recommended

Data and AI in education
Data and AI in educationData and AI in education
Data and AI in education
Jisc
 
Supporting staff to teach effectively online
Supporting staff to teach effectively onlineSupporting staff to teach effectively online
Supporting staff to teach effectively online
Jisc
 
Jisc toolkit: supporting the digital experience of new students
Jisc toolkit: supporting the digital experience of new studentsJisc toolkit: supporting the digital experience of new students
Jisc toolkit: supporting the digital experience of new students
Jisc
 
Km general-apr2011-smcmenemy
Km general-apr2011-smcmenemyKm general-apr2011-smcmenemy
Km general-apr2011-smcmenemy
Sherry McMenemy
 
Foodpro "Future of Audits" July 2017
Foodpro "Future of Audits" July 2017Foodpro "Future of Audits" July 2017
Foodpro "Future of Audits" July 2017
iComplied
 
Future of food safety audits
Future of food safety audits Future of food safety audits
Future of food safety audits
Kiran Bhagat
 
Dl jisc connect wales 2015
Dl jisc connect wales 2015Dl jisc connect wales 2015
Dl jisc connect wales 2015Jisc
 
Online Assessment
Online AssessmentOnline Assessment
Online Assessment
EADTU
 

Recommended

Data and AI in education
Data and AI in educationData and AI in education
Data and AI in education
Jisc
 
Supporting staff to teach effectively online
Supporting staff to teach effectively onlineSupporting staff to teach effectively online
Supporting staff to teach effectively online
Jisc
 
Jisc toolkit: supporting the digital experience of new students
Jisc toolkit: supporting the digital experience of new studentsJisc toolkit: supporting the digital experience of new students
Jisc toolkit: supporting the digital experience of new students
Jisc
 
Km general-apr2011-smcmenemy
Km general-apr2011-smcmenemyKm general-apr2011-smcmenemy
Km general-apr2011-smcmenemy
Sherry McMenemy
 
Foodpro "Future of Audits" July 2017
Foodpro "Future of Audits" July 2017Foodpro "Future of Audits" July 2017
Foodpro "Future of Audits" July 2017
iComplied
 
Future of food safety audits
Future of food safety audits Future of food safety audits
Future of food safety audits
Kiran Bhagat
 
Dl jisc connect wales 2015
Dl jisc connect wales 2015Dl jisc connect wales 2015
Dl jisc connect wales 2015Jisc
 
Online Assessment
Online AssessmentOnline Assessment
Online Assessment
EADTU
 
Analytics in Action - Introduction
Analytics in Action - IntroductionAnalytics in Action - Introduction
Analytics in Action - Introduction
Lee Schlenker
 
Delphi2 results (Cycle 2) and towards Delphi3
Delphi2 results (Cycle 2) and towards Delphi3Delphi2 results (Cycle 2) and towards Delphi3
Delphi2 results (Cycle 2) and towards Delphi3
Grial - University of Salamanca
 
GP Safety Culture in NB - finished
GP Safety Culture in NB - finishedGP Safety Culture in NB - finished
GP Safety Culture in NB - finishedLarry Harlow
 
Successful Social Media for Mortgage Lenders: Engage With Your Audience While...
Successful Social Media for Mortgage Lenders: Engage With Your Audience While...Successful Social Media for Mortgage Lenders: Engage With Your Audience While...
Successful Social Media for Mortgage Lenders: Engage With Your Audience While...
Smarsh
 
Security Awareness Training for Community Colleges 2009
Security Awareness Training for Community Colleges 2009Security Awareness Training for Community Colleges 2009
Security Awareness Training for Community Colleges 2009
Donald E. Hester
 
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
Health IT Conference – iHT2
 
AI, Productivity, Innovation, and Sustainability
AI, Productivity, Innovation, and SustainabilityAI, Productivity, Innovation, and Sustainability
AI, Productivity, Innovation, and Sustainability
Robin Teigland
 
