Security awareness and cultural change “…from bad apples to good eggs…” Martin Smith MBE FSyI Chairman and Founder The Security Company (International)

Slides:

Advertisements

Similar presentations

Options appraisal, the business case & procurement

Advertisements

Bringing your Strategic Plan to Life Moving it off the shelf and into practice.

First create and sign up for a blue host account Through the help of Blue Host create a WordPress website for the business After you created WordPress.

Develop an Information Strategy Plan

Culture and Leadership

HR – Are we marketing the brand ? Neil Scurlock Head of Learning & Development The Chartered Institute of Marketing.

Working for Warwickshire – Competency Framework

Gallup Q12 Definitions Notes to Managers

Title: The title should accurately describe the issue to be addressed and can never contain a proposed countermeasure. Overview Note: Remember that the.

Level 3 Award in Leadership and Management Workshop 5 - Presentation

Best practice partnership models

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

© Radiant Innovation Who Am I ? UK – based management consultancy – 1 person at present, but with growth plans Focused on change and innovation.

HSE Stress Piloteers programme and the new “Management Standards for Work Related Stress” Josey Snowden HSE advisor.

Leadership in the Baldrige Criteria

Children’s Wellbeing Stakeholder Event Thursday 14 th May 2015 ‘Shaping local priorities and supporting a responsive market’

Human capital management

Co-op Development Training Program Starting September, 2011 Information Session July 8, 2011.

© IBE....doing business ethically makes for better business…. Business Ethics: the essential components Philippa Foster Back OBE Director Institute of.

Moving from Expectations to Performance Standards.

Employee Engagement Survey

Training and Learning Needs Analysis (TLNA) a tool to promote effective workplace learning & development Helen Mason, Project Worker, Unionlearn Representing.

ISO Richard Welford CSR Asia © CSR Asia 2011.

Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.

Mental Health Promotion 3 rd Annual ProMenPol Conference “Promotion of Mental Health – Improving Practice and Policy” 8-9 October 2009 Dr Catherine Kilfedder.

Managing the Unexpected …and keeping people safe at the same time Jason Rowley Group Health and Safety Director Carillion.

1 Copyright Scott Wright. All rights reserved. SC 1 Selling the Streetwise Security Awareness Program.

1 Human Performance Improvement Process INTRODUCTION Connie Johnson.

Security Awareness Effecting Cultural Change ISACA Northern England Chapter Meeting – 25 June 2015 Martin Smith MBE FSyI Chairman and Founder The Security.

Nef (the new economics foundation) Co-producing Lambeth what’s possible? Lucie Stephens and Julia Slay nef, October 2011.

Imran Ghaznavi Course Code: MGT557 COMSATS Strategic Human Resource Management.

Governance: Challenges & Possible Solutions Audit and Risk Indaba 28 October 2011.

BIMCO Maritime Environmental & Efficiency Management Seminar - 2 June 2015 ©ecoreflect ltd Why manage environmental issues? Dr Anne-Marie Warris.

Copyright Scott Wright. All rights reserved. 1 SC Selling the Streetwise Security Awareness Program.

Monitoring and Evaluation of GeSCI’s Activities GeSCI Team Meeting 5-6 Dec 2007.

Environmental Management System Definitions

© 2001 Change Function Ltd USER ACCEPTANCE TESTING Is user acceptance testing of technology and / or processes a task within the project? If ‘Yes’: Will.

Evaluation Process and Findings. 300 briefings and presentations 10,000 people 400 workshops 12,000 people 175 service trips 3,000 people Program Activities.

Nuclear Security Culture William Tobey Workshop on Strengthening the Culture of Nuclear Safety and Security, Sao Paulo, Brazil August 25-26, 2014.

Influencing the ethical context of your organisation Speaker: June Smith, Partner Company: The Argyle Partnership Lawyers Date: 22 November 2006.

Helping Families update Scrutiny Select Committee Meeting March 2013 Nick Page.

Marketing and Communication. Agenda Session 1 Look at who we are and what we do and how we do it RoadTek brand and marketing RoadTek in everything you.

Recruiting and Retaining Staff Dr Lee Gruner1. Principles of Recruitment and Retention Aimed at ensuring that the organisation has competent, high performing.

“Achieving world class returns by managing the supply of forest and wood products to preferred global customers” Health and Safety Expo 2015 Leading Health.

Strategies for Knowledge Management Success SCP Best Practices Showcase March 18, 2004.

The P Process Strategic Design

FINAL PRESENTATION OF ORGANIZATIONAL BEHAVIOUR AND ANALYSIS Prepared for : Dr. S. Kumar Group : Dollar 2 A. R. S. BANDARA - PGIA / 06 / 6317 B. A. G. K.

Win Win Win: can we have regulation that protects people, supports business and costs less? Graham Russell Director Better Regulation Delivery Office.

Accelerating Implementation Methodology: key points Planned, conscious, skilled enterprise Engage ALL stakeholders - Targets, Agents, Sponsors & champions.

1 Fit for the Future Selvin Brown MBE Programme Director, GCS Improvement Programme November 2015.

Catholic Charities Performance and Quality Improvement (PQI)

Unit-5 TQM culture Presented by N.Vigneshwari.  Culture is “the sum total learned beliefs, values, and customs that serve to direct the consumer behavior.

