Zum Hauptinhalt springen
Dekorationsartikel gehören nicht zum Leistungsumfang.
Transformational Security Awareness
What Neuroscientists, Storytellers, and Marketers Can Teach Us about Driving Secure Behaviors
Taschenbuch von Perry Carpenter
Sprache: Englisch

35,10 €*

inkl. MwSt.

Versandkostenfrei per Post / DHL

Lieferzeit 1-2 Wochen

Kategorien:
Beschreibung

> ?BJ FOGG PHD, Researcher and Founder of the Stanford University Behavior Design Lab, Author of Tiny Habits: The Small Changes that Change Everything

DO YOU CARE MORE ABOUT WHAT YOUR EMPLOYEES KNOW, OR WHAT THEY DO?

Transformational Security Awareness offers a fresh, multidisciplinary approach to building a vital culture of awareness and secure behavior. Weaving together insights and best practices from experts in communication, persuasion, psychology, behavioral economics, organizational culture management, employee engagement, and storytelling, author Perry Carpenter empowers organizations to focus on the human element. The tools he provides let you create behavior change that enhances security at every level.

What good is awareness if your people still don't care or behave in ways that reflect the security values that you are training on? Building secure users requires an intentional focus on behavior and cultural supports, finding actionable ways to intersect with users in the ways that will be most impactful; from relevant information, to behavioral interventions, to cultural and social supports and pressures. This book helps you optimize your security program to include and work with the realities of human nature. Using the insight provided by behavioral and marketing disciplines, you'll learn to engage users, shape behaviors, and foster an organizational culture that encourages and reinforces security-related values. Don't just change what your employees know, change what they do because actions not knowledge will determine whether your organization is breached or secure.

With Transformational Security Awareness, you'll learn to account for the most important factor of your in your security program: the human factor. Discover how to:

  • Overcome the knowledge-intention-behavior gap
  • Teach security awareness using simulations, games, surveys, and other methods
  • Recognize why technological security tools aren't enough
  • Develop a well-crafted security awareness program that leverages effective training, behavior shaping techniques, and a network of 'culture carriers'
  • Understand the keys to sustained success and ongoing culture change
  • Measure your success and establish continuous improvements

Here's what I know:

"A transformational security awareness program will pay-off. In the same way that a steady stream of water over time will create a canyon; or that small amounts of money invested will, through the magic of compound interest, turn into large sums of money, your efforts do make a lasting impact!" ?Perry Carpenter

> ?BJ FOGG PHD, Researcher and Founder of the Stanford University Behavior Design Lab, Author of Tiny Habits: The Small Changes that Change Everything

DO YOU CARE MORE ABOUT WHAT YOUR EMPLOYEES KNOW, OR WHAT THEY DO?

Transformational Security Awareness offers a fresh, multidisciplinary approach to building a vital culture of awareness and secure behavior. Weaving together insights and best practices from experts in communication, persuasion, psychology, behavioral economics, organizational culture management, employee engagement, and storytelling, author Perry Carpenter empowers organizations to focus on the human element. The tools he provides let you create behavior change that enhances security at every level.

What good is awareness if your people still don't care or behave in ways that reflect the security values that you are training on? Building secure users requires an intentional focus on behavior and cultural supports, finding actionable ways to intersect with users in the ways that will be most impactful; from relevant information, to behavioral interventions, to cultural and social supports and pressures. This book helps you optimize your security program to include and work with the realities of human nature. Using the insight provided by behavioral and marketing disciplines, you'll learn to engage users, shape behaviors, and foster an organizational culture that encourages and reinforces security-related values. Don't just change what your employees know, change what they do because actions not knowledge will determine whether your organization is breached or secure.

With Transformational Security Awareness, you'll learn to account for the most important factor of your in your security program: the human factor. Discover how to:

  • Overcome the knowledge-intention-behavior gap
  • Teach security awareness using simulations, games, surveys, and other methods
  • Recognize why technological security tools aren't enough
  • Develop a well-crafted security awareness program that leverages effective training, behavior shaping techniques, and a network of 'culture carriers'
  • Understand the keys to sustained success and ongoing culture change
  • Measure your success and establish continuous improvements

Here's what I know:

"A transformational security awareness program will pay-off. In the same way that a steady stream of water over time will create a canyon; or that small amounts of money invested will, through the magic of compound interest, turn into large sums of money, your efforts do make a lasting impact!" ?Perry Carpenter

Über den Autor

PERRY CARPENTER is the Chief Evangelist and Strategy Officer for KnowBe4, the world's most popular security awareness and simulated phishing platform. A former security awareness researcher and CISO advisor at Gartner Research, he now works closely with Kevin Mitnick, arguably the world's most famous hacker. Perry frequently addresses management audiences at major cybersecurity conferences.