Getting started with your 2020/21 digital experience insights surveys
Getting started with your 2020/21 digital experience insights surveysGetting started with your 2020/21 digital experience insights surveys
Getting started with your 2020/21 digital experience insights surveys
Jisc
 
Jisc e-safety
Jisc e-safety Jisc e-safety
Jisc e-safety
Jisc RSC East Midlands
 
Introduction
IntroductionIntroduction
Introduction
Lee Schlenker
 
Our Digital Futures
Our Digital FuturesOur Digital Futures
Our Digital Futures
Lisa Harris
 
Fetc 2022 Cybersecurity Panel
Fetc 2022 Cybersecurity PanelFetc 2022 Cybersecurity Panel
Fetc 2022 Cybersecurity Panel
Julie Evans
 
Spotlight Webinar: Evidence Informed Decision Making (EIDM) Competence Measure
Spotlight Webinar: Evidence Informed Decision Making (EIDM) Competence MeasureSpotlight Webinar: Evidence Informed Decision Making (EIDM) Competence Measure
Spotlight Webinar: Evidence Informed Decision Making (EIDM) Competence Measure
The National Collaborating Centre for Methods and Tools
 
Technologies and Innovation - Introduction
Technologies and Innovation - IntroductionTechnologies and Innovation - Introduction
Technologies and Innovation - Introduction
Lee Schlenker
 
Your skills your future
Your skills your futureYour skills your future
Your skills your futureNina Obraztsova
 
Keeping learners safe online presentation
Keeping learners safe online presentationKeeping learners safe online presentation
Keeping learners safe online presentation
Jisc
 
Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)
Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)
Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)
Keri Ramirez
 
Trucano saber-ict - hdne drecording - 20-dec2011
Trucano saber-ict - hdne drecording - 20-dec2011Trucano saber-ict - hdne drecording - 20-dec2011
Trucano saber-ict - hdne drecording - 20-dec2011Valeria Kelly
 
Building a Knowledge-Centric Organization
Building a Knowledge-Centric OrganizationBuilding a Knowledge-Centric Organization
Building a Knowledge-Centric Organization
Olivier Serrat
 
Product Management
Product ManagementProduct Management
Product Management
Cindy Royal
 
Exploring Career Paths in Cybersecurity for Technical Communicators
Exploring Career Paths in Cybersecurity for Technical CommunicatorsExploring Career Paths in Cybersecurity for Technical Communicators
Exploring Career Paths in Cybersecurity for Technical Communicators
Ben Woelk, CISSP, CPTC
 
Creating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual WorkforceCreating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual Workforce
Ben Woelk, CISSP, CPTC
 

More Related Content

Similar to Building a Culture of Digital Self Defense

Analytics in Action - Introduction
Analytics in Action - IntroductionAnalytics in Action - Introduction
Analytics in Action - Introduction
Lee Schlenker
 
Delphi2 results (Cycle 2) and towards Delphi3
Delphi2 results (Cycle 2) and towards Delphi3Delphi2 results (Cycle 2) and towards Delphi3
Delphi2 results (Cycle 2) and towards Delphi3
Grial - University of Salamanca
 
GP Safety Culture in NB - finished
GP Safety Culture in NB - finishedGP Safety Culture in NB - finished
GP Safety Culture in NB - finishedLarry Harlow
 
Successful Social Media for Mortgage Lenders: Engage With Your Audience While...
Successful Social Media for Mortgage Lenders: Engage With Your Audience While...Successful Social Media for Mortgage Lenders: Engage With Your Audience While...
Successful Social Media for Mortgage Lenders: Engage With Your Audience While...
Smarsh
 
Security Awareness Training for Community Colleges 2009
Security Awareness Training for Community Colleges 2009Security Awareness Training for Community Colleges 2009
Security Awareness Training for Community Colleges 2009
Donald E. Hester
 
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
Health IT Conference – iHT2
 
