The Biggest Secrets of Security Awareness

K RudolphThe Biggest Secrets of Security Awareness

A1, April 27, 2008Native Intelligence, Inc.

The Biggest Secretsof Security Awareness

Chief Inspiration OfficerNative Intelligence, Inc.

Storyteller

Educator

Creator of awareness courses andaward-winning materials used worldwide

K Rudolph, CISSP

Secret 1: Prevention Is Better Than Cure

Why do we invest in security awareness?

What amount of security incidents arepreventable?

What does this mean to securityawareness practitioners?

- Don’t share your password- Don’t discuss confidential information in public- Don’t install a personal modem at work- Create long, strong passwords- Report actual or suspected incidents- Delete e-mail chain messages- Don’t take sensitive data home without permission

How many of these awarenessmessages are common sense?

Why do we need to remind people?

What are these messages?

Do we remember what it’s likenot to know about security?

What’s not common knowledge at the IRS?

___ of the 102 employees did as requested?

Managers were ___ % more lax than employees.

A follow-up survey found:

___ believed what they had been told.

___ % said that they thought thatchanging their password to one providedby the caller was not the same asdisclosing it, which they knew wasagainst the rules.

Prevention beats cure. Securityawareness turns your messages intocommon knowledge.

Does common knowledge set thestage for common sense?

How do we make messages compellingso that they become commonknowledge?

1Take Awayfrom Secret

Secret 2: Security Is Everywhere

Powering off yourcomputer withoutclosing theprograms you’reusing is like kickingaway the ladderwhile the painter ison the third story.

How can this housepainter help usexplain propercomputer use?

What has this cat gotto do with securityawareness?

A1, April 27, 2008

What about a car door, adraw bridge, or a wide gate?

Your Data

Accelerate learning with analogies.2Take Awayfrom Secret

What Wizard of Oztheme applies tobuilding effectivesecurity awarenesscontent?

Secret 3:Work with the Brain to Capture Attention

What are somebrain-compatiblestrategies forgetting attention?

How successful is asales representativewho gets thrownout of the decisionmaker’s office?

How can we get the brain’s attention?

What are brains wired to respond to?

(hint)

Why do warning signals have flashing lights?

Why are sirens two or more tones?

How can we apply this to awareness?

Use expectation failure.

Break a pattern. Break a schema.

Schema

• Group of generic properties

• Pre-recorded informationstored in our memories

What’s your schema for “sports car” ?

How should we use schemas?

• Communicate complex topics bylayering simple ones (e.g., pomelo)

• Capture attention by breaking them

Would you agree that most people expectinformation on our country’s nuclearweapons designs to be well-guarded?

“Potentiallythe greatestbreach ofnationalsecurityin decades.”

Fall 2006

We expect people not to click onan Internet ad for a free virus.

We expect that the best way to get managementexcited about a disaster recovery plan is to burndown the building across the street.

We expectmedicine totaste bad.

What do staffexpect ofsecurity

awareness?

Will this beboring?

Does it have to be that way?

Should it be that way?

What if yourawarenessmaterials leftyour audiencewanting more?

Sourcefire Security Calendar

Daily Tips

What do brains consider important?

Brains pay attention tothings that are unusual,unexpected, out of theordinary, interesting,strange, eye-catching…

A1, April 27, 2008

Does empathy get the brain involved?Liz had a very bad day at the office.

Use content thatmakes your audiencefeel something.

Capture attention with changes, the unexpected,by breaking a schema, using empathy, and by involvingthe emotions.

What causesdeeper learning?

Secret 4: Work with the Brain to Make Learning Stick

A1, April 27, 2008

More connections means …The more neurons that fire means …Ways, contexts, intelligences…

Plastics, sponges, sieves, or …?

Is a picture worth 1,024 words?

Recall and transfer studies show___ % more than words alone?

What should we do to makepictures more effective?

What does this causethe brain to do?

How much do words withinpictures improve a learner’sability to solve problemsrelated to content?

Which is better, a conversational, personal,casual language style or a more and directbusiness-like style? ___ %

Is conversation“learning by doing”?

What if your boss,manager, trainingdepartment, or anyof the PTB wantsyou to…

A1, April 27, 2008

Should we ask questionsthat don’t have a clear answer?

What do themost accessiblescience writershave in common?

How does emotionalcontent affect memory?

Where were you when...

A1, April 27, 2008

Don’t Tell When You Can Show

What did trial attorneyGerry Spence say about words?

How can we visually explainan abstract concept such asvulnerability or threat?

