Transformational Security Awareness
What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors
1st Edition
Published on 30. April 2019
368 pages
978-1-119-56637-3 (ISBN)
Description
Expert guidance on the art and science of driving secure behaviors
Transformational Security Awareness empowers security leaders with the information and resources they need to assemble and deliver effective world-class security awareness programs that drive secure behaviors and culture change.
When all other processes, controls, and technologies fail, humans are your last line of defense. But, how can you prepare them? Frustrated with ineffective training paradigms, most security leaders know that there must be a better way. A way that engages users, shapes behaviors, and fosters an organizational culture that encourages and reinforces security-related values. The good news is that there is hope. That's what Transformational Security Awareness is all about.
Author Perry Carpenter weaves together insights and best practices from experts in communication, persuasion, psychology, behavioral economics, organizational culture management, employee engagement, and storytelling to create a multidisciplinary masterpiece that transcends traditional security education and sets you on the path to make a lasting impact in your organization.
* Find out what you need to know about marketing, communication, behavior science, and culture management
* Overcome the knowledge-intention-behavior gap
* Optimize your program to work with the realities of human nature
* Use simulations, games, surveys, and leverage new trends like escape rooms to teach security awareness
* Put effective training together into a well-crafted campaign with ambassadors
* Understand the keys to sustained success and ongoing culture change
* Measure your success and establish continuous improvements
Do you care more about what your employees know or what they do? It's time to transform the way we think about security awareness. If your organization is stuck in a security awareness rut, using the same ineffective strategies, materials, and information that might check a compliance box but still leaves your organization wide open to phishing, social engineering, and security-related employee mistakes and oversights, then you NEED this book.
Transformational Security Awareness empowers security leaders with the information and resources they need to assemble and deliver effective world-class security awareness programs that drive secure behaviors and culture change.
When all other processes, controls, and technologies fail, humans are your last line of defense. But, how can you prepare them? Frustrated with ineffective training paradigms, most security leaders know that there must be a better way. A way that engages users, shapes behaviors, and fosters an organizational culture that encourages and reinforces security-related values. The good news is that there is hope. That's what Transformational Security Awareness is all about.
Author Perry Carpenter weaves together insights and best practices from experts in communication, persuasion, psychology, behavioral economics, organizational culture management, employee engagement, and storytelling to create a multidisciplinary masterpiece that transcends traditional security education and sets you on the path to make a lasting impact in your organization.
* Find out what you need to know about marketing, communication, behavior science, and culture management
* Overcome the knowledge-intention-behavior gap
* Optimize your program to work with the realities of human nature
* Use simulations, games, surveys, and leverage new trends like escape rooms to teach security awareness
* Put effective training together into a well-crafted campaign with ambassadors
* Understand the keys to sustained success and ongoing culture change
* Measure your success and establish continuous improvements
Do you care more about what your employees know or what they do? It's time to transform the way we think about security awareness. If your organization is stuck in a security awareness rut, using the same ineffective strategies, materials, and information that might check a compliance box but still leaves your organization wide open to phishing, social engineering, and security-related employee mistakes and oversights, then you NEED this book.
More details
Other editions
Additional editions
Perry Carpenter
Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us about Driving Secure Behaviors
What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors
Book
05/2019
1st Edition
Wiley
€32.50
Shipment within 15-20 days
Content
- Cover
- Title Page
- Copyright
- About the Author
- About the Technical Editor
- Credits
- Acknowledgments
- Contents at a Glance
- Contents
- Foreword
- Introduction
- The Security Awareness Connection
- Thinking Forward
- Let the Fun Begin
- Part I The Case for Transformation
- Chapter 1 You Know Why. . .