AI, Productivity, Innovation, and Sustainability
AI, Productivity, Innovation, and SustainabilityAI, Productivity, Innovation, and Sustainability
AI, Productivity, Innovation, and Sustainability
Robin Teigland
 
Getting started with your 2020/21 digital experience insights surveys
Getting started with your 2020/21 digital experience insights surveysGetting started with your 2020/21 digital experience insights surveys
Getting started with your 2020/21 digital experience insights surveys
Jisc
 
Jisc e-safety
Jisc e-safety Jisc e-safety
Jisc e-safety
Jisc RSC East Midlands
 
Introduction
IntroductionIntroduction
Introduction
Lee Schlenker
 
Our Digital Futures
Our Digital FuturesOur Digital Futures
Our Digital Futures
Lisa Harris
 
Fetc 2022 Cybersecurity Panel
Fetc 2022 Cybersecurity PanelFetc 2022 Cybersecurity Panel
Fetc 2022 Cybersecurity Panel
Julie Evans
 
Spotlight Webinar: Evidence Informed Decision Making (EIDM) Competence Measure
Spotlight Webinar: Evidence Informed Decision Making (EIDM) Competence MeasureSpotlight Webinar: Evidence Informed Decision Making (EIDM) Competence Measure
Spotlight Webinar: Evidence Informed Decision Making (EIDM) Competence Measure
The National Collaborating Centre for Methods and Tools
 
Technologies and Innovation - Introduction
Technologies and Innovation - IntroductionTechnologies and Innovation - Introduction
Technologies and Innovation - Introduction
Lee Schlenker
 
Keeping learners safe online presentation
Keeping learners safe online presentationKeeping learners safe online presentation
Keeping learners safe online presentation
Jisc
 
Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)
Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)
Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)
Keri Ramirez
 
Trucano saber-ict - hdne drecording - 20-dec2011
Trucano saber-ict - hdne drecording - 20-dec2011Trucano saber-ict - hdne drecording - 20-dec2011
Trucano saber-ict - hdne drecording - 20-dec2011Valeria Kelly
 
Building a Knowledge-Centric Organization
Building a Knowledge-Centric OrganizationBuilding a Knowledge-Centric Organization
Building a Knowledge-Centric Organization
Olivier Serrat
 
Product Management
Product ManagementProduct Management
Product Management
Cindy Royal
 

Similar to Building a Culture of Digital Self Defense (20)

Analytics in Action - Introduction
Analytics in Action - IntroductionAnalytics in Action - Introduction
Analytics in Action - Introduction
 
Delphi2 results (Cycle 2) and towards Delphi3
Delphi2 results (Cycle 2) and towards Delphi3Delphi2 results (Cycle 2) and towards Delphi3
Delphi2 results (Cycle 2) and towards Delphi3
 
GP Safety Culture in NB - finished
GP Safety Culture in NB - finishedGP Safety Culture in NB - finished
GP Safety Culture in NB - finished
 
Successful Social Media for Mortgage Lenders: Engage With Your Audience While...
Successful Social Media for Mortgage Lenders: Engage With Your Audience While...Successful Social Media for Mortgage Lenders: Engage With Your Audience While...
Successful Social Media for Mortgage Lenders: Engage With Your Audience While...
 
Security Awareness Training for Community Colleges 2009
Security Awareness Training for Community Colleges 2009Security Awareness Training for Community Colleges 2009
Security Awareness Training for Community Colleges 2009
 
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
CHIME LEAD San Francisco 2015 - "Creating an Effective Cyber Security Strateg...
 
