1. Barbara McCrary Chief Information Security Officer Three C’s of Security Awareness: Culture, Change and Creativity

2. Culture Change Creativity The Three C’s of Security Culture, change, and creativity are central to protecting an organization’s data and assets.

3. A Company’s Way of Life –Behavior and Practice –Standards –Habits and Routines –Traditions Culture

4. Behavior and Practices –Organization Silos –Communication –Productivity –Environment

5. Change IT’s Ideas About Effectual Security Update Standards Habits and Routines –Process pertinent data first –Simplify Automate Traditional Processes

6. To improve security and security awareness: Change! Change

7. Keys to Change Protecting data is a shared responsibility. Encourage active participation from all stakeholders.

8. Change Everyone’s Idea of Security Awareness Training Regular, daily, weekly, monthly campaigns that look more like conversations than training. –Focused and Small Bites –Reinforce –Applicable

9. Change Everyone’s Idea of Normal Inspire thought and conversation about ethical computing. –Change unethical norms. –Redesign decision processes. –Reinforce organizational ethics using reminders and currently held communication tools.

10. What can we really do to encourage ethical and secure corporate behavior? Get Creative! Creativity

11. Incorporate a Variety of Awareness Tools Add security to process training. Send info on trending and current events. Include info that applies to personal lives, families and personal finance.

12. Designing Security Awareness Materials Consider the differences: – generations – gender – seniority

13. Summing It Up To quote ― St. Francis of Assisi “Start by doing what is necessary, then what is possible, and suddenly you are doing the impossible.”

14. QUESTIONS?