Inhaltsverzeichnis

Foreword xxi

Introduction xxiii

I The Case for Transformation 1

1 You Know Why 3

Humans Are the Last Line of Defense 4

Data Breaches Tell the Story 6

Auditors and Regulators Recognize the Need for Security Awareness Training 11

Traditional Security Awareness Program Methods Fall Short of Their Goals 14

Key Takeaways 16

References 17

2 Choosing a Transformational Approach 19

Your "Why" Determines Your "What" 20

Down the Rabbit Hole 21

Outlining the Key Components and Tools of a Transformational Program 24

A Map of What's to Come 28

Part 1 in a Nutshell 30

Part 2 in a Nutshell 30

Part 3 in a Nutshell 31

Key Takeaways 32

Notes and References 32

II The Tools of Transformation 35

3 Marketing and Communications 101 for Security Awareness Leaders 37

The Communications Conundrum 38

The Marketing Connection 40

Defining Marketing 44

Embedding Your Messages 53

Get the Right Message to the Right Person at the Right Time 70

Campaigns: If You Aren't Reinforcing, Your Audience Is Forgetting 76

Tracking Results and Measuring Effectiveness 76

Know When to Ask for Help 77

Key Takeaways 78

Notes and References 78

Additional Reading 81

4 Behavior Management 101 for Security Awareness Leaders 83

Your Users Aren't Stupid, They're Human 85

Thinking, Fast and Slow 87

System 1 Thinking 88

System 2 Thinking 91

Working with Human Nature Rather Than Against 93

The Nuts and Bolts of Shaping Behavior 96

The Fogg Behavior Model 97

The Problem with Motivation 103

Nudge Them in the Right Direction 103

Frames: Why Context Is Everything 109

Designing and Debugging Behavior 117

Being Intentional with Target Groups 117

Debugging Behaviors 118

Design "Power Prompts" Wherever Possible 122

Password Management Example, Continued 123

Habits Make Hard Things Easier to Do 130

Thinking About Guardrails 132

Tracking Results and Measuring Effectiveness 133

Key Takeaways 134

Notes and References 135

Additional Reading 137

5 Culture Management 101 for Security Awareness Leaders 141

Security Culture is Part of Your Larger Organizational Culture 144

Getting Started 147

Understanding Your Culture's Status Quo 149

Go Viral: Unleash the Power of Culture Carriers 156

Cultures in (Potential) Conflict: Remember Global and Social Dynamics 164

Cultural Forces 165

Structures 167

Pressures 167

Rewards 169

Rituals 169

Tracking Results and Measuring Effectiveness 171

Key Takeaways 171

Notes and References 172

Additional Reading 174

6 What's in a Modern Security Awareness Leader's Toolbox? 175

Content Is King: Videos, Learning Modules, and More 176

Big Box Shopping: A Content Analogy 178

Types of Content 181

Experiences: Events, Meetings, and Simulations 186

Meetings, Presentations, and Lunch-and-Learns 187

Tabletop Exercises 188

Rituals 189

Webinars 190

Games 190

Simulated Phishing and Social Engineering 191

Other Simulations and Embodied Learning 192

Interactions with Other Technologies 193

Relationships: Bringing Context to Content and Experiences 194

Be Intentional and Opportunistic, Always 195

Stories and Analogies 195

Tapping into Cultural Trends 195

Opportunistic Campaigns Based on New Organizational Initiatives and Current Events 196

