35,10 €*
Versandkostenfrei per Post / DHL
Lieferzeit 1-2 Wochen
> ?BJ FOGG PHD, Researcher and Founder of the Stanford University Behavior Design Lab, Author of Tiny Habits: The Small Changes that Change Everything
DO YOU CARE MORE ABOUT WHAT YOUR EMPLOYEES KNOW, OR WHAT THEY DO?
Transformational Security Awareness offers a fresh, multidisciplinary approach to building a vital culture of awareness and secure behavior. Weaving together insights and best practices from experts in communication, persuasion, psychology, behavioral economics, organizational culture management, employee engagement, and storytelling, author Perry Carpenter empowers organizations to focus on the human element. The tools he provides let you create behavior change that enhances security at every level.
What good is awareness if your people still don't care or behave in ways that reflect the security values that you are training on? Building secure users requires an intentional focus on behavior and cultural supports, finding actionable ways to intersect with users in the ways that will be most impactful; from relevant information, to behavioral interventions, to cultural and social supports and pressures. This book helps you optimize your security program to include and work with the realities of human nature. Using the insight provided by behavioral and marketing disciplines, you'll learn to engage users, shape behaviors, and foster an organizational culture that encourages and reinforces security-related values. Don't just change what your employees know, change what they do because actions not knowledge will determine whether your organization is breached or secure.
With Transformational Security Awareness, you'll learn to account for the most important factor of your in your security program: the human factor. Discover how to:
- Overcome the knowledge-intention-behavior gap
- Teach security awareness using simulations, games, surveys, and other methods
- Recognize why technological security tools aren't enough
- Develop a well-crafted security awareness program that leverages effective training, behavior shaping techniques, and a network of 'culture carriers'
- Understand the keys to sustained success and ongoing culture change
- Measure your success and establish continuous improvements
Here's what I know:
"A transformational security awareness program will pay-off. In the same way that a steady stream of water over time will create a canyon; or that small amounts of money invested will, through the magic of compound interest, turn into large sums of money, your efforts do make a lasting impact!" ?Perry Carpenter
> ?BJ FOGG PHD, Researcher and Founder of the Stanford University Behavior Design Lab, Author of Tiny Habits: The Small Changes that Change Everything
DO YOU CARE MORE ABOUT WHAT YOUR EMPLOYEES KNOW, OR WHAT THEY DO?
Transformational Security Awareness offers a fresh, multidisciplinary approach to building a vital culture of awareness and secure behavior. Weaving together insights and best practices from experts in communication, persuasion, psychology, behavioral economics, organizational culture management, employee engagement, and storytelling, author Perry Carpenter empowers organizations to focus on the human element. The tools he provides let you create behavior change that enhances security at every level.
What good is awareness if your people still don't care or behave in ways that reflect the security values that you are training on? Building secure users requires an intentional focus on behavior and cultural supports, finding actionable ways to intersect with users in the ways that will be most impactful; from relevant information, to behavioral interventions, to cultural and social supports and pressures. This book helps you optimize your security program to include and work with the realities of human nature. Using the insight provided by behavioral and marketing disciplines, you'll learn to engage users, shape behaviors, and foster an organizational culture that encourages and reinforces security-related values. Don't just change what your employees know, change what they do because actions not knowledge will determine whether your organization is breached or secure.
With Transformational Security Awareness, you'll learn to account for the most important factor of your in your security program: the human factor. Discover how to:
- Overcome the knowledge-intention-behavior gap
- Teach security awareness using simulations, games, surveys, and other methods
- Recognize why technological security tools aren't enough
- Develop a well-crafted security awareness program that leverages effective training, behavior shaping techniques, and a network of 'culture carriers'
- Understand the keys to sustained success and ongoing culture change
- Measure your success and establish continuous improvements
Here's what I know:
"A transformational security awareness program will pay-off. In the same way that a steady stream of water over time will create a canyon; or that small amounts of money invested will, through the magic of compound interest, turn into large sums of money, your efforts do make a lasting impact!" ?Perry Carpenter
PERRY CARPENTER is the Chief Evangelist and Strategy Officer for KnowBe4, the world's most popular security awareness and simulated phishing platform. A former security awareness researcher and CISO advisor at Gartner Research, he now works closely with Kevin Mitnick, arguably the world's most famous hacker. Perry frequently addresses management audiences at major cybersecurity conferences.
