Transformational Security Awareness - What Neuroscientists, Storytellers, Marketers Can Teach Us About

Read more

Expert guidance on the art and science of driving secure behaviors
 
Transformational Security Awareness empowers security leaders with the information and resources they need to assemble and deliver effective world-class security awareness programs that drive secure behaviors and culture change.
 
When all other processes, controls, and technologies fail, humans are your last line of defense. But, how can you prepare them? Frustrated with ineffective training paradigms, most security leaders know that there must be a better way. A way that engages users, shapes behaviors, and fosters an organizational culture that encourages and reinforces security-related values. The good news is that there is hope. That's what Transformational Security Awareness is all about.
 
Author Perry Carpenter weaves together insights and best practices from experts in communication, persuasion, psychology, behavioral economics, organizational culture management, employee engagement, and storytelling to create a multidisciplinary masterpiece that transcends traditional security education and sets you on the path to make a lasting impact in your organization.
* Find out what you need to know about marketing, communication, behavior science, and culture management
* Overcome the knowledge-intention-behavior gap
* Optimize your program to work with the realities of human nature
* Use simulations, games, surveys, and leverage new trends like escape rooms to teach security awareness
* Put effective training together into a well-crafted campaign with ambassadors
* Understand the keys to sustained success and ongoing culture change
* Measure your success and establish continuous improvements
 
Do you care more about what your employees know or what they do? It's time to transform the way we think about security awareness. If your organization is stuck in a security awareness rut, using the same ineffective strategies, materials, and information that might check a compliance box but still leaves your organization wide open to phishing, social engineering, and security-related employee mistakes and oversights, then you NEED this book.

List of contents

Foreword xxi
 
Introduction xxiii
 
I The Case for Transformation 1
 
1 You Know Why 3
 
Humans Are the Last Line of Defense 4
 
Data Breaches Tell the Story 6
 
Auditors and Regulators Recognize the Need for Security Awareness Training 11
 
Traditional Security Awareness Program Methods Fall Short of Their Goals 14
 
Key Takeaways 16
 
References 17
 
2 Choosing a Transformational Approach 19
 
Your "Why" Determines Your "What" 20
 
Down the Rabbit Hole 21
 
Outlining the Key Components and Tools of a Transformational Program 24
 
A Map of What's to Come 28
 
Part 1 in a Nutshell 30
 
Part 2 in a Nutshell 30
 
Part 3 in a Nutshell 31
 
Key Takeaways 32
 
Notes and References 32
 
II The Tools of Transformation 35
 
3 Marketing and Communications 101 for Security Awareness Leaders 37
 
The Communications Conundrum 38
 
The Marketing Connection 40
 
Defining Marketing 44
 
Embedding Your Messages 53
 
Get the Right Message to the Right Person at the Right Time 70
 
Campaigns: If You Aren't Reinforcing, Your Audience Is Forgetting 76
 
Tracking Results and Measuring Effectiveness 76
 
Know When to Ask for Help 77
 
Key Takeaways 78
 
Notes and References 78
 
Additional Reading 81
 
4 Behavior Management 101 for Security Awareness Leaders 83
 
Your Users Aren't Stupid, They're Human 85
 
Thinking, Fast and Slow 87
 
System 1 Thinking 88
 
System 2 Thinking 91
 
Working with Human Nature Rather Than Against 93
 
The Nuts and Bolts of Shaping Behavior 96
 
The Fogg Behavior Model 97
 
The Problem with Motivation 103
 
Nudge Them in the Right Direction 103
 
Frames: Why Context Is Everything 109
 
Designing and Debugging Behavior 117
 
Being Intentional with Target Groups 117
 
Debugging Behaviors 118
 
Design "Power Prompts" Wherever Possible 122
 
Password Management Example, Continued 123
 
Habits Make Hard Things Easier to Do 130
 
Thinking About Guardrails 132
 
Tracking Results and Measuring Effectiveness 133
 
Key Takeaways 134
 
Notes and References 135
 
Additional Reading 137
 
5 Culture Management 101 for Security Awareness Leaders 141
 
Security Culture is Part of Your Larger Organizational Culture 144
 
Getting Started 147
 
Understanding Your Culture's Status Quo 149
 
Go Viral: Unleash the Power of Culture Carriers 156
 
Cultures in (Potential) Conflict: Remember Global and Social Dynamics 164
 
Cultural Forces 165
 
Structures 167
 
Pressures 167
 
Rewards 169
 
Rituals 169
 
Tracking Results and Measuring Effectiveness 171
 
Key Takeaways 171
 
Notes and References 172
 
Additional Reading 174
 
6 What's in a Modern Security Awareness Leader's Toolbox? 175
 
Content Is King: Videos, Learning Modules, and More 176
 
Big Box Shopping: A Content Analogy 178
 
Types of Content 181
 
Experiences: Events, Meetings, and Simulations 186
 
Meetings, Presentations, and Lunch-and-Learns 187
 
Tabletop Exercises 188
 
Rituals 189
 
Webinars 190
 
Games 190
 
Simulated Phishing and Social Engineering 191
 
Other Simulations and Embodied Learning 192
 
Interactions with Other Technologies 193
 
Relationships: Bringing Context to Cont

About the author

PERRY CARPENTER is the Chief Evangelist and Strategy Officer for KnowBe4, the world's most popular security awareness and simulated phishing platform. A former security awareness researcher and CISO advisor at Gartner Research, he now works closely with Kevin Mitnick, arguably the world's most famous hacker. Perry frequently addresses management audiences at major cybersecurity conferences.

Summary

Expert guidance on the art and science of driving secure behaviors

Transformational Security Awareness empowers security leaders with the information and resources they need to assemble and deliver effective world-class security awareness programs that drive secure behaviors and culture change.

When all other processes, controls, and technologies fail, humans are your last line of defense. But, how can you prepare them? Frustrated with ineffective training paradigms, most security leaders know that there must be a better way. A way that engages users, shapes behaviors, and fosters an organizational culture that encourages and reinforces security-related values. The good news is that there is hope. That's what Transformational Security Awareness is all about.

Author Perry Carpenter weaves together insights and best practices from experts in communication, persuasion, psychology, behavioral economics, organizational culture management, employee engagement, and storytelling to create a multidisciplinary masterpiece that transcends traditional security education and sets you on the path to make a lasting impact in your organization.
* Find out what you need to know about marketing, communication, behavior science, and culture management
* Overcome the knowledge-intention-behavior gap
* Optimize your program to work with the realities of human nature
* Use simulations, games, surveys, and leverage new trends like escape rooms to teach security awareness
* Put effective training together into a well-crafted campaign with ambassadors
* Understand the keys to sustained success and ongoing culture change
* Measure your success and establish continuous improvements

Do you care more about what your employees know or what they do? It's time to transform the way we think about security awareness. If your organization is stuck in a security awareness rut, using the same ineffective strategies, materials, and information that might check a compliance box but still leaves your organization wide open to phishing, social engineering, and security-related employee mistakes and oversights, then you NEED this book.