- Humans Are the Last Line of Defense
- Data Breaches Tell the Story
- Auditors and Regulators Recognize the Need for Security Awareness Training
- Traditional Security Awareness Program Methods Fall Short of Their Goals
- Key Takeaways
- References
- Chapter 2 Choosing a Transformational Approach
- Your "Why" Determines Your "What"
- Down the Rabbit Hole
- Outlining the Key Components and Tools of a Transformational Program
- A Map of What's to Come
- Part 1 in a Nutshell
- Part 2 in a Nutshell
- Part 3 in a Nutshell
- Key Takeaways
- Notes and References
- Part II The Tools of Transformation
- Chapter 3 Marketing and Communications 101 for Security Awareness Leaders
- The Communications Conundrum
- The Marketing Connection
- Defining Marketing
- Embedding Your Messages
- Get the Right Message to the Right Person at the Right Time
- Campaigns: If You Aren't Reinforcing, Your Audience Is Forgetting
- Tracking Results and Measuring Effectiveness
- Know When to Ask for Help
- Key Takeaways
- Notes and References
- Additional Reading
- Chapter 4 Behavior Management 101 for Security Awareness Leaders
- Your Users Aren't Stupid, They're Human
- Thinking, Fast and Slow
- System 1 Thinking
- System 2 Thinking
- Working with Human Nature Rather Than Against
- The Nuts and Bolts of Shaping Behavior
- The Fogg Behavior Model
- The Problem with Motivation
- Nudge Them in the Right Direction
- Frames: Why Context Is Everything
- Designing and Debugging Behavior
- Being Intentional with Target Groups
- Debugging Behaviors
- Design "Power Prompts" Wherever Possible
- Password Management Example, Continued
- Habits Make Hard Things Easier to Do
- Thinking About Guardrails
- Tracking Results and Measuring Effectiveness
- Key Takeaways
- Notes and References
- Additional Reading
- Chapter 5 Culture Management 101 for Security Awareness Leaders
- Security Culture Is Part of Your Larger OrganizationaI CuIture
- Getting Started
- Understanding Your Culture's Status Quo
- Go Viral: Unleash the Power of Culture Carriers
- Cultures in (Potential) Conflict: Remember Global and Social Dynamics
- Cultural Forces
- Structures
- Pressures
- Rewards
- Rituals
- Tracking Results and Measuring Effectiveness
- Key Takeaways
- Notes and References
- Additional Reading
- Chapter 6 What's in a Modern Security Awareness Leader's Toolbox?
- Content Is King: Videos, Learning Modules, and More
- Big Box Shopping: A Content Analogy
- Types of Content
- Experiences: Events, Meetings, and Simulations
- Meetings, Presentations, and Lunch-and-Learns
- Tabletop Exercises
- Rituals
- Webinars
- Games
- Simulated Phishing and Social Engineering
- Other Simulations and Embodied Learning
- Interactions with Other Technologies
- Relationships: Bringing Context to Content and Experiences
- Be Intentional and Opportunistic, Always
- Stories and Analogies
- Tapping into Cultural Trends
- Opportunistic Campaigns Based on New Organizational Initiatives and Current Events
- The Critical "At Home" Connection
- Use Your Metrics and Anecdotes to Help Tell and Reinforce Your Story
- Key Takeaways
- Notes and References
- Chapter 7 Voices of Transformation: Interviews with Security Awareness Vendors
- Anna Collard, Popcorn Training
- Chris Hadnagy, Social Engineer
- Drew Rose, Living Security
- Gary Berman, The CyberHero Adventures: Defenders of the Digital Universe
- Jason Hoenich, Habitu8
- Jim Shields, Twist and Shout
- Kai Roar, CLTRe
- Lisa Plaggemier, InfoSec Institute
- Masha Sedova, Elevate Security
- Stu Sjouwerman, KnowBe4
- Tom Pendergast, MediaPRO
- Winn Schwartau, The Security Awareness Company (SAC)
- Reference
- Part III The Process of Transformation
- Chapter 8 Living Your Awareness Program Through the Eyes and Lives of Your Audience
- A Learner Journey Map: Awareness in the Context of Life
- Key Takeaways
- Notes and References
- Chapter 9 Putting It All Together
- Before You Begin
- The Five Secrets of Security Awareness Success
- Tips for Gaining Buy-In
- Leverage Cialdini's Principles of Persuasion
- Making Adjustments
- Thoughts About Crafting Campaigns
- Thinking Through Target Groups
- Be Intentional with Recognition and Reward
- Assembling Your Culture Carriers
- Measuring Your Success
- What Does the Future Hold?
- Key Takeaways
- Notes and References
- Chapter 10 Closing Thoughts
- Leverage the Power of Community
- Be a Lifelong Learner
- Be a Realistic Optimist
- Conclusion
- Chapter 11 Voices of Transformation: Interviews with Security Awareness Program Leaders
- Bruce Hallas, Marmalade Box
- Carlos Miró, MUFG Union Bank
- Dr. Cheryl O. Cooper, Sprint Corporation
- Krina Snider, Sprint
- Mark Majewski, Quicken Loans
- Michael Lattimore, Independent Consultant
- Mo Amin, Independent Consultant
- Prudence Smith, Senior Cyber and Information Security Consultant and Industry Speaker
- Thom Langford, (TL)2 Security
- Tory Dombrowski, Takeform
- Appendix: Seven Key Reminder Nudges to Help Your Recall
- Index
- EULA