Foreword xxi
Introduction xxiii
I The Case for Transformation 1
1 You Know Why 3
Humans Are the Last Line of Defense 4
Data Breaches Tell the Story 6
Auditors and Regulators Recognize the Need for Security Awareness Training 11
Traditional Security Awareness Program Methods Fall Short of Their Goals 14
Key Takeaways 16
References 17
2 Choosing a Transformational Approach 19
Your "Why" Determines Your "What" 20
Down the Rabbit Hole 21
Outlining the Key Components and Tools of a Transformational Program 24
A Map of What's to Come 28
Part 1 in a Nutshell 30
Part 2 in a Nutshell 30
Part 3 in a Nutshell 31
Key Takeaways 32
Notes and References 32
II The Tools of Transformation 35
3 Marketing and Communications 101 for Security Awareness Leaders 37
The Communications Conundrum 38
The Marketing Connection 40
Defining Marketing 44
Embedding Your Messages 53
Get the Right Message to the Right Person at the Right Time 70
Campaigns: If You Aren't Reinforcing, Your Audience Is Forgetting 76
Tracking Results and Measuring Effectiveness 76
Know When to Ask for Help 77
Key Takeaways 78
Notes and References 78
Additional Reading 81
4 Behavior Management 101 for Security Awareness Leaders 83
Your Users Aren't Stupid, They're Human 85
Thinking, Fast and Slow 87
System 1 Thinking 88
System 2 Thinking 91
Working with Human Nature Rather Than Against 93
The Nuts and Bolts of Shaping Behavior 96
The Fogg Behavior Model 97
The Problem with Motivation 103
Nudge Them in the Right Direction 103
Frames: Why Context Is Everything 109
Designing and Debugging Behavior 117
Being Intentional with Target Groups 117
Debugging Behaviors 118
Design "Power Prompts" Wherever Possible 122
Password Management Example, Continued 123
Habits Make Hard Things Easier to Do 130
Thinking About Guardrails 132
Tracking Results and Measuring Effectiveness 133
Key Takeaways 134
Notes and References 135
Additional Reading 137
5 Culture Management 101 for Security Awareness Leaders 141
Security Culture is Part of Your Larger Organizational Culture 144
Getting Started 147
Understanding Your Culture's Status Quo 149
Go Viral: Unleash the Power of Culture Carriers 156
Cultures in (Potential) Conflict: Remember Global and Social Dynamics 164
Cultural Forces 165
Structures 167
Pressures 167
Rewards 169
Rituals 169
Tracking Results and Measuring Effectiveness 171
Key Takeaways 171
Notes and References 172
Additional Reading 174
6 What's in a Modern Security Awareness Leader's Toolbox? 175
Content Is King: Videos, Learning Modules, and More 176
Big Box Shopping: A Content Analogy 178
Types of Content 181
Experiences: Events, Meetings, and Simulations 186
Meetings, Presentations, and Lunch-and-Learns 187
Tabletop Exercises 188
Rituals 189
Webinars 190
Games 190
Simulated Phishing and Social Engineering 191
Other Simulations and Embodied Learning 192
Interactions with Other Technologies 193
Relationships: Bringing Context to Content and Experiences 194
Be Intentional and Opportunistic, Always 195
Stories and Analogies 195
Tapping into Cultural Trends 195
Opportunistic Campaigns Based on New Organizational Initiatives and Current Events 196
The Critical "At Home" Connection 197
Use Your Metrics and Anecdotes to Help Tell and Reinforce Your Story 197
Key Takeaways 198
Notes and References 198
7 Voices of Transformation: Interviews with Security Awareness Vendors 201
Anna Collard, Popcorn Training 201
Chris Hadnagy, Social Engineer 204
Drew Rose, Living Security 209
Gary Berman, The CyberHero Adventures: Defenders of the Digital Universe 211
Jason Hoenich, Habitu8 214
Jim Shields, Twist and Shout 217
Kai Roar, CLTRe 219
Lisa Plaggemier, InfoSec Institute 221
Masha Sedova, Elevate Security 224
Stu Sjouwerman, KnowBe4 226
Tom Pendergast, MediaPRO 228
Winn Schwartau, The Security Awareness Company (SAC) 231
Reference 236
III The Process of Transformation 237
8 Living Your Awareness Program Through the Eyes and Lives of Your Audience 239
