Embed Size (px)
Citation preview
THE WAY TO INSTIL A SECURITY-AWARE
CULTURE IN YOUR BUSINESS
eRiskology™
get in their heads.
THE WAY TO INSTIL
A SECURITY-AWARE CULTURE IN YOUR BUSINESS
•A 3-year, organic program applyingsimple, intuitive, personal multi-mediamessaging through 4 harmonised“pathways”.
•Pathways are designed to measureexisting and changing awareness statesthrough the capture of key performanceindicators collected to confirm &measure cultural change.
•Behaviour changes are also verifiedthrough live social engineering testsconducted against the staff to produce,what we have called, a calculated InfoSecQuotient (IQ) rating for your business.
•eRiskology™ will not only get in theirheads – it will prove its in their heads.Other security awareness solutions don’tcome close to this achievement.
eRiskology
get in their heads.
INSPIREInspire them through meaningful, thought-provoking and collaborative onsiteworkshops given to your staff by seasoned information security risk trainers.
Stimulate your staff’s notions on cyber security by questioning their ideas ofprivacy, highlighting their extreme reliance on technology and challenging anyassumptions they may have that the devices they depend upon daily areinherently secure.
The first step to solving a problem is recognising there isone.
eRiskology
get in their heads.
EMPOWEREmpower them by providing focused, interactive, multi-media eLearning oncritically fundamental information security topics such as: “What is it?”, “Whydoes it matter?”, “What does good security look like?”, “How does hackingwork?” and “What should I do now?”.
Light, interesting and jargon-free course content that takes around 45 minutesto complete. It’s followed by a test to confirm that their understandingempowers them to act.
Knowledge is power and interest pulls the switch.
eRiskology
get in their heads.
ENGAGEEngage them through a consistent flow (monthly) of current, relevant andfascinating information that they can use in both their personal andprofessional lives. Short videos, podcasts, infographics, bulletins and alertsensure they stay engaged.
Feeding staff a steady diet of current examples, trends, threats and bestpractice will nourish and strengthen the messages they received in workshopsand online training and increase the chances they will change their behaviour.
Repetition is the mother of learning and the father ofaction, which makes it the DNA of change.
eRiskology
get in their heads.
MEASUREMeasure them by collecting metrics at each of the previous stages throughsurveys, tests and quizzes and then conducting a series of social engineeringtests annually, designed to confirm if they assimilated the information,increased their awareness and have changed their behaviour.
Program metrics recorded in the first year can then be used as a benchmarkto document behavioural changes attained yearly thereafter.
If you can’t measure it, you can’t improve it.
eRiskology
get in their heads.
1 2 3 4 5 6 7 8 9 10 11 12 1 2 3 4 5 6 7 8 9 10 11 12 1 2 3 4 5 6 7 8 9 10 11 12
INSPIRE
EMPOWER
ENGAGE
MEASURE
PATHWAYS
InfoSec Quotient (metric) capture
36 MONTHS – THE JOURNEY
CLICK ON THE ICONS TO DISCOVER PROGRAMME COMPONENTS.
Year 1 Year 2 Year 344 73 96
1 2 3 4 5 6 7 8 9 10 11 12 1 2 3 4 5 6 7 8 9 10 11 12 1 2 3 4 5 6 7 8 9 10 11 12
INSPIRE
EMPOWER
ENGAGE
MEASURE
PATHWAYS
InfoSec Quotient (metric) capture
36 MONTHS – THE JOURNEY
CLICK ON THE ICONS TO DISCOVER PROGRAMME COMPONENTS.
Year 1 Year 2 Year 344 73 96
InfoSec Quotient CaptureEach red dot on the timeline graphic represents a point where a KPI
or metric is captured. This is fed into the annual infoSec quotient and
would demonstrate continuous improvement.
Each year your business will
be assigned an InfoSec Quotient (I.Q)
•Based on key performance indicators captured from your staff over 36 months.
•Annual metrics are used to tweak program content in the following year to ensure understanding and raise awareness levels.
•Measuring their growing appreciation, awareness and practice of information security.
•See quantifiable progress over the full program period.
eRiskology
InfoSec Quotient (I.Q) rating
53
eRiskology™
This is to certify that ACMI Corp has achieved an annual Information Security Awareness rating of:
53
Date Signature
get in their heads.
eRiskology
I.Q. InfoSec Quotient Certificate
Issued annually
Social Engineering testing, surveys andquiz result metrics are gatheredannually and correlated.
Your company is then issued with anAnnual Information Security Awarenesscertificate with I.Q. rating stated.
Gauge your progress over the 3 yearprogramme to ensure that it’s not onlygetting in their heads, it’s staying intheir heads.
eRiskology™
Date Signature
get in their heads.
CERTIFICATE OF COMPLETION
This is to certify that Joseph Bloggs has successfully completed
Information Security Awareness eLearning
eLearning Certificate of
Completion
Once a participant has successfullycompleted an eLearning course they areissued with a certificate of completion.
This certificate goes towards yourcompany’s metrics for it’s annual I.Qrating and also meets your trainingcompliance requirements whererelevant.
We appreciate you taking the time to view this presentationPlease contact us if you have any questions
eRiskology ™ is powered by Risk Crewa wholly owned subsidiary of Risk Factory Ltd
5 Maltings Place, 169 Tower Bridge Road, London SE1 3JB
Contact: [email protected]
Call: +44(0) 20 3653 1234
www.riskcrew.com