The Critical "At Home" Connection 197

Use Your Metrics and Anecdotes to Help Tell and Reinforce Your Story 197

Key Takeaways 198

Notes and References 198

7 Voices of Transformation: Interviews with Security Awareness Vendors 201

Anna Collard, Popcorn Training 201

Chris Hadnagy, Social Engineer 204

Drew Rose, Living Security 209

Gary Berman, The CyberHero Adventures: Defenders of the Digital Universe 211

Jason Hoenich, Habitu8 214

Jim Shields, Twist and Shout 217

Kai Roar, CLTRe 219

Lisa Plaggemier, InfoSec Institute 221

Masha Sedova, Elevate Security 224

Stu Sjouwerman, KnowBe4 226

Tom Pendergast, MediaPRO 228

Winn Schwartau, The Security Awareness Company (SAC) 231

Reference 236

III The Process of Transformation 237

8 Living Your Awareness Program Through the Eyes and Lives of Your Audience 239

A Learner Journey Map: Awareness in the Context of Life 240

Key Takeaways 248

Notes and References 248

9 Putting It All Together 251

Before You Begin 252

The Five Secrets of Security Awareness Success 252

Tips for Gaining Buy-In 259

Leverage Cialdini's Principles of Persuasion 264

Making Adjustments 269

Thoughts About Crafting Campaigns 269

Thinking Through Target Groups 271

Be Intentional with Recognition and Reward 277

Assembling Your Culture Carriers 277

Measuring Your Success 278

What Does the Future Hold? 279

Key Takeaways 280

Notes and References 281

10 Closing Thoughts 283

Leverage the Power of Community. 283

Be a Lifelong Learner 285

Be a Realistic Optimist 290

Conclusion 291

11 Voices of Transformation: Interviews with Security Awareness Program Leaders 293

Bruce Hallas, Marmalade Box 294

Carlos Miró, MUFG Union Bank 296

Dr. Cheryl O. Cooper, Sprint Corporation 298

Krina Snider, Sprint 302

Mark Majewski, Quicken Loans 305

Michael Lattimore, Independent Consultant 307

Mo Amin, Independent Consultant 311

Prudence Smith, Senior Cyber and Information Security Consultant and Industry Speaker 313

Thom Langford, (TL)2 Security 320

Tory Dombrowski, Takeform 323

Appendix: Seven Key Reminder Nudges to Help Your Recall 329

Index 331

Details
Erscheinungsjahr: 2019
Genre: Importe, Informatik
Rubrik: Naturwissenschaften & Technik
Medium: Taschenbuch
Inhalt: 368 S.
ISBN-13: 9781119566342
ISBN-10: 1119566347
Sprache: Englisch
Einband: Kartoniert / Broschiert
Autor: Carpenter, Perry
Hersteller: Wiley
Verantwortliche Person für die EU: Wiley-VCH GmbH, Boschstr. 12, D-69469 Weinheim, amartine@wiley-vch.de
Maße: 226 x 155 x 20 mm
Von/Mit: Perry Carpenter
Erscheinungsdatum: 21.05.2019
Gewicht: 0,471 kg
Artikel-ID: 114872588
Über den Autor

PERRY CARPENTER is the Chief Evangelist and Strategy Officer for KnowBe4, the world's most popular security awareness and simulated phishing platform. A former security awareness researcher and CISO advisor at Gartner Research, he now works closely with Kevin Mitnick, arguably the world's most famous hacker. Perry frequently addresses management audiences at major cybersecurity conferences.

