How to Make a Security Awareness Program… FAIL!
Ready for some free advice? This information is pulled from a talk that our founder will be giving at next week’s International ISSA Conference in Orlando.
Winn Schwartau: Security, Privacy, Infowar, and Cyber-Terrorism Expert
Are you ready for a wake-up call? How about two?
1. Security awareness programs are a valuable part of every company’s security strategy.
2. Security awareness programs are abysmal failures and a waste of resources.
Which is it? After 30+ years in the information security business, Winn Schwartau has been involved in scores of controversial debates and held more than the occasional unpopular idea. In this exciting, provocative and interactive session, Winn will again move you from your comfort zone, and show you How to Make Security Awareness Program Fail. Epically. Fall flat on its face and become an abysmal failure while still wasting valuable resources.
- Since readability is not important, and graphics and multi-media use up valuable bandwidth, all awareness should be done in small font text.
- Make it unintelligible by hiring an English Major to run your security awareness messaging.
- Your CISO took a film class in college. Use his expertise.
- Never, ever, use casual language as it might improve communications.
- Humor has no place in the workplace.
And that is only the beginning. Learn other ways organizations can totally screw the pooch while trying to get:
- Users to behave with at least a modicum of common sense?
- Executives to follow the rules? Any rules at all?
- Geeks to stop making “totally secure, hidden back doors” to make maintenance easier?
No, Security Awareness Programs are not perfect and will NOT solve everything. But learning how to make one Fail is critical to understanding how to make one successful.
So, what’s on the other end of Schwartau’s security awareness spectrum?
Hope. And a creative landscape of ideas, hints, techniques, tricks and tips he has used and seen used over the last 30 years – that work. That don’t suck. Stay tuned and do not miss his irreverent, but ‘spot-on’ analysis of security awareness – and how to design an affordable and effective program that addresses the real issue: the successful cohabitation of man and machine. It can be done.