The path to efficacy Pearson’s approach to improving learner outcomes [Presenter’s name, ]

Is Vendor Management The New Risk Management? Douglas DeGrote.

International Waters Project. Communication - Behaviour - Status.

Community BASED Policing/ ADELIN+JANNU. Structure Of Presentation Introduction for Community Based Policing Four basic principles of Community Based Policing.

Leading health & safety on Britain’s railway A strategy for working together Presented by.

Leadership Guide for Strategic Information Management Leadership Guide for Strategic Information Management for State DOTs NCHRP Project Information.

How Good are you at Managing your Processes? Operational Excellence.

Strategic Communications Training of Trainers X State MDA 1.

INNOVATIVE DIGITAL SOLUTIONS HOW WE DO BUSINESS….

1 KM Track Overview & Gaining Value from Knowledge -- Knowledge Management (KM) and the Contracting Professional Breakout Session # 119 Name: Gaining.

Why team based working?. Individual Activity Why team based working in your service area / the areas you support? List the potential benefits that will.

Exploitation means to use and benefit from something. For Erasmus+ this means maximising the potential of the funded activities, so that the results are.

Insert name of presentation on Master Slide The Quality Improvement Guide Insert Date here Presenter:

Module 4 Developing an Adaptation Strategy for the Company

Advocacy and CampaiGning

Cyber Security Culture

IS Risk Management Framework Overview

Presentation transcript:

Security awareness and cultural change “…from bad apples to good eggs…” Martin Smith MBE FSyI Chairman and Founder The Security Company (International) Ltd The Security Awareness Special Interest Group

 There is an enormous willingness amongst workforces to follow good practice. No employee wants to be the one who lets down the team, or causes their organization to appear in the Press as the latest to suffer a data security breach or online fraud.  The vast majority of any workforce is intelligent, honest, hardworking and sensible. Our employees resent being given responsibility for compliance without sensible help or advice to go with it.  To win their support, we just need to tell them what it is we want them to do in language they can understand, describe in simple terms how we want them to do it, and explain to them the benefits of compliance - “What’s in it for me?” We have more than enough rules already – let’s just start explaining them properly to everyone. People want to learn… Inspire, Engage, Protect.

 Tackle security awareness by adopting a strategic, long-term approach aligned to your business objectives  Educate, engage and empower your employees so they understand why security is important and thus change their behaviour.  Define measurable targets, agreed at the outset, to demonstrate Return On Investment (ROI). An approach… Inspire, Engage, Protect.

The Security Awareness Special Interest Group Inspire, Engage, Protect.

 Creating a culture alert to security threats and empowering employees to be secure will not happen overnight. An integrated and sustainable approach is the only way that you will succeed.  A security awareness maturity model will establish the current level of security behaviour within your organisation. Based on your security objectives and organisational requirements you will then progress through each stage of the maturity model as far as you wish. How security savvy is your organisation? Inspire, Engage, Protect.

We believe a successful awareness programme should:  Inspire your workforce to create a culture alert to security risks.  Engage and empower your workforce to behave securely through creative campaigns.  Protect your organisation’s assets with a long-term, strategic approach to security awareness. You should aim to successfully take your employees from being unaware of their information security responsibilities; to being aware of them; to committing to your security principles and demonstrating the desired behaviours. Inspire, engage and protect Inspire, Engage, Protect.

Raising the level of commitment to Security Awareness  Phase VI: Report, review, amend  Phase V: Training & assessment programmes  Phase IV: Get their attention – Create Campaign Awareness  Phase III: Create Knowledge Zone (website) & Training modules  Phase II: Develop a Comms Strategy & Measurement Dashboard  Phase I: Evaluate Needs & Priorities Inspire, Engage, Protect.

 Most people want to do the right thing  Tell your employees what’s in it for them  Keep it simple Your employees want to learn… Inspire, Engage, Protect.

Behaviour cannot be changed by training alone… Inspire, Engage, Protect. People need to be aware of why something is important before they will do anything differently

Getting their attention Inspire, Engage, Protect.

 Communication should be a two way dialogue  Embed key messages using regular reminders  Change employee behaviour in the long term, not just apply a 'quick fix' solution Sustaining awareness Inspire, Engage, Protect.

The awareness model simplified Road Signs Highway Code Road Traffic Act

Scoping Workshop Inspire, Engage, Protect. Case Study – Global Security Communications Strategy Workshop There are three main audiences for our security and fraud prevention awareness campaign: Our in-house security community (“specialists”) Our workforce (including the extended 3rd party enterprise) Our customers All aspects of security and fraud prevention must be addressed The organisation must be clear about what it is asking its people to do.

Scoping Workshop Inspire, Engage, Protect. There must be one consistent set of important messages for all business areas that are easy to remember, understand and achieve. But then, messages should be tailored for each audience for relevance and context. The processes and technology which support the key security and fraud prevention messages must be easy to find, understand and use. The consequences of security behaviour should be rooted within the organisation’s reward and discipline policy.

Inspire, Engage, Protect. “Problems are never solved at the same level of awareness that created them…” Albert Einstein

Inspire, Engage, Protect. “Insanity is the repetition of something over and over again, believing that the outcome will eventually change…” Albert Einstein

Awareness is the oil… The human factor is the final part of the jigsaw, the key to better security and fraud prevention. Good communication is the vital oil that will make our security management and fraud prevention systems run smoothly.

If you wish to know more... Martin Smith