Human Behavior and Security Culture - Europe
CISO Workshops • Ittingen (Thurgau), Switzerland June 21, 2011
Corporations and governments alike are faced with staggering risks from members of their own organization. Whether willful or inadvertent, human-induced leaks fueled by mass distribution through organizations like WikiLeaks can create breath-taking exposure. While the risks are not new, the targeted threats towards individuals are increasing with ever-more sophisticated deceptions. Likewise, the consumerization of technology has added new challenges in controlling leaks from malicious insiders. Once leaked, information can be globally distributed through highly visible activists, monetized through criminal syndicates, or leveraged by unethical competitors.
In this workshop, CISOs/directors of information security discussed how companies are managing the human element of security. Using a moderated roundtable, panel discussions, and structured breakouts, we
- Discussed the risks associated with the consumerization of technology and the prominence of social media.
- Explored the human issues in information risk.
- Examined how behavioral science can be used to reduce risk.
- Shared experiences with employee education.
- Discussed the role of incentives in improving security hygiene.
- Looked for opportunities to reduce risk through public/private dialog and partnership.
- Considered the challenges of mitigating behavior risks from the workforce of outsourced vendors and partners.
- Anticipated if/how behaviors need to change when using cloud services.
- Discussed the impact of Gen Y in the workplace.
- Discussed the impact of role-based security on behaviors and risk.
Workshop Advisory Council
- Brad Boston, SVP, Global Government Solutions and Corporate Security Programs, Cisco Systems
- Josef Nelissen, CISO, ABB
- Martin Petry, CIO, Hilti
- Marc-André Schenk, Assistant VP, Group Information Security, Nestlé
Experience the findings from this workshop in the Overview below:
The CISO workshop has an established track record of bringing security leaders to the table to engage in a peer-learning dialog. Participants are responsible for security within their organizations—not vendors or security consultants, though we may invite some public policy-maker participation in order to be able to inform future regulation. The event has no spectators—all participants are invited to engage in the discussion. A fully vetted article of key learnings will be created, enabling participants to share the dialogue and outcomes within their organizations. The number of participants is limited to 25 to ensure intensive discussions and focus group intimacy. The workshop will be organized by the Center for Digital Strategies at the Tuck School of Business at Dartmouth in collaboration with the Institute of Information Management at the University of St. Gallen.
We were pleased to welcome executives from the following companies to the workshop:
Special thanks for support and sponsorship of this event go to Cisco Systems, Deloitte and TUV Rheinland.
Inside Supply Management
ISM highlights the Center's focus on the human elements of information security.