The Path to Security - Preventing User NegligenceSarah Kennedy

Overview

How Students are TaughtHow InfoSec Professionals

TeachWhy Awareness is ImportantGoalsTools to use

How Students are Taught

How InfoSec Professionals Teach

Let someone else handle it….

Why Awareness is Important

Symantec Study states: employee negligence and system glitches account for 64% of data breaches

62% of employees think it’s acceptable to transfer corporate data outside of the company on personal devices and cloud services

Employee negligence breaches are increasing with every study performed

Training Goals

Make it personalTrain for behavior changesCatchy

Marketing style awareness

Reinforcement and Repetition Make it fun!

This is an Ultimate Repeatable Goal!

Adam Grant - Organizational Psychologist

“Wash your hands to protect yourself”

“Wash your hands to protect your patients”

“Practice information security to protect our customers”

“Use information security to protect your family”

Negative vs Positive

“Don’t or you will be reprimanded with consequences up to termination of employment.“

Don’t let someone tailgate behind you to enter the building.

Make sure you to help prevent data breaches.

Do be mindful of people attempting to follow you into the building.

Analogies

Games!

Practicing Preventative Scenarios

Lock Your Computer Tag

Main Goals for InfoSec Professionals

Information Security is everyone’s job requirement, Not just IT’s.

To protect the customers, It’s what we expect when we are the customer.

Remember: It’s Possible!

Questions?