Post on 15-Jan-2015
description
Security Awareness
The Challenge of Security Awareness
Why?
Nobody cares about Security…
And how do we get their attention and support?
Types of Risk
Prof. John Adams, University College LondonUK risk expert
• Direct – directly perceived – obvious• Scientific – determined via science• Virtual Risk – everything else!
Types of Risk
Virtual Risk• What we are all involved in!• Project risk/Operational risk• Physical/Data security risk• Terrorism/Homeland Security• Weather
Virtual Risk
Virtual Risk• Difficult to “prove”• Experts don’t know or do not agree• We don’t know what we don’t know
Issues
• Security viewed as a negative• Avoidance v. “risk”
– Delays– Cost– Extra work– “Gotchas”
10. Make Top 10 lists!
Top 10
The Top 10 things we do for Security Awareness at DHS…
10. Make Top 10 lists!
Top 10
The Top 10 things we do for Security Awareness at DHS…
9. Have a Mascot
10. Make Top 10 lists!
Top 10
The Top 10 things we do for Security Awareness at DHS…
9. Have a Mascot8. Dress Up
10. Make Top 10 lists!
Top 10
The Top 10 things we do for Security Awareness at DHS…
9. Have a Mascot8. Dress Up7. 1-on-1 Executive Briefings
10. Make Top 10 lists!
Top 10
The Top 10 things we do for Security Awareness at DHS…
9. Have a Mascot8. Dress Up7. 1-on-1 Executive Briefings6. The Screensaver
Top 10
The Top 10 things we do for Security Awareness at DHS…
5. Computer Security Day – comics and greeting cards
Top 10
The Top 10 things we do for Security Awareness at DHS…
5. Computer Security Day4. Publish or Perish
Top 10
The Top 10 things we do for Security Awareness at DHS…
5. Computer Security Day4. Publish or Perish3. Continually reinvent
Top 10
The Top 10 things we do for Security Awareness at DHS…
5. Computer Security Day4. Publish or Perish3. Continually reinvent2. Get others to play
Top 10
The Top 10 things we do for Security Awareness at DHS…
5. Computer Security Day4. Publish or Perish3. Continually reinvent2. Get others to play1. Have Fun!