7 Rules to Influence Behaviour and Win at Cyber Security Awareness
By Chirag Joshi
5/5
()
About this ebook
Cyber Security explained in non-cyber language.
Get ready to have everything you thought you knew about Cyber Security Awareness challenged.
Fight back against the scourge of scams, data breaches, and cyber crime by addressing the human factor.
Using humour, real-world anecdotes, and experiences, this book introduces seven simple rules to communicate cyber security concepts effectively and get the most value from your cyber awareness initiatives. Since one of the rules is "Don't Be Boring," this proven process is presented in an entertaining manner without relying on scary numbers, boring hoodie-wearing hacker pictures, or techie jargon!
Additionally, this book addresses the "What" and "Why" of cyber security awareness in layman's terms, homing in on the fundamental objective of cyber awareness—how to influence user behaviour and get people to integrate secure practices into their daily lives.It draws wisdom from several global bodies of knowledge in the technology domain and incorporates relevant teachings from outside the traditional cyber areas, such as behavioural psychology, neuroscience, and public health campaigns.
This book is for everyone, regardless of their prior cyber security experience. This includes cyber security and IT professionals, change managers, consultants, communication specialists, senior executives, as well as those new to the world of cyber security.
What Will This Book Do for You?
- If you're new to cyber security, it will help you understand and communicate the topic better. It will also give you a clear, jargon-free action plan and resources to jump start your own security awareness efforts.
- If you're an experienced cyber security professional, it will challenge your existing assumptions and provide a better way to increase the effectiveness of your cyber awareness programs.
- It will empower you to influence user behaviour and subsequently reduce cyber incidents caused by the human factor.
- It will enable you to avoid common mistakes that make cyber security awareness programs ineffective.
- It will help make you a more engaging leader and presenter.
- Most importantly, it won't waste your time with boring content (yes, that's one of the rules!).
About the Author:
Chirag's ambitious goal is simple - enable human progress through technology. To accomplish this, he wants to help build a world where there is trust in digital systems, protection against cyber threats and a safe environment online for communication, commerce and engagement. He is especially passionate about safety of children and vulnerable sections of society online. This goal has served as a driver that has led Chirag to become a sought-after public speaker and advocate at various industry-leading conferences and events. During the course of his career spanning over a decade in multiple countries, he has built, implemented and successfully managed cyber security, risk management and security awareness programs. The success of these programs were a result of unyielding focus on business priorities, pragmatic approach to cyber threats and most importantly, effective stakeholder engagement. As a leader holding senior positions in organizations, Chirag excels at the art of translating business and technical speak in a manner that optimizes value. Chirag's academic qualifications include Master's degree in Telecommunications Management and Bachelor's degree in Electronics and Telecommunications Engineering. He holds multiple certifications including Certified Information Security Manager, Certified Information Systems Auditor and Certified in Risk and Information Systems Control.
Chirag Joshi
Chirag’s ambitious goal is simple—to enable human progress through technology. To accomplish this, he wants to help build a world where there is trust in digital systems, protection against cyber threats, and a safe environment online for communication, commerce, and engagement. He is especially passionate about the safety of children and vulnerable sections of society online. This goal has served as a motivation that has led Chirag to become a sought-after speaker and advocate at various industry-leading conferences and events across multiple countries. Chirag has extensive experience working directly with the C-suite executives to implement cyber security awareness training programs. During the course of his career spanning over a decade across multiple sectors, he has built, implemented, and successfully managed cyber security, risk management, and compliance programs. As a leader holding senior positions in organizations, Chirag excels at the art of translating business and technical speak in a manner that optimizes value. Chirag has also conducted several successful cyber training and awareness sessions for non-technical audiences in diverse industries such as finance, energy, healthcare, and higher education. Chirag’s academic qualifications include a master’s degree in telecommunications management and a bachelor’s degree in electronics and telecommunications. He holds multiple certifications, including Certified Information Security Manager, Certified Information Systems Auditor, and Certified in Risk and Information Systems Control.