AI, Productivity, Innovation, and Sustainability
AI, Productivity, Innovation, and SustainabilityAI, Productivity, Innovation, and Sustainability
AI, Productivity, Innovation, and Sustainability
 
Getting started with your 2020/21 digital experience insights surveys
Getting started with your 2020/21 digital experience insights surveysGetting started with your 2020/21 digital experience insights surveys
Getting started with your 2020/21 digital experience insights surveys
 
Jisc e-safety
Jisc e-safety Jisc e-safety
Jisc e-safety
 
Introduction
IntroductionIntroduction
Introduction
 
Our Digital Futures
Our Digital FuturesOur Digital Futures
Our Digital Futures
 
Fetc 2022 Cybersecurity Panel
Fetc 2022 Cybersecurity PanelFetc 2022 Cybersecurity Panel
Fetc 2022 Cybersecurity Panel
 
Spotlight Webinar: Evidence Informed Decision Making (EIDM) Competence Measure
Spotlight Webinar: Evidence Informed Decision Making (EIDM) Competence MeasureSpotlight Webinar: Evidence Informed Decision Making (EIDM) Competence Measure
Spotlight Webinar: Evidence Informed Decision Making (EIDM) Competence Measure
 
Technologies and Innovation - Introduction
Technologies and Innovation - IntroductionTechnologies and Innovation - Introduction
Technologies and Innovation - Introduction
 
Your skills your future
Your skills your futureYour skills your future
Your skills your future
 
Keeping learners safe online presentation
Keeping learners safe online presentationKeeping learners safe online presentation
Keeping learners safe online presentation
 
Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)
Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)
Using Comparative Data to Enhance Learning Abroad Strategies (NAFSA 2018)
 
Trucano saber-ict - hdne drecording - 20-dec2011
Trucano saber-ict - hdne drecording - 20-dec2011Trucano saber-ict - hdne drecording - 20-dec2011
Trucano saber-ict - hdne drecording - 20-dec2011
 
Building a Knowledge-Centric Organization
Building a Knowledge-Centric OrganizationBuilding a Knowledge-Centric Organization
Building a Knowledge-Centric Organization
 
Product Management
Product ManagementProduct Management
Product Management
 

More from Ben Woelk, CISSP, CPTC

Exploring Career Paths in Cybersecurity for Technical Communicators
Exploring Career Paths in Cybersecurity for Technical CommunicatorsExploring Career Paths in Cybersecurity for Technical Communicators
Exploring Career Paths in Cybersecurity for Technical Communicators
Ben Woelk, CISSP, CPTC
 
Creating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual WorkforceCreating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual Workforce
Ben Woelk, CISSP, CPTC
 
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptxCreating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Ben Woelk, CISSP, CPTC
 
Saying "Yes, and...?" to Leadership Opportunities
Saying "Yes, and...?" to Leadership OpportunitiesSaying "Yes, and...?" to Leadership Opportunities
Saying "Yes, and...?" to Leadership Opportunities
Ben Woelk, CISSP, CPTC
 
Perspectives on Mentoring: Selected Stories
Perspectives on Mentoring: Selected StoriesPerspectives on Mentoring: Selected Stories
Perspectives on Mentoring: Selected Stories
Ben Woelk, CISSP, CPTC
 
We're All Winners--Gamification and Security Awareness
We're All Winners--Gamification and Security AwarenessWe're All Winners--Gamification and Security Awareness
We're All Winners--Gamification and Security Awareness
Ben Woelk, CISSP, CPTC
 
The Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for SuccessThe Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for Success
Ben Woelk, CISSP, CPTC
 
Harnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted LeadershipHarnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted Leadership
Ben Woelk, CISSP, CPTC
 
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
Ben Woelk, CISSP, CPTC
 
Digital self defense 101 me rit
Digital self defense 101 me ritDigital self defense 101 me rit
Digital self defense 101 me rit
Ben Woelk, CISSP, CPTC
 
Follow the yellow brick road: A Leadership Journey to the Emerald City
Follow the yellow brick road: A Leadership Journey to the Emerald CityFollow the yellow brick road: A Leadership Journey to the Emerald City
Follow the yellow brick road: A Leadership Journey to the Emerald City
Ben Woelk, CISSP, CPTC
 
