39 min listen
2020-019-Masha Sedova, customized training, phishing, ransomware, and privacy implications
2020-019-Masha Sedova, customized training, phishing, ransomware, and privacy implications
ratings:
Length:
39 minutes
Released:
May 20, 2020
Format:
Podcast episode
Description
Masha Sedova - Founder, Elevate Security Topic ideas from the PR company: Inability to measure human security behaviors leads to increased risk in our computing environments. For too long, we’ve accepted training completion and mock phishing data as a sufficient way to measure this risk. But where do the vulnerabilities and strengths truly lie? The secret is, security teams have installed tons of security tooling that can give insights into how our employees are behaving. But we just leave this data on the cutting room floor. Masha Sedova can talk about where to find this goldmine of data and what security teams can do to leverage this new found knowledge. Technology like vuln scanners or something more? Study after study shows that the reason why people don’t do things is not always because they don’t understand, it’s because they are not motivated. Motivating employees to change their cybersecurity behavior can seem like an overwhelming task but there are simple behavioral science techniques cybersecurity professionals can leverage to motivate employees to do the right thing. Masha Sedova will discuss the power of integrating elements of behavioral science into security in order to influence positive behavior. Motivation Theory (deming): https://en.wikipedia.org/wiki/W._Edwards_Deming#Key_principles X&Y https://en.wikipedia.org/wiki/Theory_X_and_Theory_Y Ouchi Z theory https://en.wikipedia.org/wiki/Theory_Z_of_Ouchi http://www.yourarticlelibrary.com/motivation/motivation-theories-top-8-theories-of-motivation-explained/35377 Masha’s suggested topics: Why do security teams have difficulty in understanding their human risk today? What are the blockers? What should security teams be measuring to get a holistic view of human risk? What's the difference between security culture, security behavior change, and security awareness? Is security culture a core capability in security defense? Why or why not? Quantifying risk… Is investing in human training a waste of time? Phishing - mock phish or real phishing Pull data to see who is clicking on links Send an ‘intervention’ Gotta move away from training The ‘security team’ will save them… https://www.ncsc.gov.uk/guidance/phishing Books: https://www.amazon.com/Nudge-Improving-Decisions-Health-Happiness/dp/014311526X https://www.amazon.com/Drive-Surprising-Truth-About-Motivates/dp/1594484805/ref=sr_1_1?crid=2QQ59YRRU89YX&dchild=1&keywords=drive+daniel+pink&qid=1588733551&s=books&sprefix=drive%2Cstripbooks%2C240&sr=1-1 Reality broken: https://www.amazon.com/Reality-Broken-Games-Better-Change/dp/0143120611 People centric security: https://www.amazon.com/People-Centric-Security-Transforming-Enterprise-Culture/dp/0071846778/ref=sr_1_1?dchild=1&keywords=people+centric+security&qid=1588733580&s=books&sr=1-1 Deep thought: a Cybersecurity novela: https://www.ideas42.org/blog/project/human-behavior-cybersecurity/deep-thought-a-cybersecurity-story/ https://elevatesecurity.com/ @modmasha Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://pandora.app.link/p9AvwdTpT3 #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com
Released:
May 20, 2020
Format:
Podcast episode
Titles in the series (100)
2020-037-Katie Moussouris, Implementing VCMM, diversity in job descriptions - Part 2: Introduce Katie (bio) (@k8em0) CEO and Owner, LutaSecurity The scope of the VCMM (what is it?) VCMM - Vulnerability Coordination Maturity Model Just covers the internal process? To ready an org for a bug bounty program or to accept vulns from... by BrakeSec Education Podcast