security culture
play

Security Culture Why You Need One and How to Create It Masha Sedova - PowerPoint PPT Presentation

Apr 05, 2024 •295 likes •657 views

Security Culture Why You Need One and How to Create It Masha Sedova Co-Founder, Elevate Security About me Cyber Analyst for Co-Founder, building the defense community Behavioral Security Platform Built and ran Salesforce Passionate about

  1. Security Culture Why You Need One and How to Create It Masha Sedova Co-Founder, Elevate Security

  2. About me Cyber Analyst for Co-Founder, building the defense community Behavioral Security Platform Built and ran Salesforce Passionate about the intersection trust engagement team of security & behavioral science 2 Elevate Security

  3. Customer trust is built on security 3 Elevate Security

  4. 4 Elevate Security

  5. 52% of all breaches in the last year were due to hacking -VDBIR 5 Elevate Security

  6. Culture 6 Elevate Security

  7. What is culture? “The way we do things around here....” Behavior Artifacts Beliefs Values Assumptions Our experiences shape our Experiences beliefs, values, assumptions Our behaviors are driven by beliefs 7 Elevate Security

  8. “Culture eats strategy for breakfast.” -Peter Drucker

  9. Security Culture is a Subset of Enterprise Culture Enterprise IT Security 9 Elevate Security

  10. Positive vs Negative Security Culture 10 Elevate Security

  11. Competing Priorities Pick two 11 Elevate Security

  12. Opposing forces in an employee’s business decisions Deadlines Security Cost Bonus Security Debt Security Failure 12 Elevate Security

  13. Tight Control Compliance Process Culture Culture Goal: Enforce Policy Goal: Pass Audits The Competing External Focus Internal Focus Security Cultures Framework Trust Autonomy Culture Culture Goal: Empower People Goal: Get Results Loose Control 13 Elevate Security

  14. Tight Control Compliance Culture Process Culture Rational Goals Managed Coordination Conformity Stability Repeatability Visibility Documentation Standardization Goal: Enforce Policy Goal: Pass Audits External Focus Internal Focus Trust Culture Autonomy Culture Human Relations Adaptive Systems Communication Flexibility Participation Agility Commitment Innovation Goal: Empower People Goal: Get Results Loose Control 14 Elevate Security

  15. Results of SCDS 15 Elevate Security

  16. How do we drive change?

  17. Root Cause Analysis 17 Elevate Security

  18. Understanding the Problem The Five Whys Tool Ask the five whys to get to the root of a problem. 18 Elevate Security

  19. The Five Whys- Example Problem Statement: My car battery is dead 1. Why? – The alternator is not functioning. 2. Why? – The alternator belt has broken. 3. Why? – The alternator belt was well beyond its useful service life and has never been replaced. 4. Why? – I have not been maintaining my alternator belt according to any recommended service schedule. 5. Why? I didn’t realize this had to be done. 19 Elevate Security

  20. Investigate Root Cause ● Can this be solved with technology? Do it! Changing mindset is the hardest way to go about enforcing change. ● “I didn’t realize that security was part of my job.” Communication, marketing, awareness campaigns ● “I didn’t know what to do about it.” Training and skills ● “I didn’t have the resources or support to do it.” Management alignment ● “I didn’t want to.” Gamification and incentives 20 Elevate Security

  21. Behavior Change

  22. Key components of behavioral science Motivation Ability Trigger

  23. Behavior change model High Motivation Triggers Succeed Triggers Fail Low Ability *Dr. BJ Fogg Hard Easy 23 Elevate Security

  24. Behavior change model High Motivation Triggers Succeed Triggers Fail Low Ability *Dr. BJ Fogg Hard Easy 24 Elevate Security

  25. Security action can be simplifjed Have secure Report Stop passwords for all sites suspicious activity tailgating Remember 20 unique Look up correct email, Install a man-trap or HARD characters across 40+ sites reporting guidelines & send in/out badging Install a password manager Install a “report” button Social accountability EASY 25 Elevate Security

