Welcome to the Re-Thinking the Human Factor podcast. It’s a podcast for information security professionals, where we will be asking our guests to share thoughts and insights on security awareness, behaviour and culture.
Our guests come, predominately, from outside of the security industry. They all specialise in elements of awareness, behaviour and culture, or they have effectively tackled similar challenges, in their own industry or careers. The one thing that unites them all is their willingness to share their experience in the hope it might give our audience food for thought.
The human factor. In the middle of a global breach.
In previous episodes of the podcast we have explored why human judgement and decision making, which drives our behaviour, is heavily influenced by the environment within which we make our decisions.
In this episode we take this one step further and ask how employee awareness, behaviour and culture pans out, after all of the theorising and planning, when the tranquil environment of corporate learning is replaced by the rawness of a major security crisis.
An interview with the co-authors of the CyberSecurity ABC's book on awareness, behaviour and culture.
A regulators view on awareness, behaviour and culture.
In this episode I have the privilege to chat with the ex Information Commissioner to the United Kingdom, Richard Thomas.
Richard explains the challenges that he and his team faced around awareness, behaviour and culture and also his thoughts around what good awareness, behaviour and culture might look like from a regulators perspective when assessing an organisation who has been reported to the regulator for a breach in security around personal data.
A people centric approach to cyber security.
The vast majority of cyber attacks target people, not technology. That's why an approach to cybersecurity that centres around people can be a game changer. Research shows that ensuring employees know what to do when faced with a real threat can reduce successful phishing attacks and malware infections by up to 90%. But how do you go about it?
Content is king or so the saying goes!
In this episode we explore video content generation to support your efforts to influence employee awareness and behaviour and the need to be aware of the impact your information security team brand can have, on the success of all of your efforts.
What role training materials must play in building security aware-rich organisations?
Turning to specialists in learning and development is natural response to the need to develop a work force that is not only aware of cyber security risks, but is also competent to manage these effectively. However, the world of L&D, has been going through a paradigm shift and all down to improvements in our understanding of cognitive science (brain science). In this episode we'll explore those shifts and highlight some best practices which aren't as good as claimed.