Cyber Breakfast Briefing in Edinburgh

Written by Graham Watson | News | General | Event | Posted 16/05/2018 11:11:01

On Wednesday the 2nd of May I, in association with Sanderson, hosted a breakfast roundtable discussion on ‘Lessons Learned in Effective Security Awareness Programmes.’ The roundtable was well attended by Security Leaders from a number of organisations, each with responsibility for addressing the human element of cyber security.

The topics of discussion were; Ethics of Phishing Tests, MI and Feedback Loops, Forming a Plan and Significantly Altering Behaviours.

Each topic sparked a lot of very valuable contribution and some great insights. There were some key takeaways:

Ethics of Phishing Tests – The ethics of performing this sort of test are often questioned at the outset by those at the top of the organisation. But done right, these concerns often dissipate over time.

In addition, being clear about what you are trying to achieve is important as different tests can meet different needs.

MI and Feedback Loops – Key to understanding how successful you’re being is determining useful metrics. Without good metrics, at the very least you are susceptible to a false sense of security.

Forming a Plan – A one size fits all approach can more usefully be described as a “one size fits none approach.” From the starting point of planning, the discussion progressed to cover the need to deal with cultural differences and whether there should be a separate security culture and awareness function within a larger security team.

Significantly Altering Behaviours – There was general agreement that focussed activity is essential and that performing annual training is akin to doing a once-a-year fitness day and expecting to be able to run a marathon.

Additionally, an essential string to the security professional’s bow is the ability to help the design of better systems by being able to contribute to the User Experience (UX) of systems with an understanding of human behaviour.

Fortunately for me, the above is a validation of some of the value we bring to our clients at Advanced Engagement and also echoes the problems we see potential clients needing to overcome in terms of Security Awareness and Culture Change.

It was clear that Security Awareness and Culture Change are relevant to all sections of a Security function, not just the part dealing with Security Awareness, and that there is an appetite for continuing the discussion.

As such, we’re planning to host more events on this subject and to focus on a diverse set of organisations including the public sector.

"It was a fantastic, thought - provoking discussion, where everyone shared their opinions openly.The event was such a success we will be looking to run another later this year in Edinburgh and hopefully look to expand to London and Manchester in the near future.”

- Mary Worthington, Delivery Manager - Cyber & Information Security

We have updated our privacy notice. Click here to view our new privacy notice or click here to accept and close close
close This site uses some unobtrusive cookies to store information on your computer.

Some cookies on this site are essential, and the site won't work as expected without them. These cookies are set when you submit a form, login or interact with the site by doing something that goes beyond clicking on simple links.

We also use some non-essential cookies to anonymously track visitors or enhance your experience of the site. If you're not happy with this, we won't set these cookies but some nice features of the site may be unavailable.

To control third party cookies, you can also adjust your browser settings.

By using our site you accept the terms of our Privacy Policy