  26. What about things that are hard to do? High Motivation Triggers Succeed Triggers Fail Low Ability *Dr. BJ Fogg Hard Easy 26 Elevate Security

  27. Most employees will not care about security as much as we’d like them to 27 Elevate Security

  28. What motivates us? “ People will do things because they matter, they are interesting, part of something more ” important. Daniel Pink, Drive 28 Elevate Security

  29. How to Create Positive Motivation Status Competition Altruism Access Achievement 29 Elevate Security

  30. The power of social proof 30 Elevate Security

  31. Social proof Control in security Keep Your Account Safe You can use security settings to protect your account and make sure it can be recovered if you ever lose access. Social context Keep Your Account Safe 1.36x more successful 108 of your friends use extra security settings. You can when using social proof also protect your account and make sure it can be recovered if you ever lose access. 31 Elevate Security

  32. Compromised Rates 32 Elevate Security

  33. Password manager 33 Elevate Security

  34. Applying Gamifjcation 34 Elevate Security

  35. Takeaways Understand your security culture Assess if its a positive or negative security culture Identify the blockers to positive security culture Reinforce and motivate positive behaviors 35 Elevate Security

  36. Q&A Masha@ElevateSecurity.com 36 Elevate Security

Recommend

Building a Culture of Security Agenda What is a Culture of Security? Regulatory

Building a Culture of Security Agenda What is a Culture of Security? Regulatory

Building a Culture of Security Agenda What is a Culture of Security? Regulatory Requirements Cyber Hygiene How to Develop a Culture of Security What is a Culture of Security A set of values, shared by everyone in an

350 views • 11 slides
Corporate Security Culture View from the T op What do we mean by Corporate Culture? Refers

Corporate Security Culture View from the T op What do we mean by Corporate Culture? Refers

Corporate Security Culture View from the T op What do we mean by Corporate Culture? Refers to the shared values, attitudes, standards, and beliefs that characterize members of an organization and define its nature Rooted in an

329 views • 14 slides
The Right Culture Why culture matters Wh lt tt What a great culture looks like

The Right Culture Why culture matters Wh lt tt What a great culture looks like

4/30/2014 Building the Right Culture for Your Organization Barbara Schmidt Kemp North Star Consultants LLC Guiding organizations and leaders in the right direction 1 The Right Culture Why culture matters Wh lt tt What a

356 views • 17 slides
Combined Nuclear Security and Safety Culture Self-assessments in NPPS Practical experiences of

Combined Nuclear Security and Safety Culture Self-assessments in NPPS Practical experiences of

Combined Nuclear Security and Safety Culture Self-assessments in NPPS Practical experiences of combined nuclear security and safety culture self-assessment in Nuclear Power Plants in Hungary (2015, Paks) and Canada (2016, Bruce Power, Ontario)

508 views • 18 slides
U.S. NRC: Safety and Security Policy and Oversight Diane Sieracki Sr. Safety Culture Program

U.S. NRC: Safety and Security Policy and Oversight Diane Sieracki Sr. Safety Culture Program

U.S. NRC: Safety and Security Policy and Oversight Diane Sieracki Sr. Safety Culture Program Manager Office of Enforcement U.S. Nuclear Regulatory Commission November 14, 2017 1 Outline NRC s Safety Culture Policy Statement

415 views • 16 slides
Making the invisible visible Method Results A theory of security culture for secure and usable

Making the invisible visible Method Results A theory of security culture for secure and usable

Making the invisible visible S. Faily, I. Flchais Introduction Making the invisible visible Method Results A theory of security culture for secure and usable grids Cases What is Security Culture? Guidelines Future work S. Faily I.

