Transformational security awareness what neuroscientists, storytellers, and marketers can teach us about driving secure behaviors
Expert guidance on the art and science of driving secure behaviors Transformational Security Awareness empowers security leaders with the information and resources they need to assemble and deliver effective world-class security awareness programs that drive secure behaviors and culture change. Whe...
| Otros Autores: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Indianapolis, IN :
Wiley
[2019]
|
| Edición: | 1st edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009630468606719 |
Tabla de Contenidos:
- Cover
- Title Page
- Copyright
- About the Author
- About the Technical Editor
- Credits
- Acknowledgments
- Contents at a Glance
- Contents
- Foreword
- Introduction
- The Security Awareness Connection
- Thinking Forward
- Let the Fun Begin
- Part I The Case for Transformation
- Chapter 1 You Know Why. . .
- Humans Are the Last Line of Defense
- Data Breaches Tell the Story
- Auditors and Regulators Recognize the Need for Security Awareness Training
- Traditional Security Awareness Program Methods Fall Short of Their Goals
- Key Takeaways
- References
- Chapter 2 Choosing a Transformational Approach
- Your "Why" Determines Your "What"
- Down the Rabbit Hole
- Outlining the Key Components and Tools of a Transformational Program
- A Map of What's to Come
- Part 1 in a Nutshell
- Part 2 in a Nutshell
- Part 3 in a Nutshell
- Key Takeaways
- Notes and References
- Part II The Tools of Transformation
- Chapter 3 Marketing and Communications 101 for Security Awareness Leaders
- The Communications Conundrum
- The Marketing Connection
- Defining Marketing
- Embedding Your Messages
- Get the Right Message to the Right Person at the Right Time
- Campaigns: If You Aren't Reinforcing, Your Audience Is Forgetting
- Tracking Results and Measuring Effectiveness
- Know When to Ask for Help
- Key Takeaways
- Notes and References
- Additional Reading
- Chapter 4 Behavior Management 101 for Security Awareness Leaders
- Your Users Aren't Stupid, They're Human
- Thinking, Fast and Slow
- System 1 Thinking
- System 2 Thinking
- Working with Human Nature Rather Than Against
- The Nuts and Bolts of Shaping Behavior
- The Fogg Behavior Model
- The Problem with Motivation
- Nudge Them in the Right Direction
- Frames: Why Context Is Everything
- Designing and Debugging Behavior
- Being Intentional with Target Groups.
- Debugging Behaviors
- Design "Power Prompts" Wherever Possible
- Password Management Example, Continued
- Habits Make Hard Things Easier to Do
- Thinking About Guardrails
- Tracking Results and Measuring Effectiveness
- Key Takeaways
- Notes and References
- Additional Reading
- Chapter 5 Culture Management 101 for Security Awareness Leaders
- Security Culture Is Part of Your Larger OrganizationaI CuIture
- Getting Started
- Understanding Your Culture's Status Quo
- Go Viral: Unleash the Power of Culture Carriers
- Cultures in (Potential) Conflict: Remember Global and Social Dynamics
- Cultural Forces
- Structures
- Pressures
- Rewards
- Rituals
- Tracking Results and Measuring Effectiveness
- Key Takeaways
- Notes and References
- Additional Reading
- Chapter 6 What's in a Modern Security Awareness Leader's Toolbox?
- Content Is King: Videos, Learning Modules, and More
- Big Box Shopping: A Content Analogy
- Types of Content
- Experiences: Events, Meetings, and Simulations
- Meetings, Presentations, and Lunch-and-Learns
- Tabletop Exercises
- Rituals
- Webinars
- Games
- Simulated Phishing and Social Engineering
- Other Simulations and Embodied Learning
- Interactions with Other Technologies
- Relationships: Bringing Context to Content and Experiences
- Be Intentional and Opportunistic, Always
- Stories and Analogies
- Tapping into Cultural Trends
- Opportunistic Campaigns Based on New Organizational Initiatives and Current Events
- The Critical "At Home" Connection
- Use Your Metrics and Anecdotes to Help Tell and Reinforce Your Story
- Key Takeaways
- Notes and References
- Chapter 7 Voices of Transformation: Interviews with Security Awareness Vendors
- Anna Collard, Popcorn Training
- Chris Hadnagy, Social Engineer
- Drew Rose, Living Security.
- Gary Berman, The CyberHero Adventures: Defenders of the Digital Universe
- Jason Hoenich, Habitu8
- Jim Shields, Twist and Shout
- Kai Roar, CLTRe
- Lisa Plaggemier, InfoSec Institute
- Masha Sedova, Elevate Security
- Stu Sjouwerman, KnowBe4
- Tom Pendergast, MediaPRO
- Winn Schwartau, The Security Awareness Company (SAC)
- Reference
- Part III The Process of Transformation
- Chapter 8 Living Your Awareness Program Through the Eyes and Lives of Your Audience
- A Learner Journey Map: Awareness in the Context of Life
- Key Takeaways
- Notes and References
- Chapter 9 Putting It All Together
- Before You Begin
- The Five Secrets of Security Awareness Success
- Tips for Gaining Buy-In
- Leverage Cialdini's Principles of Persuasion
- Making Adjustments
- Thoughts About Crafting Campaigns
- Thinking Through Target Groups
- Be Intentional with Recognition and Reward
- Assembling Your Culture Carriers
- Measuring Your Success
- What Does the Future Hold?
- Key Takeaways
- Notes and References
- Chapter 10 Closing Thoughts
- Leverage the Power of Community
- Be a Lifelong Learner
- Be a Realistic Optimist
- Conclusion
- Chapter 11 Voices of Transformation: Interviews with Security Awareness Program Leaders
- Bruce Hallas, Marmalade Box
- Carlos Miró, MUFG Union Bank
- Dr. Cheryl O. Cooper, Sprint Corporation
- Krina Snider, Sprint
- Mark Majewski, Quicken Loans
- Michael Lattimore, Independent Consultant
- Mo Amin, Independent Consultant
- Prudence Smith, Senior Cyber and Information Security Consultant and Industry Speaker
- Thom Langford, (TL)2 Security
- Tory Dombrowski, Takeform
- Appendix: Seven Key Reminder Nudges to Help Your Recall
- Index
- EULA.