Collaborating securely: Protecting Your Community and Yourself
Collaborating securely: Protecting Your Community and YourselfCollaborating securely: Protecting Your Community and Yourself
Collaborating securely: Protecting Your Community and Yourself
Ben Woelk, CISSP, CPTC
 
An Introvert's Journey to Leadership
An Introvert's Journey to LeadershipAn Introvert's Journey to Leadership
An Introvert's Journey to Leadership
Ben Woelk, CISSP, CPTC
 
Digital self defense iia isaca it audit seminar
Digital self defense iia isaca it audit seminarDigital self defense iia isaca it audit seminar
Digital self defense iia isaca it audit seminar
Ben Woelk, CISSP, CPTC
 
Digital Self Defense at RIT
Digital Self Defense at RITDigital Self Defense at RIT
Digital Self Defense at RIT
Ben Woelk, CISSP, CPTC
 
Cyber Safety for Middle School Students and Parents
Cyber Safety for Middle School Students and ParentsCyber Safety for Middle School Students and Parents
Cyber Safety for Middle School Students and Parents
Ben Woelk, CISSP, CPTC
 
Staying Safe Online for HR Professionals
Staying Safe Online for HR ProfessionalsStaying Safe Online for HR Professionals
Staying Safe Online for HR Professionals
Ben Woelk, CISSP, CPTC
 
Succession Planning and Volunteering
Succession Planning and VolunteeringSuccession Planning and Volunteering
Succession Planning and Volunteering
Ben Woelk, CISSP, CPTC
 
Digital Self Defense
Digital Self DefenseDigital Self Defense
Digital Self Defense
Ben Woelk, CISSP, CPTC
 
Shockproofing your Use of Social Media: 2014
Shockproofing your Use of Social Media: 2014Shockproofing your Use of Social Media: 2014
Shockproofing your Use of Social Media: 2014
Ben Woelk, CISSP, CPTC
 

More from Ben Woelk, CISSP, CPTC (20)

Exploring Career Paths in Cybersecurity for Technical Communicators
Exploring Career Paths in Cybersecurity for Technical CommunicatorsExploring Career Paths in Cybersecurity for Technical Communicators
Exploring Career Paths in Cybersecurity for Technical Communicators
 
Creating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual WorkforceCreating a Sense of Belonging--Engaging the Virtual Workforce
Creating a Sense of Belonging--Engaging the Virtual Workforce
 
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptxCreating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
Creating a Sense of Belonging--Engaging the Virtual Workforce Summit.pptx
 
Saying "Yes, and...?" to Leadership Opportunities
Saying "Yes, and...?" to Leadership OpportunitiesSaying "Yes, and...?" to Leadership Opportunities
Saying "Yes, and...?" to Leadership Opportunities
 
Perspectives on Mentoring: Selected Stories
Perspectives on Mentoring: Selected StoriesPerspectives on Mentoring: Selected Stories
Perspectives on Mentoring: Selected Stories
 
We're All Winners--Gamification and Security Awareness
We're All Winners--Gamification and Security AwarenessWe're All Winners--Gamification and Security Awareness
We're All Winners--Gamification and Security Awareness
 
The Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for SuccessThe Introvert in the Workplace--Strategies for Success
The Introvert in the Workplace--Strategies for Success
 
Harnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted LeadershipHarnessing Your Innate Strengths--Introverted Leadership
Harnessing Your Innate Strengths--Introverted Leadership
 
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
The Introvert in the Workplace: Becoming an Influencer and Leader #STC18
 
Digital self defense 101 me rit
Digital self defense 101 me ritDigital self defense 101 me rit
Digital self defense 101 me rit
 
Follow the yellow brick road: A Leadership Journey to the Emerald City
Follow the yellow brick road: A Leadership Journey to the Emerald CityFollow the yellow brick road: A Leadership Journey to the Emerald City
Follow the yellow brick road: A Leadership Journey to the Emerald City
 