692 views • 17 slides
Five Secrets to Building a Security Culture WWW.ISECOM.ORG Secret #1 You are NOT designed by

Five Secrets to Building a Security Culture WWW.ISECOM.ORG Secret #1 You are NOT designed by

Five Secrets to Building a Security Culture WWW.ISECOM.ORG Secret #1 You are NOT designed by default to be security aware. You are not aware or in control of your thoughts. You are a bag of hormones and disease making wants and needs.

259 views • 9 slides
impact of Security. I SPEAKER'S BIOGRAPHY The Speaker is the former Chairman, Technical Committee

impact of Security. I SPEAKER'S BIOGRAPHY The Speaker is the former Chairman, Technical Committee

GSX 1201s PRESENTATION TITLE: ORGANIZATIONAL SECURITY CULTURE:A NEW BUSINESS PARADIGM ABSTRACT "Security is everybody's Concern" is the most frequently expressed among the basic principles of Security; but how it's done is just as

223 views • 9 slides
Enhancing Openness and Transparency in NRC Security Inspection Programs Holly Springs Culture

Enhancing Openness and Transparency in NRC Security Inspection Programs Holly Springs Culture

Enhancing Openness and Transparency in NRC Security Inspection Programs Holly Springs Culture Center Holly Springs, NC July 30, 2008; 5 pm 9 pm 1 AGENDA Welcome Paul W. Harris, Senior Program Manager Division Reactor Security

172 views • 14 slides
BENJAMIN BEBERNESS, CHIEF INFORMATION OFFICER SNOHOMISH COUNTY PUBLIC UTILITY DISTRICT AGENDA

BENJAMIN BEBERNESS, CHIEF INFORMATION OFFICER SNOHOMISH COUNTY PUBLIC UTILITY DISTRICT AGENDA

BENJAMIN BEBERNESS, CHIEF INFORMATION OFFICER SNOHOMISH COUNTY PUBLIC UTILITY DISTRICT AGENDA Security Culture Culture of Collaboration Culture of Thinking Outside the Box Culture of Managing Risk - Risk Assessment WHAT IS SECURITY

342 views • 18 slides
Building Robust Nuclear Security Culture in Nuclear Research Centers Jayarajan Kutuvan Bhabha

Building Robust Nuclear Security Culture in Nuclear Research Centers Jayarajan Kutuvan Bhabha

Building Robust Nuclear Security Culture in Nuclear Research Centers Jayarajan Kutuvan Bhabha Atomic Research Centre Mumbai, India kjayaraj@barc.gov.in Outline of Presentation Nuclear security culture Nuclear research centers in India

600 views • 27 slides
CAC Safety Report 2018-19 John Heiderscheidt Director of Safety and Culture Safety and Security

CAC Safety Report 2018-19 John Heiderscheidt Director of Safety and Culture Safety and Security

CAC Safety Report 2018-19 John Heiderscheidt Director of Safety and Culture Safety and Security Technology What has been done to address safety and security? Using Safety Technology BASCO - Building Access Security Control Office

445 views • 26 slides
LPS Board of Educations Community Conversations: Safety and Security, Climate and Culture,

LPS Board of Educations Community Conversations: Safety and Security, Climate and Culture,

LPS Board of Educations Community Conversations: Safety and Security, Climate and Culture, Mental Health, and Diversity LPS Board of Education Focus Area 7: Promote and provide a safe environment that fosters caring, respect, and compassion

450 views • 20 slides
Nuclear Security Culture As a Tool to Address Insider Threat Dr. Igor Khripunov at The IAEA

Nuclear Security Culture As a Tool to Address Insider Threat Dr. Igor Khripunov at The IAEA

Nuclear Security Culture As a Tool to Address Insider Threat Dr. Igor Khripunov at The IAEA International Conference on Physical Protection, 13-17 November 2017, Vienna, Austria Overview Insider threat and the role of Nuclear Security

552 views • 15 slides
Culture: Its not what you do, its the way that you do it 6 th October 2020 Culture a

Culture: Its not what you do, its the way that you do it 6 th October 2020 Culture a