A Learner Journey Map: Awareness in the Context of Life 240
Key Takeaways 248
Notes and References 248
9 Putting It All Together 251
Before You Begin 252
The Five Secrets of Security Awareness Success 252
Tips for Gaining Buy-In 259
Leverage Cialdini's Principles of Persuasion 264
Making Adjustments 269
Thoughts About Crafting Campaigns 269
Thinking Through Target Groups 271
Be Intentional with Recognition and Reward 277
Assembling Your Culture Carriers 277
Measuring Your Success 278
What Does the Future Hold? 279
Key Takeaways 280
Notes and References 281
10 Closing Thoughts 283
Leverage the Power of Community. 283
Be a Lifelong Learner 285
Be a Realistic Optimist 290
Conclusion 291
11 Voices of Transformation: Interviews with Security Awareness Program Leaders 293
Bruce Hallas, Marmalade Box 294
Carlos Miró, MUFG Union Bank 296
Dr. Cheryl O. Cooper, Sprint Corporation 298
Krina Snider, Sprint 302
Mark Majewski, Quicken Loans 305
Michael Lattimore, Independent Consultant 307
Mo Amin, Independent Consultant 311
Prudence Smith, Senior Cyber and Information Security Consultant and Industry Speaker 313
Thom Langford, (TL)2 Security 320
Tory Dombrowski, Takeform 323
Appendix: Seven Key Reminder Nudges to Help Your Recall 329
Index 331
Erscheinungsjahr: | 2019 |
---|---|
Genre: | Importe, Informatik |
Rubrik: | Naturwissenschaften & Technik |
Medium: | Taschenbuch |
Inhalt: | 368 S. |
ISBN-13: | 9781119566342 |
ISBN-10: | 1119566347 |
Sprache: | Englisch |
Einband: | Kartoniert / Broschiert |
Autor: | Carpenter, Perry |
Hersteller: | Wiley |
Verantwortliche Person für die EU: | Wiley-VCH GmbH, Boschstr. 12, D-69469 Weinheim, amartine@wiley-vch.de |
Maße: | 226 x 155 x 20 mm |
Von/Mit: | Perry Carpenter |
Erscheinungsdatum: | 21.05.2019 |
Gewicht: | 0,471 kg |
PERRY CARPENTER is the Chief Evangelist and Strategy Officer for KnowBe4, the world's most popular security awareness and simulated phishing platform. A former security awareness researcher and CISO advisor at Gartner Research, he now works closely with Kevin Mitnick, arguably the world's most famous hacker. Perry frequently addresses management audiences at major cybersecurity conferences.
Foreword xxi
Introduction xxiii
I The Case for Transformation 1
1 You Know Why 3
Humans Are the Last Line of Defense 4
Data Breaches Tell the Story 6
Auditors and Regulators Recognize the Need for Security Awareness Training 11
Traditional Security Awareness Program Methods Fall Short of Their Goals 14
Key Takeaways 16
References 17
2 Choosing a Transformational Approach 19
Your "Why" Determines Your "What" 20
Down the Rabbit Hole 21
Outlining the Key Components and Tools of a Transformational Program 24
A Map of What's to Come 28
Part 1 in a Nutshell 30
Part 2 in a Nutshell 30
Part 3 in a Nutshell 31
Key Takeaways 32
Notes and References 32
II The Tools of Transformation 35
3 Marketing and Communications 101 for Security Awareness Leaders 37
The Communications Conundrum 38
The Marketing Connection 40
Defining Marketing 44
Embedding Your Messages 53
Get the Right Message to the Right Person at the Right Time 70
Campaigns: If You Aren't Reinforcing, Your Audience Is Forgetting 76
Tracking Results and Measuring Effectiveness 76
Know When to Ask for Help 77
Key Takeaways 78
Notes and References 78
Additional Reading 81
4 Behavior Management 101 for Security Awareness Leaders 83
Your Users Aren't Stupid, They're Human 85
Thinking, Fast and Slow 87
System 1 Thinking 88
System 2 Thinking 91
Working with Human Nature Rather Than Against 93
The Nuts and Bolts of Shaping Behavior 96
The Fogg Behavior Model 97
The Problem with Motivation 103
Nudge Them in the Right Direction 103
Frames: Why Context Is Everything 109
Designing and Debugging Behavior 117
Being Intentional with Target Groups 117
Debugging Behaviors 118
Design "Power Prompts" Wherever Possible 122
Password Management Example, Continued 123
Habits Make Hard Things Easier to Do 130
