Training and awareness programmes have shown significant limitations in transforming organisational wide behaviour and bringing about cultural change. The barriers to change are far broader and deeper embedded than most would imagine. The implications to governance, risk and compliance should not be ignored.
This workshop will introduce how current approaches to developing and delivering training and awareness have significant limitations when achieving changes in levels of awareness, security behaviours and influencing organisational culture. It will then introduce attendees to the holistic principles behind SABC™, a new framework based on 6 years of research. The insights we share are based on interviews with world leaders in awareness, behaviour, culture, learning and development. They utilise Nobel Prize winning research and they enable security professionals to demonstrably improve levels of security awareness, behaviour and culture.
What you will discover?
- The limitations of the current accepted approaches to security awareness, behaviour and culture.
- A new view on how to meet the challenge of managing the human factor based on science, data and real-life success stories that surround us.
- How the maturity of your security education and awareness strategy and programmes can either increase or minimise risk exposure;
- Why a focus on awareness is a proven gamble with your, and your organisation’s, reputation and what you might do to manage this.
- New insights into how behaviours are formed and influenced ethically, and how this knowledge might be of value in developing an effective strategy for education, awareness and compliance.
- New insights into how cultures are formed and influenced and how this knowledge might be incorporated into the development and implementation of your security strategy.
- New thinking regarding the challenge of creating meaningful metrics regarding awareness, behaviour and culture.
- How your education and awareness strategy can potentially help mitigate liability damages following an incident.
- How to demonstrate to external stakeholders that your security education programme satisfies your obligation to manage risk effectively.
Who’s Likely to Benefit from Attending
This course is suited to CISO’s, CSO’s, Directors, Managers and Consultants responsible for developing and implementing strategy for raising awareness, influencing behaviour, and embedding security within a organisation’s culture.
What other CISO’s Have Said About the Workshop
“Our lack of understanding of the impact of culture on security outcomes is one of the main reasons that we’ve struggled to influence security behaviours. It’s fantastic to see someone tackling the issue of security culture and its impact on behaviour in such a structured and practical way. “
Geordie Stewart CISO TUI UK & Europe
“I haven’t attended any workshops previously which have been as focussed as SABC™ on the topic of developing awareness into behavioural change. “
David Rimmer, VP Information Security and Global Head of Education & Awareness Equifax
“This workshop and methodology are unique, in my perspective, for tapping into cultural change methods.”
James Mulhern, CISO at EduServe
Your course leader is Bruce Hallas. Bruce is the Founder of SABC™, the Host of the Re-Thinking the Human Factor Podcast, Founder of The Analogies Project and Author of the Re-Thinking the Human Factor book due to be published in May 2018.
Bruce has spent 6 years researching the challenge of how to demonstrably raise awareness, influence behaviour and embed security into an organisation’s culture. He’s left few stones unturned in his quest to re-think the human factor and develop a framework which will feel reassuringly comfortable for any security professional. But, most importantly, he has implemented SABC™ within organisations spanning the world and will be drawing on real life examples of where the lessons learned have been applied.
Over the past 4 years Bruce has been invited to share his innovative thinking on the subject by organisations such as the ISF and ISC2 throughout Europe, the Middle East and Africa, and at conferences including InfoSec Europe, RSA Europe and the European CISO Summit.