Related to 7 Rules to Influence Behaviour and Win at Cyber Security Awareness
Related ebooks
Cyber Security: Essential principles to secure your organisation Rating: 0 out of 5 stars0 ratings7 Rules To Become Exceptional At Cyber Security Rating: 5 out of 5 stars5/5Managing Cybersecurity Risk: Book 3 Rating: 0 out of 5 stars0 ratingsThe Language of Cybersecurity Rating: 5 out of 5 stars5/5NIST Cybersecurity Framework: A pocket guide Rating: 5 out of 5 stars5/5Start-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit Rating: 0 out of 5 stars0 ratingsEasy Steps to Managing Cybersecurity Rating: 0 out of 5 stars0 ratingsBuild a Security Culture Rating: 0 out of 5 stars0 ratingsTribe of Hackers Security Leaders: Tribal Knowledge from the Best in Cybersecurity Leadership Rating: 0 out of 5 stars0 ratingsBeginner's Guide to Information Security Rating: 0 out of 5 stars0 ratingsManaging Cybersecurity Risk: Cases Studies and Solutions Rating: 0 out of 5 stars0 ratingsHow Cyber Security Can Protect Your Business: A guide for all stakeholders Rating: 0 out of 5 stars0 ratingsTransformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors Rating: 0 out of 5 stars0 ratingsCyber Intelligence-Driven Risk: How to Build and Use Cyber Intelligence for Business Risk Decisions Rating: 0 out of 5 stars0 ratingsCyber Resilience: Defence-in-depth principles Rating: 0 out of 5 stars0 ratingsBuilding a Life and Career in Security Rating: 5 out of 5 stars5/5The Ransomware Threat Landscape: Prepare for, recognise and survive ransomware attacks Rating: 0 out of 5 stars0 ratingsSelling Information Security to the Board: A Primer Rating: 0 out of 5 stars0 ratings8 Steps to Better Security: A Simple Cyber Resilience Guide for Business Rating: 0 out of 5 stars0 ratingsNetwork Security Bible Rating: 2 out of 5 stars2/5Cyber Crisis Management: Overcoming the Challenges in Cyberspace Rating: 1 out of 5 stars1/5Cyber Essentials: A guide to the Cyber Essentials and Cyber Essentials Plus certifications Rating: 0 out of 5 stars0 ratingsSecuring Critical Infrastructures Rating: 0 out of 5 stars0 ratingsSecurity and Risk Management: CISSP, #1 Rating: 4 out of 5 stars4/5Cybersecurity for Healthcare Professionals Rating: 0 out of 5 stars0 ratingsCyber Mayday and the Day After: A Leader's Guide to Preparing, Managing, and Recovering from Inevitable Business Disruptions Rating: 0 out of 5 stars0 ratings(ISC)2 SSCP Systems Security Certified Practitioner Official Study Guide Rating: 0 out of 5 stars0 ratingsAgile Information Security: Using Scrum to Survive in and Secure a Rapidly Changing Environment Rating: 0 out of 5 stars0 ratings
Internet & Web For You
The $1,000,000 Web Designer Guide: A Practical Guide for Wealth and Freedom as an Online Freelancer Rating: 4 out of 5 stars4/5More Porn - Faster!: 50 Tips & Tools for Faster and More Efficient Porn Browsing Rating: 3 out of 5 stars3/5How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5Coding For Dummies Rating: 5 out of 5 stars5/5Cybersecurity For Dummies Rating: 5 out of 5 stars5/5Surveillance and Surveillance Detection: A CIA Insider's Guide Rating: 3 out of 5 stars3/5Python: Learn Python in 24 Hours Rating: 4 out of 5 stars4/5Kill All Normies: Online Culture Wars From 4Chan And Tumblr To Trump And The Alt-Right Rating: 3 out of 5 stars3/5Coding All-in-One For Dummies Rating: 4 out of 5 stars4/548 Really Useful Web Sites Rating: 5 out of 5 stars5/5Publishing E-Books For Dummies Rating: 4 out of 5 stars4/5WordPress For Dummies Rating: 0 out of 5 stars0 ratingsTor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5The Digital Marketing Handbook: A Step-By-Step Guide to Creating Websites That Sell Rating: 5 out of 5 stars5/5The Beginner's Affiliate Marketing Blueprint Rating: 4 out of 5 stars4/5Beginner's Guide To Starting An Etsy Print-On-Demand Shop Rating: 0 out of 5 stars0 ratingsWeb Design For Dummies Rating: 4 out of 5 stars4/5Notion for Beginners: Notion for Work, Play, and Productivity Rating: 4 out of 5 stars4/5The Gothic Novel Collection Rating: 5 out of 5 stars5/5Learn NodeJS in 1 Day: Complete Node JS Guide with Examples Rating: 3 out of 5 stars3/5An Ultimate Guide to Kali Linux for Beginners Rating: 3 out of 5 stars3/5Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Rating: 4 out of 5 stars4/5No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State Rating: 4 out of 5 stars4/5Ultimate guide for being anonymous: Avoiding prison time for fun and profit Rating: 5 out of 5 stars5/5SEO For Dummies Rating: 4 out of 5 stars4/5Content Chemistry: The Illustrated Handbook for Content Marketing Rating: 5 out of 5 stars5/5
Reviews for 7 Rules to Influence Behaviour and Win at Cyber Security Awareness
4 ratings1 review
- Rating: 5 out of 5 stars5/5
May 21, 2023
Nice simple yet impactful approach to influence others to understand security
Book preview
7 Rules to Influence Behaviour and Win at Cyber Security Awareness - Chirag Joshi
For my father, Deepak, who made me the man I am today. For my wife, Urvi, without whose love and support this book wouldn’t be possible. For my mother, Hema, my brother, Sunny, and sister-in-law, Sharada, whose encouragement and enthusiasm keep me going. For my grandparents, whom I can never thank enough for everything they sacrificed for me.
