SlideShare a Scribd company logo

Elements of an Information Security Awareness Program

Download as PPT, PDF
Barry Caplin, profile picture
Barry Caplin

The document discusses security awareness and types of risk. It notes that virtual risks are difficult to prove and experts may disagree on them. The document recommends making top 10 lists as a way to raise awareness of security issues at the Department of Homeland Security, including having a mascot, dressing up, executive briefings, computer security days with comics and cards, publishing, continually reinventing messaging, getting others involved, and having fun.

TechnologyBusiness
1 of 21
Downloaded 17 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Security Awareness
The Challenge of Security Awareness Why? Nobody cares about Security… And how do we get their attention and support?
Types of Risk Prof. John Adams, University College London UK risk expert Direct – directly perceived – obvious Scientific – determined via science Virtual Risk – everything else!
Types of Risk Virtual Risk What we are all involved in! Project risk/Operational risk Physical/Data security risk Terrorism/Homeland Security Weather
Virtual Risk Virtual Risk Difficult to “prove” Experts don’t know or do not agree We don’t know what we don’t know
Issues Security viewed as a negative Avoidance v. “risk” Delays Cost Extra work “ Gotchas”
10. Make Top 10 lists! Top 10 The Top 10 things we do for Security Awareness at DHS…
 
10. Make Top 10 lists! Top 10 The Top 10 things we do for Security Awareness at DHS… 9. Have a Mascot
 
10. Make Top 10 lists! Top 10 The Top 10 things we do for Security Awareness at DHS… 9. Have a Mascot 8. Dress Up
 
10. Make Top 10 lists! Top 10 The Top 10 things we do for Security Awareness at DHS… 9. Have a Mascot 8. Dress Up 7. 1-on-1 Executive Briefings
10. Make Top 10 lists! Top 10 The Top 10 things we do for Security Awareness at DHS… 9. Have a Mascot 8. Dress Up 7. 1-on-1 Executive Briefings 6. The Screensaver
Top 10 The Top 10 things we do for Security Awareness at DHS… 5. Computer Security Day – comics and greeting cards
 
Top 10 The Top 10 things we do for Security Awareness at DHS… 5. Computer Security Day 4. Publish or Perish
 
Top 10 The Top 10 things we do for Security Awareness at DHS… 5. Computer Security Day 4. Publish or Perish 3. Continually reinvent
Top 10 The Top 10 things we do for Security Awareness at DHS… 5. Computer Security Day 4. Publish or Perish 3. Continually reinvent 2. Get others to play
Top 10 The Top 10 things we do for Security Awareness at DHS… 5. Computer Security Day 4. Publish or Perish 3. Continually reinvent 2. Get others to play 1. Have Fun!

More Related Content

PPT
Safe choices
Joanne Nicholls
 
PPT
Accident Prevention
Moon Girl
 
PDF
Information Security Awareness Training (En)_Information Security Awareness F...
Shah Nawaj Ahmad
 
PDF
Raising information security awareness
Terranovatraining
 
PDF
Information Security Awareness Training
Randy Bowman
 
PPT
Employee Security Training[1]@
R_Yanus
 
PPTX
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
PPTX
Information Security Lecture #1 ppt
vasanthimuniasamy
 
Safe choices
Joanne Nicholls
 
Accident Prevention
Moon Girl
 
Information Security Awareness Training (En)_Information Security Awareness F...
Shah Nawaj Ahmad
 
Raising information security awareness
Terranovatraining
 
Information Security Awareness Training
Randy Bowman
 
Employee Security Training[1]@
R_Yanus
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Stephen Cobb
 
Information Security Lecture #1 ppt
vasanthimuniasamy
 

Similar to Elements of an Information Security Awareness Program (20)

PPT
Made to stick: the science of adult learning.
Brian S. McGowan, PhD, FACEhp
 
PPTX
Psychology understanding individuals and teams v4
Ryan Thomas Hewitt★CSM★CSPO★ITIL
 