Collaborating securely: Protecting Your Community and Yourself
Collaborating securely: Protecting Your Community and YourselfCollaborating securely: Protecting Your Community and Yourself
Collaborating securely: Protecting Your Community and Yourself
 
An Introvert's Journey to Leadership
An Introvert's Journey to LeadershipAn Introvert's Journey to Leadership
An Introvert's Journey to Leadership
 
Digital self defense iia isaca it audit seminar
Digital self defense iia isaca it audit seminarDigital self defense iia isaca it audit seminar
Digital self defense iia isaca it audit seminar
 
Digital Self Defense at RIT
Digital Self Defense at RITDigital Self Defense at RIT
Digital Self Defense at RIT
 
Cyber Safety for Middle School Students and Parents
Cyber Safety for Middle School Students and ParentsCyber Safety for Middle School Students and Parents
Cyber Safety for Middle School Students and Parents
 
Staying Safe Online for HR Professionals
Staying Safe Online for HR ProfessionalsStaying Safe Online for HR Professionals
Staying Safe Online for HR Professionals
 
Succession Planning and Volunteering
Succession Planning and VolunteeringSuccession Planning and Volunteering
Succession Planning and Volunteering
 
Digital Self Defense
Digital Self DefenseDigital Self Defense
Digital Self Defense
 
Shockproofing your Use of Social Media: 2014
Shockproofing your Use of Social Media: 2014Shockproofing your Use of Social Media: 2014
Shockproofing your Use of Social Media: 2014
 

Recently uploaded

1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
JosvitaDsouza2
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
678020731-Sumas-y-Restas-Para-Colorear.pdf
678020731-Sumas-y-Restas-Para-Colorear.pdf678020731-Sumas-y-Restas-Para-Colorear.pdf
678020731-Sumas-y-Restas-Para-Colorear.pdf
CarlosHernanMontoyab2
 
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th SemesterGuidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Atul Kumar Singh
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Thiyagu K
 
The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
DhatriParmar
 
Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
beazzy04
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
Peter Windle
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
SACHIN R KONDAGURI
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
Vikramjit Singh
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
Jisc
 
The Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdfThe Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdf
kaushalkr1407
 
Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
EduSkills OECD
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
Thiyagu K
 
Honest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptxHonest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptx
timhan337
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
vaibhavrinwa19
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
Peter Windle
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
EugeneSaldivar
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
Vivekanand Anglo Vedic Academy
 

Recently uploaded (20)

1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
678020731-Sumas-y-Restas-Para-Colorear.pdf
678020731-Sumas-y-Restas-Para-Colorear.pdf678020731-Sumas-y-Restas-Para-Colorear.pdf
678020731-Sumas-y-Restas-Para-Colorear.pdf
 
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th SemesterGuidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th Semester
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
 
The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
 
Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
 
The Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdfThe Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdf
 
Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
 
Honest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptxHonest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptx
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
 

