Transformational Security Awareness

Book description

Expert guidance on the art and science of driving secure behaviors 

Transformational Security Awareness empowers security leaders with the information and resources they need to assemble and deliver effective world-class security awareness programs that drive secure behaviors and culture change. 

When all other processes, controls, and technologies fail, humans are your last line of defense. But, how can you prepare them? Frustrated with ineffective training paradigms, most security leaders know that there must be a better way. A way that engages users, shapes behaviors, and fosters an organizational culture that encourages and reinforces security-related values. The good news is that there is hope. That’s what Transformational Security Awareness is all about.

 Author Perry Carpenter weaves together insights and best practices from experts in communication, persuasion, psychology, behavioral economics, organizational culture management, employee engagement, and storytelling to create a multidisciplinary masterpiece that transcends traditional security education and sets you on the path to make a lasting impact in your organization.

  • Find out what you need to know about marketing, communication, behavior science, and culture management
  • Overcome the knowledge-intention-behavior gap
  • Optimize your program to work with the realities of human nature
  • Use simulations, games, surveys, and leverage new trends like escape rooms to teach security awareness
  • Put effective training together into a well-crafted campaign with ambassadors
  • Understand the keys to sustained success and ongoing culture change
  • Measure your success and establish continuous improvements

Do you care more about what your employees know or what they do? It's time to transform the way we think about security awareness. If your organization is stuck in a security awareness rut, using the same ineffective strategies, materials, and information that might check a compliance box but still leaves your organization wide open to phishing, social engineering, and security-related employee mistakes and oversights, then you NEED this book.

Table of contents

  1. Cover
  2. Foreword
  3. Introduction
  4. I: The Case for Transformation
    1. 1 You Know Why…
      1. Humans Are the Last Line of Defense
      2. Data Breaches Tell the Story
      3. Auditors and Regulators Recognize the Need for Security Awareness Training
      4. Traditional Security Awareness Program Methods Fall Short of Their Goals
      5. Key Takeaways
      6. References
    2. 2 Choosing a Transformational Approach
      1. Your “Why” Determines Your “What”
      2. Down the Rabbit Hole
      3. Outlining the Key Components and Tools of a Transformational Program
      4. A Map of What's to Come
      5. Key Takeaways
      6. Notes and References
  5. II: The Tools of Transformation
    1. 3 Marketing and Communications 101 for Security Awareness Leaders
      1. The Communications Conundrum
      2. The Marketing Connection
      3. Campaigns: If You Aren't Reinforcing, Your Audience Is Forgetting
      4. Tracking Results and Measuring Effectiveness
      5. Know When to Ask for Help
      6. Key Takeaways
      7. Notes and References
      8. Additional Reading
    2. 4 Behavior Management 101 for Security Awareness Leaders
      1. Your Users Aren't Stupid, They're Human
      2. Thinking, Fast and Slow
      3. Working with Human Nature Rather Than Against
      4. The Nuts and Bolts of Shaping Behavior
      5. The Problem with Motivation
      6. Designing and Debugging Behavior
      7. Tracking Results and Measuring Effectiveness
      8. Key Takeaways
      9. Notes and References
      10. Additional Reading
    3. 5 Culture Management 101 for Security Awareness Leaders
      1. Security Culture Is Part of Your Larger OrganizationaI CuIture
      2. Getting Started
      3. Cultures in (Potential) Conflict: Remember Global and Social Dynamics
      4. Cultural Forces
      5. Tracking Results and Measuring Effectiveness
      6. Key Takeaways
      7. Notes and References
      8. Additional Reading
    4. 6 What's in a Modern Security Awareness Leader's Toolbox?
      1. Content Is King: Videos, Learning Modules, and More
      2. Experiences: Events, Meetings, and Simulations
      3. Relationships: Bringing Context to Content and Experiences
      4. Be Intentional and Opportunistic, Always
      5. Use Your Metrics and Anecdotes to Help Tell and Reinforce Your Story
      6. Key Takeaways
      7. Notes and References
    5. 7 Voices of Transformation: Interviews with Security Awareness Vendors
      1. Anna Collard, Popcorn Training
      2. Chris Hadnagy, Social Engineer
      3. Drew Rose, Living Security
      4. Gary Berman, The CyberHero Adventures: Defenders of the Digital Universe
      5. Jason Hoenich, Habitu8
      6. Jim Shields, Twist and Shout
      7. Kai Roar, CLTRe
      8. Lisa Plaggemier, InfoSec Institute
      9. Masha Sedova, Elevate Security
      10. Stu Sjouwerman, KnowBe4
      11. Tom Pendergast, MediaPRO
      12. Winn Schwartau, The Security Awareness Company (SAC)
      13. Reference
  6. III: The Process of Transformation
    1. 8 Living Your Awareness Program Through the Eyes and Lives of Your Audience
      1. A Learner Journey Map: Awareness in the Context of Life
      2. Key Takeaways
      3. Notes and References
    2. 9 Putting It All Together
      1. Before You Begin
      2. Thoughts About Crafting Campaigns
      3. Measuring Your Success
      4. What Does the Future Hold?
      5. Key Takeaways
      6. Notes and References
    3. 10 Closing Thoughts
      1. Leverage the Power of Community
      2. Be a Lifelong Learner
      3. Be a Realistic Optimist
      4. Conclusion
    4. 11 Voices of Transformation: Interviews with Security Awareness Program Leaders
      1. Bruce Hallas, Marmalade Box
      2. Carlos Miró, MUFG Union Bank
      3. Dr. Cheryl O. Cooper, Sprint Corporation
      4. Krina Snider, Sprint
      5. Mark Majewski, Quicken Loans
      6. Michael Lattimore, Independent Consultant
      7. Mo Amin, Independent Consultant
      8. Prudence Smith, Senior Cyber and Information Security Consultant and Industry Speaker
      9. Thom Langford, (TL)2 Security
      10. Tory Dombrowski, Takeform
  7. Appendix: Seven Key Reminder Nudges to Help Your Recall
  8. Index
  9. End User License Agreement

Product information

  • Title: Transformational Security Awareness
  • Author(s): Perry Carpenter
  • Release date: May 2019
  • Publisher(s): Wiley
  • ISBN: 9781119566342