The BP oil spill is a timely reminder to financial industry putting its own crisis behind it.
Blog
Chairman, GDS International
Sales and the 'Talent Magnet'
A lot is written about being a ‘Talent Magnet’, either as a company, or as President. It’s all good practice – listen, mentor, reward, provide clear goals and career maps. Good practice for the employer, but what about the employee?24 May 2011
White Papers
- Solution for the Shrinking Mainframe Batch Window
- Social media drives changes in financial services
- Payment Card Industry Data Security Standards Guide
- Automation and optimization
- Tieto - 2015: The rise of the investment service provider
- Understanding Consumer Perspectives on Voice Biometrics
- Nuance - It's Your Call
- Launching a Successful Identity and Verification Solution
- Nuance - Invesco Trimark Provides Personalized Service
- Cimcon - The problem with spreadsheets
Security Awareness for corporate computer users
AwareGo | www.awarego.com
Most companies have security standards or laws to follow and a vital part of them are regular security awareness programs for employees. The problem with most security awareness programs is that security is a very dry and uninteresting subject, so the programs tend to be also dry and uninteresting that people tend to skip this important security measure. Lack of employee security awareness is the greatest threat to information security.
This is what we knew when we started to develop our solution, we knew we had to make it interesting and short so that people would be willing to watch and learn on their own terms. Our method of awareness is based on the proven method of using humour to get people interested in the subject and make people aware of security risks within their workplace and how to prevent security incidents.
AwareGO and Jadar Myndir, an experienced crew of film makers worked together on making this idea a reality, making a strong and funny story line, loosely similar to the popular show “The Office”, casting, filming, editing. And the result, 12 short and funny episodes about a branch office of the company Mulberry, which has been number one in security breaches two years in a row. Corporate headquarters are sending Bryce Gordon to talk about security awareness for the employees, but there is a lot of friction especially between Bryce and Ted the assistant manager of the branch office.
Sample from the first episode:
Bryce: Hello
Ted: Ohh, Hi, Welcome to Mulberry
Bryce: Thank you, I’m looking for Greg Dawson
Ted: Yeah, I’m Ted the acting branch manager, you must be Bryce from corporate. I've already assembled the number one team in the conference room, for you.
Bryce: So, where is your branch manager?
Ted: Umm, Greg went to a stationary conference, you know cause we don't wanna be stationary when it comes to stationary, so. So, number one branch, wow is there sort of like a raise or a bonus, that kind of thing?
Bryce: Okay, Ted. Mulberry has ranked number one in computer security breaches for two years in a row.
Ted: Security breach, call the Pentagon.
Bryce: Ted was it, okay, Ted. Computer security and understanding its importance is not a joke right, its vital that everybody here at Mulberry treats this seriously cause you guys are our first line of defense.
Ted: Give me the president; this is a matter of national security.
Bryce: How about you give me Greg Dawson.
Ted: Yeah, I’ll start a video call, this way. Meanwhile in the conference room where everyone is waiting for Ted.
Bodil: Okay, does anybody want to play a game of 24 questions. I am thinking of a person
June: Is it me
Bodil: Yes
The videos from AwareGO thread the thin line between humour and education, humour is the incentive for people to watch and learn and each episode is only 5-7 minute long so employees can use their downtime, for example between phone calls to watch an episode.
Sample from the password episode:
Bryce: I think I would like to start the day with a conversation about passwords. Now a hacking program can search through half million letter combinations per second, which means that it only takes about three minutes to crack a four letter password. That time can be reduced if that password is found in the dictionary.
Ted: So what you want to do is take two random words from the dictionary and combine them.
Ted: Absolutely not.
Bryce: What you want to do is have a memorable password but one that is nearly unbeatable. Let me show you. Bryce likes to go fishing at 12 o'clock. Then what you do is you take the first letter of each word. Like so BLTGFA12O.
Millie: Do you like fishing –
Bryce: Sorry
Millie: Fishing, do you like fishing
Bryce: That's a very good observation, see cause that’s how I remember my password. I do like fishing.
Bodil writing: Bryce likes fishing.
Ted: Actually I like fishing too.
Bodil writing: Also Ted
June: And that's how we make a password?
Bryce: Well the next part is to change the letters to either lowercase uppercase and use symbols whenever possible. BLtGf@12o. And that should be an unbeatable password. Would anyone else like to try? Bodil?
Bodil: Yah, okay, Bodil likes to go fishing at 12 o'clock.
Bryce: Okay, can you find something that might be more personally relevant to yourself.
Bodil: Bodil likes to go fishing at 1 o'clock.
Bryce: Okay, we'll work on that, but good try.
The videos can either be run internally on the company’s own Learning Management System or as a hosted system from Trusted Learning with auditing and compliance possibilities. They are also available as an eLearning solution from Key2Know, including customizable training in over 75 languages, interactive testing and reporting.
Seeing is believing, you are welcome to watch sample episodes on our website:
Ragnar Sigurdsson, CISSP
Source: www.fsteurope.com© 2012 GDS Publishing Ltd. All rights reserved.