Thinking About Guardrails 132
Tracking Results and Measuring Effectiveness 133
Key Takeaways 134
Notes and References 135
Additional Reading 137
5 Culture Management 101 for Security Awareness Leaders 141
Security Culture is Part of Your Larger Organizational Culture 144
Getting Started 147
Understanding Your Culture's Status Quo 149
Go Viral: Unleash the Power of Culture Carriers 156
Cultures in (Potential) Conflict: Remember Global and Social Dynamics 164
Cultural Forces 165
Structures 167
Pressures 167
Rewards 169
Rituals 169
Tracking Results and Measuring Effectiveness 171
Key Takeaways 171
Notes and References 172
Additional Reading 174
6 What's in a Modern Security Awareness Leader's Toolbox? 175
Content Is King: Videos, Learning Modules, and More 176
Big Box Shopping: A Content Analogy 178
Types of Content 181
Experiences: Events, Meetings, and Simulations 186
Meetings, Presentations, and Lunch-and-Learns 187
Tabletop Exercises 188
Rituals 189
Webinars 190
Games 190
Simulated Phishing and Social Engineering 191
Other Simulations and Embodied Learning 192
Interactions with Other Technologies 193
Relationships: Bringing Context to Content and Experiences 194
Be Intentional and Opportunistic, Always 195
Stories and Analogies 195
Tapping into Cultural Trends 195
Opportunistic Campaigns Based on New Organizational Initiatives and Current Events 196
The Critical "At Home" Connection 197
Use Your Metrics and Anecdotes to Help Tell and Reinforce Your Story 197
Key Takeaways 198
Notes and References 198
7 Voices of Transformation: Interviews with Security Awareness Vendors 201
Anna Collard, Popcorn Training 201
Chris Hadnagy, Social Engineer 204
Drew Rose, Living Security 209
Gary Berman, The CyberHero Adventures: Defenders of the Digital Universe 211
Jason Hoenich, Habitu8 214
Jim Shields, Twist and Shout 217
Kai Roar, CLTRe 219
Lisa Plaggemier, InfoSec Institute 221
Masha Sedova, Elevate Security 224
Stu Sjouwerman, KnowBe4 226
Tom Pendergast, MediaPRO 228
Winn Schwartau, The Security Awareness Company (SAC) 231
Reference 236
III The Process of Transformation 237
8 Living Your Awareness Program Through the Eyes and Lives of Your Audience 239
A Learner Journey Map: Awareness in the Context of Life 240
Key Takeaways 248
Notes and References 248
9 Putting It All Together 251
Before You Begin 252
The Five Secrets of Security Awareness Success 252
Tips for Gaining Buy-In 259
Leverage Cialdini's Principles of Persuasion 264
Making Adjustments 269
Thoughts About Crafting Campaigns 269
Thinking Through Target Groups 271
Be Intentional with Recognition and Reward 277
Assembling Your Culture Carriers 277
Measuring Your Success 278
What Does the Future Hold? 279
Key Takeaways 280
Notes and References 281
10 Closing Thoughts 283
Leverage the Power of Community. 283
Be a Lifelong Learner 285
Be a Realistic Optimist 290
Conclusion 291
11 Voices of Transformation: Interviews with Security Awareness Program Leaders 293
Bruce Hallas, Marmalade Box 294
Carlos Miró, MUFG Union Bank 296
Dr. Cheryl O. Cooper, Sprint Corporation 298
Krina Snider, Sprint 302
Mark Majewski, Quicken Loans 305
Michael Lattimore, Independent Consultant 307
Mo Amin, Independent Consultant 311
Prudence Smith, Senior Cyber and Information Security Consultant and Industry Speaker 313
Thom Langford, (TL)2 Security 320
Tory Dombrowski, Takeform 323
Appendix: Seven Key Reminder Nudges to Help Your Recall 329
Index 331
Erscheinungsjahr: | 2019 |
---|---|
Genre: | Importe, Informatik |
Rubrik: | Naturwissenschaften & Technik |
Medium: | Taschenbuch |
Inhalt: | 368 S. |
ISBN-13: | 9781119566342 |
ISBN-10: | 1119566347 |
Sprache: | Englisch |
Einband: | Kartoniert / Broschiert |
Autor: | Carpenter, Perry |
Hersteller: | Wiley |
Verantwortliche Person für die EU: | Wiley-VCH GmbH, Boschstr. 12, D-69469 Weinheim, amartine@wiley-vch.de |
Maße: | 226 x 155 x 20 mm |
Von/Mit: | Perry Carpenter |
Erscheinungsdatum: | 21.05.2019 |
Gewicht: | 0,471 kg |