––––––––
A special thanks to Dan Jones for his mentorship and to Paul De Araujo and Sameer Karamchandani for their friendship and support of this book.
Table of Contents
1. What Will This Book Do for You?
2. Introduction
3. Cyber Security and the Human Factor
4. Rule 1: Stop Relying on Bad News
5. Rule 2: Don’t Be Boring
6. Rule 3: Be SMART in Your Approach
7. Rule 4: One Size Barely Fits Anyone
8. Rule 5: Harness the Power of Allies
9. Rule 6: Be Persistent and Consistent
10. Rule 7: Get the Support of Senior Leadership
11. Coda
12. References and Additional Resources
13. About the Author
1 What Will This Book Do for You?
If you’re new to cyber security, it will help you understand and communicate the topic better. It will also give you a clear, jargon-free action plan and resources to jump-start your own security awareness efforts.
If you’re an experienced cyber security professional, it will challenge your existing assumptions and provide a better way to increase the effectiveness of your cyber awareness programs.
It will empower you to influence user behaviour and subsequently reduce cyber incidents caused by the human factor.
It will enable you to avoid common mistakes that make cyber security awareness programs ineffective.
It will help make you a more engaging leader and presenter.
Most importantly, it won’t waste your time with boring content (yes, that’s one of the rules!).
2 Introduction
I distinctly remember the scene like it happened yesterday, although it has been a few years now. I walked into a room full of mostly hard-nosed, seasoned, technical IT professionals where I was invited to speak on the importance of following good security processes and standards. I know the topic sounds boring—it is quite dry, and presenting it to a group of people who probably have heard it all before made it even more challenging. This was aggravated by the fact that technical IT people generally have a low opinion of management types in suits telling them how to do their jobs better. In their minds, they feel these people don’t have a true understanding of their roles and day-to-day challenges they face.
However, the good news for me is that I like tough environments. There are very few things that match the thrill that comes with winning over a difficult crowd through your public speaking and presentations. Also, I was determined to make my presentation useful to the audience, and thereby ensure the teachings from it had a higher likelihood of being applied.
Now, a lot of IT personnel are familiar with the negative connotations associated with use of the word cowboy
in their job’s context. This word implies a cavalier attitude towards following established standards and processes and bypassing them in order to get their jobs done faster. From personal experience working with numerous IT teams over the years, I know they don’t like this description of them. In their minds, they are doing the best they can under the circumstances, which can include aggressive and urgent timelines to deliver outcomes, often with limited resources.
To get attention and engagement from this tough crowd, I started my presentation with a real-life picture of me from Facebook wearing a cowboy hat, boots, and singing karaoke to Johnny Cash’s classics. Being an avid country music fan and a pretty good country dancer, if I do say so myself, I have lots of such stories and pictures. Starting my presentation with that image and implying, tongue in cheek, that I am one of the cowboys
got a lot of chuckles from the attendees and instantly eased the atmosphere in the room. I followed that up with my customary introductory slide that had my name and senior cyber security job title, accompanied by a lot of initials that indicate the various industry certifications I hold. I then made a comment with a slightly sarcastic smile on my face: Hope you understand that my title and all the initials following it just mean I’m a really smart guy.
The way I said it made the audience start laughing. They knew I wasn’t going to be just another cyber presenter in a suit and that I was willing to make light of all the assumed self-importance of senior leaders who think they are automatically owed respect due to their titles and qualifications. From there on, it was easy. I had the audience interested, engaged, and totally involved with my overall message on security processes and standards. In fact, I had several audience members walk up to me after the presentation to say how much they’d enjoyed the talk and discussed ways in which they’d apply the principles I shared. All said and done, I consider this presentation a success!
Now, this wasn’t the first time I had adopted a laid-back and humorous approach tailored for the audience in the room. All through my years doing public speaking and presentations on cyber security, I have used similar tailored approaches, be it presenting to a group of accountants in Colorado, USA or to a group of executives at a conference in Sydney, Australia.
At a high level, my approach to awareness is all about knowing what to communicate, how to communicate, who to communicate to, and when to communicate. Over my career, I’m fortunate to have had the opportunity to work with people in different countries with various backgrounds. Through my years of professional experience, public presentations, and learning from both successes and failures, I have perfected a process that works effectively for creating winning cyber security awareness programs.
Now let’s look at some points that make a strong case on the need for cyber security awareness. On a nearly daily basis, when you read news about cyber-attacks—causing millions of personal records to be leaked, businesses to suffer crippling damages to