A Science Backed Approach to Human Risk Management: The Beauty of Scholar-Practitioner Research скачать в хорошем качестве

A Science Backed Approach to Human Risk Management: The Beauty of Scholar-Practitioner Research

SANS Security Awareness: Managing Human Risk Summit 2024 A Science-Backed Approach to Human Risk Management: The Beauty of Scholar-Practitioner Research Speaker: Federico Giovannetti, Assistant Professor of Cybersecurity, University of Tampa Can human risk management be grounded in scientific theories? We know that changing employee behaviors is a crucial part of managing human risk. Social sciences such as Psychology, Sociology and Informing sciences have studied individual and group behavioral issues for years. This talk presents a novel approach that combines three scientific theories to create a messaging strategy that can be used by practitioners to elevate intrinsic motivation among employees as a catalyst to behavioral change. 1. The Fogg Behavior Model (2009), which claims that a behavior occurs when three separate factors converge at the same time: motivation, ability, and trigger. 2. The Self-Determination Theory (2000), which provides insights on how to increase individual motivation at an organizational level. 3. The Single Client Resonance Model (2015), which claims that for a message to be useful to a receiver, it must pass certain bias filters. Using a scholar-practitioner approach, these theories are combined to create a strategy that includes concepts familiar to practitioners, resulting in an easy-to-implement program consisting of three practical steps: 1. Segment the organization into target functional groups with common business activities and goals. For example: Sales & Marketing, Operations, R&D, Finances, and Customer Support. 2. Craft security awareness messaging tailored to each target group, considering their business goals and activities. The message content focus is on understanding “why information security is important to you” at the functional group level. 3. Recruit influencers to help deliver the message. Both upper management and peers within the target groups. You have seen similar strategies before. In this talk, we will connect the dots explaining how it is based on science and you can help validate it based on your experience on the field. We will also discuss other topics emerging from this research work and how you can get involved to further develop them. Let’s work to bring together the best of both worlds by furthering scholar-practitioner research! View upcoming Summits: http://www.sans.org/u/DuS This video is part of the SANS Security Awareness. Learn more at https://www.sans.org/security-awarene...