Security Awareness

The Challenge of Security Awareness

Why?

Nobody cares about Security…

And how do we get their attention and support?

Types of Risk

Prof. John Adams, University College LondonUK risk expert

• Direct – directly perceived – obvious• Scientific – determined via science• Virtual Risk – everything else!

Types of Risk

Virtual Risk• What we are all involved in!• Project risk/Operational risk• Physical/Data security risk• Terrorism/Homeland Security• Weather

Virtual Risk

Virtual Risk• Difficult to “prove”• Experts don’t know or do not agree• We don’t know what we don’t know

Issues

• Security viewed as a negative• Avoidance v. “risk”

– Delays– Cost– Extra work– “Gotchas”

10. Make Top 10 lists!

Top 10

The Top 10 things we do for Security Awareness at DHS…

10. Make Top 10 lists!

Top 10

The Top 10 things we do for Security Awareness at DHS…

9. Have a Mascot

10. Make Top 10 lists!

Top 10

The Top 10 things we do for Security Awareness at DHS…

9. Have a Mascot8. Dress Up

10. Make Top 10 lists!

Top 10

The Top 10 things we do for Security Awareness at DHS…

9. Have a Mascot8. Dress Up7. 1-on-1 Executive Briefings

10. Make Top 10 lists!

Top 10

The Top 10 things we do for Security Awareness at DHS…

9. Have a Mascot8. Dress Up7. 1-on-1 Executive Briefings6. The Screensaver

Top 10

The Top 10 things we do for Security Awareness at DHS…

5. Computer Security Day – comics and greeting cards

Top 10

The Top 10 things we do for Security Awareness at DHS…

5. Computer Security Day4. Publish or Perish

Top 10

The Top 10 things we do for Security Awareness at DHS…

5. Computer Security Day4. Publish or Perish3. Continually reinvent

Top 10

The Top 10 things we do for Security Awareness at DHS…

5. Computer Security Day4. Publish or Perish3. Continually reinvent2. Get others to play

Top 10

The Top 10 things we do for Security Awareness at DHS…

5. Computer Security Day4. Publish or Perish3. Continually reinvent2. Get others to play1. Have Fun!