Exploring Organisational Culture: Its not what you do, its the way that you do it 6 th October 2020 Culture a framing Alastair Mitchell-Baker Tricordant 2 5 What is culture? What happens when no one is looking The environment in

552 views • 17 slides
What is Culture? Culture has to do with values and beliefs as well as customs and

What is Culture? Culture has to do with values and beliefs as well as customs and

What is Culture? Culture has to do with values and beliefs as well as customs and traditions Culture is learned and handed down from generation to generation Culture influences and shapes our behaviors and attitude

771 views • 37 slides
Company Presentation Culture Culture is everyones business Culture in its broad sense

Company Presentation Culture Culture is everyones business Culture in its broad sense

Company Presentation Culture Culture is everyones business Culture in its broad sense including visual arts, music, cinema, theatre, performance, food, crafts, and folklore, among others is today an important dimension of any

726 views • 17 slides
OPERATOR S SECURITY CULTURE Carsten Speicher Ministry of the Environment, Climate Protection

OPERATOR S SECURITY CULTURE Carsten Speicher Ministry of the Environment, Climate Protection

IAEA International Conference on Physical Protection of Nuclear Material and Nuclear Facilities THE REGULATOR S TOOLS TO SUPPORT THE OPERATOR S SECURITY CULTURE Carsten Speicher Ministry of the Environment, Climate Protection and the

456 views • 17 slides
Safety & Security Culture Commission Briefing Shawn W. Seeley, Chair Organization of

Safety & Security Culture Commission Briefing Shawn W. Seeley, Chair Organization of

Safety & Security Culture Commission Briefing Shawn W. Seeley, Chair Organization of Agreement States March 30, 2010 In favor of policy statement Regulation too formal Agreement States: co-regulator in process Workshop

599 views • 10 slides
Security and Social Context or Why Facebook is Worth Fixing Security and Human Behavior Jun 12,

Security and Social Context or Why Facebook is Worth Fixing Security and Human Behavior Jun 12,

Security and Social Context or Why Facebook is Worth Fixing Security and Human Behavior Jun 12, 2009 Joseph Bonneau, Computer Laboratory Today I) Culture gap on social networks is hurting security II) The future of the internet is social

762 views • 17 slides
Culture A Disciplined Approach to Creating a Positive Culture for Staff, Students and

Culture A Disciplined Approach to Creating a Positive Culture for Staff, Students and

Culture A Disciplined Approach to Creating a Positive Culture for Staff, Students and Community What does Culture mean to you? CULTURE What we believe. How we behave. The experience we create for others. Culture Drives

796 views • 53 slides
Culture has to do with values and beliefs as well as customs and traditions Culture

Culture has to do with values and beliefs as well as customs and traditions Culture

Culture has to do with values and beliefs as well as customs and traditions Culture is learned and handed down from generation to generation Culture influences and shapes our behaviors and attitude Culture is

419 views • 30 slides
TRUE GRIT & CULTURE WARRIOR How to Grow a Culture of Success The Way of the Culture Warrior

TRUE GRIT & CULTURE WARRIOR How to Grow a Culture of Success The Way of the Culture Warrior

TRUE GRIT & CULTURE WARRIOR How to Grow a Culture of Success The Way of the Culture Warrior Its Not the Books You Ownor even the ones youve read. 6 Its the Principles we put into practice and into play that matter. Do the

840 views • 45 slides
Challenges in Establishing Effective Nuclear Security Culture Anil Kohli Raja Ramanna Fellow

Challenges in Establishing Effective Nuclear Security Culture Anil Kohli Raja Ramanna Fellow

Challenges in Establishing Effective Nuclear Security Culture Anil Kohli Raja Ramanna Fellow Department of Atomic Energy Nuclear Safety Evolution of Safety Regulations Malicious Elements - Acts of Terrorism - Thefts, Sabotage

471 views • 15 slides

More recommend