Inhaltsverzeichnis

Foreword xxi

Introduction xxiii

I The Case for Transformation 1

1 You Know Why 3

Humans Are the Last Line of Defense 4

Data Breaches Tell the Story 6

Auditors and Regulators Recognize the Need for Security Awareness Training 11

Traditional Security Awareness Program Methods Fall Short of Their Goals 14

Key Takeaways 16

References 17

2 Choosing a Transformational Approach 19

Your "Why" Determines Your "What" 20

Down the Rabbit Hole 21

Outlining the Key Components and Tools of a Transformational Program 24

A Map of What's to Come 28

Part 1 in a Nutshell 30

Part 2 in a Nutshell 30

Part 3 in a Nutshell 31

Key Takeaways 32

Notes and References 32

II The Tools of Transformation 35

3 Marketing and Communications 101 for Security Awareness Leaders 37

The Communications Conundrum 38

The Marketing Connection 40

Defining Marketing 44

Embedding Your Messages 53

Get the Right Message to the Right Person at the Right Time 70

Campaigns: If You Aren't Reinforcing, Your Audience Is Forgetting 76

Tracking Results and Measuring Effectiveness 76

Know When to Ask for Help 77

Key Takeaways 78

Notes and References 78

Additional Reading 81

4 Behavior Management 101 for Security Awareness Leaders 83

Your Users Aren't Stupid, They're Human 85

Thinking, Fast and Slow 87

System 1 Thinking 88

System 2 Thinking 91

Working with Human Nature Rather Than Against 93

The Nuts and Bolts of Shaping Behavior 96

The Fogg Behavior Model 97

The Problem with Motivation 103

Nudge Them in the Right Direction 103

Frames: Why Context Is Everything 109

Designing and Debugging Behavior 117

Being Intentional with Target Groups 117

Debugging Behaviors 118

Design "Power Prompts" Wherever Possible 122

Password Management Example, Continued 123

Habits Make Hard Things Easier to Do 130

Thinking About Guardrails 132

Tracking Results and Measuring Effectiveness 133

Key Takeaways 134

Notes and References 135

Additional Reading 137

5 Culture Management 101 for Security Awareness Leaders 141

Security Culture is Part of Your Larger Organizational Culture 144

Getting Started 147

Understanding Your Culture's Status Quo 149

Go Viral: Unleash the Power of Culture Carriers 156

Cultures in (Potential) Conflict: Remember Global and Social Dynamics 164

Cultural Forces 165

Structures 167

Pressures 167

Rewards 169

Rituals 169

Tracking Results and Measuring Effectiveness 171

Key Takeaways 171

Notes and References 172

Additional Reading 174

6 What's in a Modern Security Awareness Leader's Toolbox? 175

Content Is King: Videos, Learning Modules, and More 176

Big Box Shopping: A Content Analogy 178

Types of Content 181

Experiences: Events, Meetings, and Simulations 186

Meetings, Presentations, and Lunch-and-Learns 187

Tabletop Exercises 188

Rituals 189

Webinars 190

Games 190

Simulated Phishing and Social Engineering 191

Other Simulations and Embodied Learning 192

Interactions with Other Technologies 193

Relationships: Bringing Context to Content and Experiences 194

Be Intentional and Opportunistic, Always 195

Stories and Analogies 195

Tapping into Cultural Trends 195

Opportunistic Campaigns Based on New Organizational Initiatives and Current Events 196

The Critical "At Home" Connection 197

Use Your Metrics and Anecdotes to Help Tell and Reinforce Your Story 197

Key Takeaways 198

Notes and References 198

7 Voices of Transformation: Interviews with Security Awareness Vendors 201

Anna Collard, Popcorn Training 201

Chris Hadnagy, Social Engineer 204

Drew Rose, Living Security 209

Gary Berman, The CyberHero Adventures: Defenders of the Digital Universe 211

Jason Hoenich, Habitu8 214

Jim Shields, Twist and Shout 217

Kai Roar, CLTRe 219

Lisa Plaggemier, InfoSec Institute 221

Masha Sedova, Elevate Security 224

Stu Sjouwerman, KnowBe4 226

Tom Pendergast, MediaPRO 228

Winn Schwartau, The Security Awareness Company (SAC) 231

Reference 236

III The Process of Transformation 237

8 Living Your Awareness Program Through the Eyes and Lives of Your Audience 239

A Learner Journey Map: Awareness in the Context of Life 240

Key Takeaways 248

Notes and References 248

9 Putting It All Together 251

Before You Begin 252

The Five Secrets of Security Awareness Success 252

Tips for Gaining Buy-In 259

Leverage Cialdini's Principles of Persuasion 264

Making Adjustments 269

Thoughts About Crafting Campaigns 269

Thinking Through Target Groups 271

Be Intentional with Recognition and Reward 277

Assembling Your Culture Carriers 277

Measuring Your Success 278

What Does the Future Hold? 279

Key Takeaways 280

Notes and References 281

10 Closing Thoughts 283

Leverage the Power of Community. 283

Be a Lifelong Learner 285

Be a Realistic Optimist 290

Conclusion 291

11 Voices of Transformation: Interviews with Security Awareness Program Leaders 293

Bruce Hallas, Marmalade Box 294

Carlos Miró, MUFG Union Bank 296

Dr. Cheryl O. Cooper, Sprint Corporation 298

Krina Snider, Sprint 302

Mark Majewski, Quicken Loans 305

Michael Lattimore, Independent Consultant 307

Mo Amin, Independent Consultant 311

Prudence Smith, Senior Cyber and Information Security Consultant and Industry Speaker 313

Thom Langford, (TL)2 Security 320

Tory Dombrowski, Takeform 323

Appendix: Seven Key Reminder Nudges to Help Your Recall 329

Index 331

Details
Erscheinungsjahr: 2019
Genre: Importe, Informatik
Rubrik: Naturwissenschaften & Technik
Medium: Taschenbuch
Inhalt: 368 S.
ISBN-13: 9781119566342
ISBN-10: 1119566347
Sprache: Englisch
Einband: Kartoniert / Broschiert
Autor: Carpenter, Perry
Hersteller: Wiley
Verantwortliche Person für die EU: Wiley-VCH GmbH, Boschstr. 12, D-69469 Weinheim, amartine@wiley-vch.de
Maße: 226 x 155 x 20 mm
Von/Mit: Perry Carpenter
Erscheinungsdatum: 21.05.2019
Gewicht: 0,471 kg
Artikel-ID: 114872588
Sicherheitshinweis

Ähnliche Produkte

Ähnliche Produkte