Upload
marja
View
25
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Why Don’t They Do as They’re Told?. Wendy Goucher. Special Note . This deck appears as presented at the Malta Chapter conference (with pictures protected). This means there are no notes or explanations. If you want to ask me to explain something then please do drop me an Email to - PowerPoint PPT Presentation
Citation preview
© Goucher Consulting Ltd, 2014
Why Don’t They Do as They’re Told?
Wendy Goucher
© Goucher Consulting Ltd, 2014
Special Note This deck appears as presented at the Malta
Chapter conference (with pictures pro-tected).
This means there are no notes or expla-nations. If you want to ask me to explain
something then please do drop me an Email to
[email protected] I will try to explain myself in a
slightly morehelpful way.
Special thanks to everyone for making us feel so welcome
© Goucher Consulting Ltd, 2014
Mobile Working
3
© Goucher Consulting Ltd, 2014
Risk
4
© Goucher Consulting Ltd, 2014
Why?
5
© Goucher Consulting Ltd, 2014 6
Why?
© Goucher Consulting Ltd, 2014
Because they’re Stupid?
7
“People are the Weakest Link in Information Security”
Weakness needs considered handling and exercise
© Goucher Consulting Ltd, 2014
The Challenge of Mobile Device
Security• Just telling them doesn’t work.
• Rewards and Punishments are ineffective in the medium term.
• They are going to be out of your reach.
8
© Goucher Consulting Ltd, 2014
Internalisation • Understand the risk• Believe in the risk• Trust the solution • Believe in their
implementation
9
© Goucher Consulting Ltd, 2014
Building Intentions
10
Wendy Goucher’s work. Please respect my IPR
© Goucher Consulting Ltd, 2014 11
Behavioural Intention
Gulf of Execution
Insecure or lack of secure
behaviour
Secure Behaviour
Abandoned intention
ConversionMotivation Deterrent
The Road of Good Intentions
Wendy Goucher’s work. Please respect my IPR
© Goucher Consulting Ltd, 2014 12
Management
Lack of trust in source expertise
Inappropriate Training
Lack of Commitment
Elapsed Time since last
performed
Lack of Expertise
Response CostAutonomy
Visible Monitoring
Commitment Habit
Feedback channel
Positive Re-enforcement
Employee Participation
Response Cost
Self Efficacy
Tension between task and security
Work Pressure
Resource Scarcity
Implementation intention
DeterrentsMotivators
External Source
Internal Source
Internal Source
External Source
GoEWendy Goucher’s work. Please respect my IPR
© Goucher Consulting Ltd, 2014
Make it Meaningful
13
Most people care more about
Personal Risk than Corporate
Risk
Use That Knowledge
© Goucher Consulting Ltd, 2014
Why don’t they do as they’re told?• Because they don’t believe or
understand the risks.• Because they don’t think the risks are
significant.• Because they find the controls get in
the way of their work.• Because they don’t think the effort is
worth it.14
© Goucher Consulting Ltd, 2014
Hints and Tips • Communicate the Risk• Make their effort meaningful• Operational Compatibility • Make controls and guidance a
matter of principle rather than specifics
15
Operational Compatibility