Building a Culture of Digital Self Defense

  • 1. Building a Culture of Digital Self Defense Ben Woelk, CISSP, CPTC Program Manager Rochester Institute of Technology 4 October 2018
  • 2. Why Build a Culture of Digital Self Defense? OR
  • 3. Who Am I? • Member, EDUCAUSE HEISC Awareness and Training Working Group • Vice President, Society for Technical Communication, Associate Fellow (2018) • Adjunct professor teaching Intro to Computing Security and technical communication classes at the Rochester Institute of Technology • Practice areas in security awareness, policies and procedures, introverted leadership development, mentoring © Ben Woelk 2018
  • 4. Key Points • The Problem • Changing the Culture • Awareness Plan Basics • Measuring Your Success © Ben Woelk 2018
  • 5. THE PROBLEM © Ben Woelk 2018
  • 6. Security Awareness isn’t Working – Why not? – “The fact is that people know the answer to awareness questions but they do not act accordingly to their real life (ISF, 2014, NIST, 2003).” (Bada and Sasse, 2014) © Ben Woelk 2018
  • 7. Why Not? 1. Not understanding what security awareness really is 2. Reliance on checking the box 3. Failing to acknowledge that awareness is a unique discipline 4. Lack of engaging and appropriate materials 5. Not collecting metrics 6. Unreasonable expectations 7. Relying upon a single training exercise Winkler Ira and Manke Samantha (2013). 7 Reasons for Security Awareness Failure, CSO Magazine, July 10. Retrieved from http://www.csoonline.com/article/2133697/metrics-budgets/7-reasons-for-security-awareness-failure.html © Ben Woelk 2018
  • 8. Wrong Behaviors? • What are we saying our users should do? • Google Research http://googleonlinesecurity.blogspot.com/2015/07/new-research-comparing-how-security.html © Ben Woelk 2018
  • 9. THE SOLUTION © Ben Woelk 2018
  • 10. Culture Change • Culture--the set of shared attitudes, values, goals, and practices that characterizes an institution or organization (Merriam Webster) • What would culture change look like? © Ben Woelk 2018
  • 11. Success Factors 1. Security awareness has to be professionally prepared and organised in order to work. 2. Invoking fear in people is not an effective tactic, since it could scare people who can least afford to take risks. 3. Security education has to be more than providing information to users – it needs to be targeted, actionable, doable and provide feedback. 4. Once people are willing to change, training and continuous feedback is needed to sustain them through the change period. 5. Emphasis is necessary on different cultural contexts and characteristics when creating cyber security-awareness campaigns. Bada, Maria; Sasse, Angela; Nurse, Jason R. C. Cyber Security Awareness Campaigns Why do they fail to change behavior? Conference paper. January 2015. © Ben Woelk 2018
  • 12. Making Good Security Habitual • Contextualization • Repetition and Branding • Reward © Ben Woelk 2018
  • 13. © Ben Woelk 2018
  • 14. An impossible dream? © Ben Woelk 2018
  • 16. Building the Plan • Determine Goal • Identify and Profile Audience • Develop Messages • Select Communication Channels • Choose Activities and Materials • Establish Partnerships • Implement the Plan • Evaluate and Make Mid-Course Corrections © Ben Woelk 2018 Woelk and Schaufler, It Doesn’t Take Magic: It Doesn't Take Magic: Tricks of the Trade to Create an Effective Security Awareness Program
  • 17. Implementing the Plan Topics and Activities (Monthly or Quarterly) – Topics (top three cyber security issues) – Specific audiences and deliverables – Calendar of Deliverables © Ben Woelk 2018
  • 19. Measuring Your Success • What can and should we measure? – Number of incidents? – Engagement? – Specific areas • Phishing • Compliance issues • BYOD or mobile device management • Data loss/leakage prevention McElroy, Lori, and Eric Weakland. “Measuring the Effectiveness of Security Awareness Programs” (Research Bulletin). Louisville, CO: EDUCAUSE Center for Analysis and Research, December 16, 2013 © Ben Woelk 2018
  • 21. Resources • Woelk, Ben. “Building a Culture of Digital Self Defense,” EDUCAUSE Review Security Matters blog, September 20, 2016 • Woelk, Ben. The Successful Security Awareness Professional: Foundational Skills and Continuing Education Strategies. Research bulletin. Louisville, CO: ECAR, August 10, 2016 • _________W.H. Kellogg Foundation, Strategic Communication Plan, https://www.wkkf.org/resource-directory/resource/2006/01/template-for- strategic-communications-plan • Various, EDUCAUSE Security Awareness https://library.educause.edu/topics/cybersecurity/security-awareness • Templates, Presentation, Resources list https://drive.google.com/drive/folders/0B45bhFW7CueDbkVGQ1JXMzdFYXM?usp=s haring © Ben Woelk 2018

Editor's Notes

  1. How do we get there? Strategic communications, not just reactive Tactical implementation