Human Behavior and Security Culture - America
CISO Workshops • Tuck Campus • Hanover, NH • USA July 20, 2011
Corporations and governments alike are faced with staggering risks from members of their own organization. Whether willful or inadvertent, human-induced leaks fueled by mass distribution through organizations like WikiLeaks can create breath-taking exposure. While the risks are not new, the targeted threats towards individuals are increasing with ever-more sophisticated deceptions. Likewise, the consumerization of technology has added new challenges in controlling leaks from malicious insiders. Once leaked, information can be globally distributed through highly visible activists, monetized through criminal syndicates, or leveraged by unethical competitors. In this workshop, CISOs/directors of information security discussed how companies are managing the human element of security. Using a moderated roundtable, panel discussions, and structured breakouts, we:
- Discussed the risks associated with the consumerization of technology and the prominence of social media.
- Explored the human issues in information risk.
- Examined how behavioral science can be used to reduce risk.
- Shared experiences with employee education.
- Discussed the role of incentives in improving security hygiene.
- Looked for opportunities to reduce risk through public/private dialog and partnership.
- Considered the challenges of mitigating behavior risks from the workforce of outsourced vendors and partners.
- Anticipated if/how behaviors need to change when using cloud services.
- Discussed the impact of Gen Y in the workplace.
Discussed the impact of role-based security on behaviors and risk.
Workshop Executive Advisory Council:
- Eric Cowperthwaite, System Director, Enterprise Risk Management Services & CISO, Providence Health & Service
- Ann Halford, VP of World Wide Security, Staples
- John Stewart, VP, Chief Security Officer, Cisco Systems Inc.
- Phil Venables, Managing Director, Chief Information Risk Officer, Goldman Sachs
We welcomed executives from the following companies to the workshop:
John Stewart, VP and Chief Security Officer, Cisco Systems
Hear John discuss why workshops like this are vital to Info Executives.
Inside Supply Management
ISM highlights the Center's focus on the human elements of information security.