THE WAY TO INSTIL A SECURITY-AWARE CULTURE IN YOUR BUSINESS

Transcription

1 eriskology THE WAY TO INSTIL A SECURITY-AWARE CULTURE IN YOUR BUSINESS

2 eriskology THE WAY TO INSTIL A SECURITY-AWARE CULTURE IN YOUR BUSINESS A 3-year, organic program applying simple, intuitive, personal multi-media messaging through 4 harmonised pathways. Pathways are designed to measure existing and changing awareness states through the capture of key performance indicators collected to confirm & measure cultural change. Behaviour changes are also verified through live social engineering tests conducted against the staff to produce, what we have called, a calculated InfoSec Quotient (IQ) rating for your business. eriskology will not only get in their heads it will prove its in their heads. Other security awareness solutions don t come close to this achievement.

3 eriskology INSPIRE Inspire them through meaningful, thought-provoking and collaborative onsite workshops given to your staff by seasoned information security risk trainers. Stimulate your staff s notions on cyber security by questioning their ideas of privacy, highlighting their extreme reliance on technology and challenging any assumptions they may have that the devices they depend upon daily are inherently secure. The first step to solving a problem is recognising there is one.

4 eriskology EMPOWER Empower them by providing focused, interactive, multi-media elearning on critically fundamental information security topics such as: What is it?, Why does it matter?, What does good security look like?, How does hacking work? and What should I do now?. Light, interesting and jargon-free course content that takes around 45 minutes to complete. It s followed by a test to confirm that their understanding empowers them to act. Knowledge is power and interest pulls the switch.

5 eriskology ENGAGE Engage them through a consistent flow (monthly) of current, relevant and fascinating information that they can use in both their personal and professional lives. Short videos, podcasts, infographics, bulletins and alerts ensure they stay engaged. Feeding staff a steady diet of current examples, trends, threats and best practice will nourish and strengthen the messages they received in workshops and online training and increase the chances they will change their behaviour. Repetition is the mother of learning and the father of action, which makes it the DNA of change.

6 eriskology MEASURE Measure them by collecting metrics at each of the previous stages through surveys, tests and quizzes and then conducting a series of social engineering tests annually, designed to confirm if they assimilated the information, increased their awareness and have changed their behaviour. Program metrics recorded in the first year can then be used as a benchmark to document behavioural changes attained yearly thereafter. If you can t measure it, you can t improve it.

7 Year 1 Year 2 Year 3 PATHWAYS 36 MONTHS THE JOURNEY INSPIRE EMPOWER CLICK ON THE ICONS TO DISCOVER PROGRAMME COMPONENTS. ENGAGE MEASURE InfoSec Quotient (metric) capture

8 Year 1 Year 2 Year 3 PATHWAYS 36 MONTHS THE JOURNEY INSPIRE EMPOWER CLICK ON THE ICONS TO DISCOVER PROGRAMME COMPONENTS. ENGAGE MEASURE InfoSec Quotient (metric) capture

9 InfoSec Quotient Capture Each red dot on the timeline graphic represents a point where a KPI or metric is captured. This is fed into the annual infosec quotient and would demonstrate continuous improvement.

10

11 eriskology Each year your business will be assigned an InfoSec Quotient (I.Q) Based on key performance indicators captured from your staff over 36 months. InfoSec Quotient (I.Q) rating 53 Annual metrics are used to tweak program content in the following year to ensure understanding and raise awareness levels. Measuring their growing appreciation, awareness and practice of information security. See quantifiable progress over the full program period.

12 eriskology eriskology This is to certify that ACMI Corp has achieved an annual Information Security Awareness rating of: 53 I.Q. InfoSec Quotient Certificate Issued annually Social Engineering testing, surveys and quiz result metrics are gathered annually and correlated. Your company is then issued with an Annual Information Security Awareness certificate with I.Q. rating stated. Date Signature Gauge your progress over the 3 year programme to ensure that it s not only getting in their heads, it s staying in their heads.

13 eriskology CERTIFICATE OF COMPLETION This is to certify that Joseph Bloggs has successfully completed Information Security Awareness elearning elearning Certificate of Completion Once a participant has successfully completed an elearning course they are issued with a certificate of completion. This certificate goes towards your company s metrics for it s annual I.Q rating and also meets your training compliance requirements where relevant. Date Signature

14 We appreciate you taking the time to view this presentation Please contact us if you have any questions eriskology is powered by Risk Crew a wholly owned subsidiary of Risk Factory Ltd 5 Maltings Place, 169 Tower Bridge Road, London SE1 3JB Contact: nick.roberts@riskcrew.com Call: +44(0)