----------------------------What would happen if

someone changedyour data?

----------------------------Whet would happen if

someone chongedyoor deta?

----------------------------What would happen

if your datadisappeared?

----------------------------What would happen

if your datadisappeared?

What’s another technique forshowing rather than telling?

Show a choice of actions…Bad choices result in…

What 1980’s commercial did this?

Use as much of the brain as possible, in as many ways asyou can (multiple methods). Also, use images with wordsin them, use mystery, and aim for visceral reactions. Showwith visuals, simulations, and demonstrations, and extremeconsequences.

Secret 5: Use Strategic Stories

A1, April 27, 2008

Stories have enormous powers of recall, andthey communicate priorities effectively.

A1, April 27, 2008

Do this ______. Don’t do that ______.

Which would you prefer…

How are stories like flight simulators?

Does mental simulation work?

Why are stories powerful?

Which is better, instructing people not toforward chain e-mail or telling them aboutRose Lambert?

A1, April 27, 2008

How does telling a story differ frommaking a reasoned argument?

A1, April 27, 2008

The way you deliver a message to peopleis a clue to how they should react.

If you make an argument …

They will …

But stories …

A1, April 27, 2008

Do you haveto be creative to

come up withgood stories?

What do 9 out of 10ophthalmologistsrecommend forstory spotting?

What’s a NewsHawk Program?

How many surprising elements?

Does it have to be true?

What length should it be?

Can it have more than one message?

What tense should the story be told in?

How many characters should it have?

What makes a story memorable?

What Makes A Useful Story?

Stories are simulations. They can inspire action.You don’t have to be creative to spot and use stories.

Have you recently delivered any messages thathaven’t been effective?

Learn the craft of storytelling for business.

Develop a bucket of stories for trigger events.

Using Strategic Stories

Create a story to redeliver them.

1. Prevention is better than cure.

2. Use analogies to accelerate learning.

3. Work with the brain to capture attention.

4. Work with the brain to maintain interest.

5. Use strategic stories.

The Biggest Secrets of Security Awareness

Business

LONG & WINDING ROADus.i1.yimg.com/us.yimg.com/i/adv/lwr_06/long_and_winding_road.pdf · biggest impact on buying lies within the awareness and consideration process. consumer shopping

The Biggest Challenges with Private Online Communities and the Secrets to Overcoming Them

7 Biggest Hypnotic Secrets

Secrets are secrets. Please, maintain keep them

Credit Secrets: THE CREDIT SECRETS MINI-BOOK

Trade Secrets - MOTOR · Trade Secrets Bob Cerullo bcerullo@motor.com ... I fashioned a crane adapter so we could use the fork lift to R&R engines. My biggest problem was to get new

Secrets Huiles Essentielles - Tous les secrets enfin révélés !

Hiring Ad Dollar Advertising - The Answer To Your Biggest Secrets

Cisco Meraki Network Associate (CMNA) CompTIA A+ · Employee Security Awareness Training •Employees are your biggest vulnerability •Recent study by KnowBe4 found that 26%-45%

A FOREST’S SECRETS A forest has many secrets—secrets that man has long forgotten. A forest has healing secrets, treasure secrets, and history secrets

· SOURCES: 52 Secrets to Marketing Automation Success – Awareness Inc.

Cosmic Awareness 1994-05: The Secrets of Alchemy - The Philosopher's Stone

Insider Threat Awareness - Sandia National Laboratories · Insider Threat Awareness ... You don’t rat out your team. What would you do? ... those who took secrets and those who

TRADE SECRETS. Outline of Presentation What are trade secrets Protecting trade secrets Trade secrets or patents Legal protection for trade secrets and

Secrets to an Effective Phishing Program - SANS to an Effective Phishing Program @securethehuman Security Awareness Maturity Model Nonexistent Compliance-Focused Promoting Awareness

Behaviour: Biggest Asset and Biggest Risk

Secrets of 10 Successful Financial Advisors In India · Secrets of 10 Successful Financial Advisors In India By ... Q7 - What are some of the biggest benefits of being into personal

Open Secrets Who was your congressman/woman? Who were their biggest contributors? Why were those their biggest contributors?

The Biggest Picture: Situational Awareness on a Global Level

> POAL Handles NZ’s Biggest Container Ships > Hamburg Sud ... · HAMBURG SUD ON THE SECRETS OF SUCCESS FOR EqUIPMENT & CAPACITy MANAGEMENT 2-3 POAL FOCUS 8-9 aGenCy/ rinCiPal MACKAy’S