PDF
Psychological Safety and Remote Work by Matthew Philip
Bosnia Agile
 
PDF
How to Make Sense of Any Mess
Abby Covert
 
PDF
SG Module #188 - Technology and Happiness.pdf
CarolinaMirnawati
 
PDF
Integrated Security, Safety and Surveillance Solution i3S
Edgevalue
 
PPTX
People Committed to Solving our Information Security Language Problem
SecurityStudio
 
PPTX
ISSA-OC and Webster University Cybersecurity Seminar Series Presentation
SecurityStudio
 
PPTX
How To face Crowds
Amnon Carmel
 
PDF
Explaining Persuasion API
ProductTank AMS
 
PPT
Presentation Skills instructions Millie-1-1.ppt
sanja61230
 
PDF
Excel is dead!
David Seymour, CPA CMA, MBA, MSc
 
PPTX
Harrisburg BSides Presentation - 100219
Evan Francen
 
PDF
Helping technologists communicate - pyramid principle and personal impact
Alice Bentinck
 
PPTX
WANTED – People Committed to Solving our Information Security Language Problem
Evan Francen
 
PPT
Ignite your possibilities ppt
Roy Ollis
 
PDF
Making Sense Of Cybersecurity 1 Converted Thomas Kranz
ivanyaderayw
 
PPTX
Watch Out For That Bus! (Personal Disaster Recovery Planning) - BSidesLV 2018
David Minch
 
PDF
Zero Privilege Architectures v1.1_for distribution.pdf
Thijs Ebbers
 
PPTX
Keynote @ ISC2 Cyber Aware Dallas
Evan Francen
 
Made to stick: the science of adult learning.
Brian S. McGowan, PhD, FACEhp
 
Psychology understanding individuals and teams v4
Ryan Thomas Hewitt★CSM★CSPO★ITIL
 
Psychological Safety and Remote Work by Matthew Philip
Bosnia Agile
 
How to Make Sense of Any Mess
Abby Covert
 
SG Module #188 - Technology and Happiness.pdf
CarolinaMirnawati
 
Integrated Security, Safety and Surveillance Solution i3S
Edgevalue
 
People Committed to Solving our Information Security Language Problem
SecurityStudio
 
ISSA-OC and Webster University Cybersecurity Seminar Series Presentation
SecurityStudio
 
How To face Crowds
Amnon Carmel
 
Explaining Persuasion API
ProductTank AMS
 
Presentation Skills instructions Millie-1-1.ppt
sanja61230
 
Excel is dead!
David Seymour, CPA CMA, MBA, MSc
 
Harrisburg BSides Presentation - 100219
Evan Francen
 
Helping technologists communicate - pyramid principle and personal impact
Alice Bentinck
 
WANTED – People Committed to Solving our Information Security Language Problem
Evan Francen
 
Ignite your possibilities ppt
Roy Ollis
 
Making Sense Of Cybersecurity 1 Converted Thomas Kranz
ivanyaderayw
 
Watch Out For That Bus! (Personal Disaster Recovery Planning) - BSidesLV 2018
David Minch
 
Zero Privilege Architectures v1.1_for distribution.pdf
Thijs Ebbers
 
Keynote @ ISC2 Cyber Aware Dallas
Evan Francen
 
Ad

More from Barry Caplin (20)

