Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap...
Transcript of Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap...
![Page 1: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/1.jpg)
How to develop secure human behaviour? Closing the gap between knowing and doing
11:30 uur - Amsterdam ‘72
Wilbert Pijnenburg CISA CISSP [email protected]
![Page 2: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/2.jpg)
About BeOne DevelopmentAbout BeOne Development
![Page 3: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/3.jpg)
An introduction
![Page 4: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/4.jpg)
![Page 5: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/5.jpg)
![Page 6: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/6.jpg)
![Page 7: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/7.jpg)
![Page 8: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/8.jpg)
Holle Bolle Gijs eats 460.000 kilos of paper a year.
Holle Bolle Gijs has eaten a total of more than 25 million kilos of paper.
![Page 9: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/9.jpg)
Technology, organisation and ….. humans
![Page 10: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/10.jpg)
The human factor is hot …
![Page 11: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/11.jpg)
Security Awareness in the past
…. but often ineffective
![Page 12: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/12.jpg)
Security Awareness in the past
❑❑❑❑❑❑❑❑
![Page 13: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/13.jpg)
Why we know, but don’t do
Source: Tali Sharot, ‘The optimism bias’
![Page 14: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/14.jpg)
Security awareness is a process
✓ Involve management
✓ Organise the right project team
✓ On-boarding for new employees
✓ Information security fundamentals
![Page 15: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/15.jpg)
Is broadcasting knowledge sufficient?
![Page 16: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/16.jpg)
Behavioural change
10:30
Open minded
Understanding
Willing
Maintaining
Doing
Be able to
Source: M.F.K. Balm, ‘Behavioural change model’
![Page 17: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/17.jpg)
Confrontation by testing
![Page 18: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/18.jpg)
Moving with pleasure
and
freezing with fear
![Page 19: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/19.jpg)
Start with making an
emotional connection
![Page 20: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/20.jpg)
![Page 21: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/21.jpg)
Ebbinghaus forgetting curve
![Page 22: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/22.jpg)
Learning piramid & retentie
Source: Institute for Applied Behaviour Sciences
Lecture
5 %
Demonstration
30 %
Practice by doing
75 %
Reading
10 %
Audio-visual
20 %
Teaching
80 %
Using a blend of approaches results in a substantial increase in knowledge retention
![Page 23: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/23.jpg)
Is warning sufficient?
![Page 24: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/24.jpg)
Add confrontation and immediate feedback
![Page 25: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/25.jpg)
From knowing to doing
![Page 26: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/26.jpg)
Normative beliefs
Please reuse your towels to safe money
30%
75% of the hotel guests reused the towels
Help safe the environment.
You can show your respect for nature and help save the environment
by reusing your towels during your stay
15%
45%
50%75% of the guests who also stayed in this room reused the towels
![Page 27: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/27.jpg)
Normative beliefs
+12%
+5%
+16%
9 out of 10 people in Britain paid their tax on time
9 out of 10 people in your town paid their tax on time
9 out of 10 people in your town paid their tax on time
and you are one of the few people who have not paid yet
![Page 28: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/28.jpg)
Monitor Knowledge & skills
Simulate & test
Report compliance and offer feedback
PDCA approach: immediate feedback with awareness dashboard
![Page 29: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/29.jpg)
Use a risk based approach
![Page 30: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/30.jpg)
Theme: phishing
Knowledge Skills
Repeat
Test
Feedback
![Page 31: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/31.jpg)
Theme: strong passwords
![Page 32: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/32.jpg)
Theme: social engineering
![Page 33: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/33.jpg)
Theme: USB sticks
![Page 34: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/34.jpg)
Theme: cloud services
![Page 35: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/35.jpg)
Develop a continuous multi channel communication program
Test & confrontation Inform, knowledge & skills Report compliance
![Page 36: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/36.jpg)
Take aways to create a positive security culture
1. Develop a long term communication program
2. Measure behaviour & confrontation
3. Train knowledge & skills continuously
4. Give direct feedback & show behavioural compliance
![Page 37: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/37.jpg)
Questions?
![Page 38: Closing the gap between knowing and doing · How to develop secure human behaviour? Closing the gap between knowing and doing 11:30 uur - Amsterdam ‘72 Wilbert Pijnenburg CISA CISSP](https://reader035.fdocuments.in/reader035/viewer/2022071003/5fbff4786b6f4d0ef042c129/html5/thumbnails/38.jpg)
For more information see our website: www.beonedevelopment.com
Bergweg 44
1217 SC Hilversum
The Netherlands
[email protected] +31 (0)35 20 30 216
Contact Information