Are your efforts to raise awareness and change behaviour leaving you a bit underwhelmed?
Do you get frustrated in managing the human factor?
Should we ever expect 100% compliance?
We don’t think so.
No-one can guarantee that there will never be a breach. An effective security strategy is about two things;
- reducing the likelihood of an incident
- reducing the impact when one occurs
Cyber resilience is the term on everyone’s lips and this is all about risk management.
So why aren’t we applying the principles of risk management to the challenge we call the human factor?
Isn’t it time that we bring this in line with all the other aspects of information security?
We think so and we want to help you to do it. And do it well.
We will show you how you can demonstrably apply the principles of risk management to the challenge of the human factor.
During this workshop will show you how organisations can demonstrate a risk-based approach to education and awareness, influencing behaviour and cultivating an appropriate organisational culture.
We’ll share insights with you about the common approaches that undermine and improve raising awareness, behaviour and culture.
Everything we teach is based on Nobel Prize-winning research and expertise from world leaders in awareness, behaviour, culture and learning and development.
This stuff works and is proven. And we want to help you to apply it to the business challenge of improving security awareness, behaviour and culture.
That’s a tall order and we’ll show you how you can pull it off.
- A risk assessment methodology to assess the risk associated with a breach of awareness, behaviour and culture, so that you can do this time and time again.
- A new view on how to meet the challenge of managing the human factor based on science, data and real-life success stories that surround us, to up your game and deliver better results.
- How your education and awareness strategy can potentially help mitigate liability damages following an incident so that you can better protect your organisation’s reputation and profit.
- How to demonstrate to stakeholders that your security education programme satisfies your obligation to manage risk effectively so that you can secure the necessary buy-in and investment.
What we’ll be doing
Over the course of 2 days, we will…
- Map the process commonly used for raising awareness and influencing behaviour to comply with organisational policy.
- Examine all the ways that are used in trying to make people aware of how we need them to act, including people’s responsibilities, processes, policies, communication and technology.
- Perform a risk assessment and identify the vulnerabilities within the process including those specifically that apply to the human factor.
- Consider the threats which can exploit the vulnerabilities we’ve identified.
- Explore the impact they can have on your efforts to raise awareness, influence behaviour and cultivate an appropriate organisational culture.
You’ll walk away with
- A risk assessment that identifies the vulnerabilities and threats to achieving your KPIs.
- An impact assessment that shows how a lack of awareness, appropriate behaviour or culture can affect your organisation, including the cost exposure.
- A strong business case for stakeholders to understand WHY they need to invest in managing the human factor through a more mature approach.
- The first step to a more mature and demonstrable approach to the challenge of the human factor which will resonate with all risk based security professionals
Who’s Likely to Benefit from Attending
This course is suited to CISO’s, CSO’s, Directors, Managers and Consultants responsible for developing and implementing strategy for raising awareness, influencing behaviour, and embedding security within a organisation’s culanure.
What other CISO’s Have Said About the Workshop
“Our lack of understanding of the impact of culture on security outcomes is one of the main reasons that we’ve struggled to influence security behaviours. It’s fantastic to see someone tackling the issue of security culture and its impact on behaviour in such a structured and practical way. “
Geordie Stewart CISO TUI UK & Europe
“I haven’t attended any workshops previously which have been as focussed as SABC™ on the topic of developing awareness into behavioural change. “
David Rimmer, VP Information Security and Global Head of Education & Awareness Equifax
“This workshop and methodology are unique, in my perspective, for tapping into cultural change methods.”
James Mulhern, CISO at EduServe
The workshop is lead by Bruce Hallas, the founder of SABC™, the host of the Re-Thinking the Human Factor Podcast, founder of The Analogies Project and author of the Re-Thinking the Human Factor book.
Bruce has spent 6 years researching the challenge of how to demonstrably raise awareness, influence behaviour and embed security into an organisation’s culture. He’s left few stones unturned in his quest to re-think the human factor and develop a framework which will feel reassuringly comfortable for any security professional. But, most importantly, he has implemented SABC™ within organisations spanning the world and will be drawing on real life examples of where the lessons learned have been applied.
Over the past 4 years Bruce has been invited to share his innovative thinking on the subject by organisations such as the ISF and ISC2 throughout Europe, the Middle East and Africa, and at conferences including InfoSec Europe, RSA Europe and the European CISO Summit.