PPTX
Healing healthcare security
Barry Caplin
 
PPTX
It’s not If but When 20160503
Barry Caplin
 
PPTX
Dreaded Embedded sec360 5-17-16
Barry Caplin
 
PPTX
It’s not if but when 20160503
Barry Caplin
 
PPT
Wearing Your Heart On Your Sleeve - Literally!
Barry Caplin
 
PPTX
CISOs are from Mars, CIOs are from Venus
Barry Caplin
 
PPTX
Online Self Defense - Passwords
Barry Caplin
 
PPT
The CISO Guide – How Do You Spell CISO?
Barry Caplin
 
PPT
Bullying and Cyberbullying
Barry Caplin
 
PPT
3 factors of fail sec360 5-15-13
Barry Caplin
 
PPT
Tech smart preschool parent 2 13
Barry Caplin
 
PPT
Embracing the IT Consumerization Imperative NG Security
Barry Caplin
 
PPT
Online Self Defense
Barry Caplin
 
PPT
Embracing the IT Consumerization Imperitive
Barry Caplin
 
PPT
Embracing the IT Consumerization Imperitive
Barry Caplin
 
PPTX
Stuff my ciso says
Barry Caplin
 
PPTX
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
Barry Caplin
 
PPT
Toys in the office 11
Barry Caplin
 
PPT
Accidental Insider
Barry Caplin
 
PPT
Teens 2.0 - Teens and Social Networks
Barry Caplin
 
Healing healthcare security
Barry Caplin
 
It’s not If but When 20160503
Barry Caplin
 
Dreaded Embedded sec360 5-17-16
Barry Caplin
 
It’s not if but when 20160503
Barry Caplin
 
Wearing Your Heart On Your Sleeve - Literally!
Barry Caplin
 
CISOs are from Mars, CIOs are from Venus
Barry Caplin
 
Online Self Defense - Passwords
Barry Caplin
 
The CISO Guide – How Do You Spell CISO?
Barry Caplin
 
Bullying and Cyberbullying
Barry Caplin
 
3 factors of fail sec360 5-15-13
Barry Caplin
 
Tech smart preschool parent 2 13
Barry Caplin
 
Embracing the IT Consumerization Imperative NG Security
Barry Caplin
 
Online Self Defense
Barry Caplin
 
Embracing the IT Consumerization Imperitive
Barry Caplin
 
Embracing the IT Consumerization Imperitive
Barry Caplin
 
Stuff my ciso says
Barry Caplin
 
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
Barry Caplin
 
Toys in the office 11
Barry Caplin
 
Accidental Insider
Barry Caplin
 
Teens 2.0 - Teens and Social Networks
Barry Caplin
 
Ad

Recently uploaded (20)

PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 

Elements of an Information Security Awareness Program

  • 2. The Challenge of Security Awareness Why? Nobody cares about Security… And how do we get their attention and support?
  • 3. Types of Risk Prof. John Adams, University College London UK risk expert Direct – directly perceived – obvious Scientific – determined via science Virtual Risk – everything else!
  • 4. Types of Risk Virtual Risk What we are all involved in! Project risk/Operational risk Physical/Data security risk Terrorism/Homeland Security Weather
  • 5. Virtual Risk Virtual Risk Difficult to “prove” Experts don’t know or do not agree We don’t know what we don’t know
  • 6. Issues Security viewed as a negative Avoidance v. “risk” Delays Cost Extra work “ Gotchas”
  • 7. 10. Make Top 10 lists! Top 10 The Top 10 things we do for Security Awareness at DHS…
  • 8.  
  • 9. 10. Make Top 10 lists! Top 10 The Top 10 things we do for Security Awareness at DHS… 9. Have a Mascot
  • 10.  
  • 11. 10. Make Top 10 lists! Top 10 The Top 10 things we do for Security Awareness at DHS… 9. Have a Mascot 8. Dress Up
  • 12.  
  • 13. 10. Make Top 10 lists! Top 10 The Top 10 things we do for Security Awareness at DHS… 9. Have a Mascot 8. Dress Up 7. 1-on-1 Executive Briefings
  • 14. 10. Make Top 10 lists! Top 10 The Top 10 things we do for Security Awareness at DHS… 9. Have a Mascot 8. Dress Up 7. 1-on-1 Executive Briefings 6. The Screensaver
  • 15. Top 10 The Top 10 things we do for Security Awareness at DHS… 5. Computer Security Day – comics and greeting cards
  • 16.  
  • 17. Top 10 The Top 10 things we do for Security Awareness at DHS… 5. Computer Security Day 4. Publish or Perish
  • 18.  
  • 19. Top 10 The Top 10 things we do for Security Awareness at DHS… 5. Computer Security Day 4. Publish or Perish 3. Continually reinvent
  • 20. Top 10 The Top 10 things we do for Security Awareness at DHS… 5. Computer Security Day 4. Publish or Perish 3. Continually reinvent 2. Get others to play
  • 21. Top 10 The Top 10 things we do for Security Awareness at DHS… 5. Computer Security Day 4. Publish or Perish 3. Continually reinvent 2. Get others to play 1. Have Fun!