Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
Lemming Aid and Kool Aid: Helping the
Community to help itself through Education
David.Harley (@eset.com)
Sebastian.Bortni...
‘Education is the most
important weapon in the
security professional's armoury’
‘If education was ever
going to work, it w...
A brief history of security education
First seen
1991
‘to raise community awareness to confidentiality
and possible legal requirements in treatment
of sensitive...
First seen
2000’s
‘The central goal of any security awareness
program is to influence people to change
their behavior and ...
Channels of information (and misinformation)
Several channel to raise awareness..
• Books
• Blogging
• Social media
• Discussion forums
• Academic and governmental ini...
A few initiatives
• PCI Security Standard Council
• Best Practices for Implementing
a Security Awareness Program
A few initiatives
• Cyber Street https://www.cyberstreetwise.com/
A few initiatives
• Securing Our eCity http://www.securingourecity.org/
A few initiatives
• European Computer Driving Licence
A few initiatives
• European Computer Driving Licence
A few initiatives
• European Computer Driving Licence
Ethics, marketing, and information
Main problems
[ETHICS]
SALESMAN
[MARKETING]
Is there a right way for raise awareness from an Information
Security Company?
FUD (Fear, uncertainty and doubt)
Our limited role 
We can reach our customers… and a bunch of other people
• Access to educational material built into a software package
• I...
We are not the solution, we are just part of it.
Conclusion
 … that awareness works, that users can learn how to protect themselves
from cyber threats.
 … that we can raise awarene...
 … that it is too early to think that awareness does not work.
 … that we are raising awareness in quite a good way.
 …...
If you believe that, do not waste your time
discussing whether it works.

Thank You
David.Harley (@eset.com)
Sebastian.Bortnik(@eset.com)
AVAR Sydney 2014: Lemming Aid and Kool Aid: Helping the Community to Help Itself Through Education
AVAR Sydney 2014: Lemming Aid and Kool Aid: Helping the Community to Help Itself Through Education
AVAR Sydney 2014: Lemming Aid and Kool Aid: Helping the Community to Help Itself Through Education
Nächste SlideShare
Wird geladen in …5
×

AVAR Sydney 2014: Lemming Aid and Kool Aid: Helping the Community to Help Itself Through Education

6.550 Aufrufe

Veröffentlicht am

Presentation by ESET experts David Harley and Sebastian Bortnik about the importance of security education.

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

AVAR Sydney 2014: Lemming Aid and Kool Aid: Helping the Community to Help Itself Through Education

  1. 1. Lemming Aid and Kool Aid: Helping the Community to help itself through Education David.Harley (@eset.com) Sebastian.Bortnik(@eset.com)
  2. 2. ‘Education is the most important weapon in the security professional's armoury’ ‘If education was ever going to work, it would have done so by now’
  3. 3. A brief history of security education
  4. 4. First seen 1991 ‘to raise community awareness to confidentiality and possible legal requirements in treatment of sensitive University information’.
  5. 5. First seen 2000’s ‘The central goal of any security awareness program is to influence people to change their behavior and attitudes’ ‘A strong IT security program can not be put in place without significant attention given to training users on agency IT security'.
  6. 6. Channels of information (and misinformation)
  7. 7. Several channel to raise awareness.. • Books • Blogging • Social media • Discussion forums • Academic and governmental initiatives • Private initiatives (from organization to its employees) • Inter-organizational community projects • CERTs, CIRTs, WARPs • Educational and informational coalitions
  8. 8. A few initiatives • PCI Security Standard Council • Best Practices for Implementing a Security Awareness Program
  9. 9. A few initiatives • Cyber Street https://www.cyberstreetwise.com/
  10. 10. A few initiatives • Securing Our eCity http://www.securingourecity.org/
  11. 11. A few initiatives • European Computer Driving Licence
  12. 12. A few initiatives • European Computer Driving Licence
  13. 13. A few initiatives • European Computer Driving Licence
  14. 14. Ethics, marketing, and information
  15. 15. Main problems [ETHICS] SALESMAN [MARKETING]
  16. 16. Is there a right way for raise awareness from an Information Security Company? FUD (Fear, uncertainty and doubt)
  17. 17. Our limited role 
  18. 18. We can reach our customers… and a bunch of other people • Access to educational material built into a software package • Informational apps for mobile devices • ‘Tips’ web sites and blogs • Discussion forums • Consumer-oriented informational newsletters • Podcasts, videos and so on • Sponsored books
  19. 19. We are not the solution, we are just part of it.
  20. 20. Conclusion
  21. 21.  … that awareness works, that users can learn how to protect themselves from cyber threats.  … that we can raise awareness from an Information Security company…  … but we should be careful on how we do it.  … that the problem is not how good we are but who are we reaching with our initiatives.  … that it is not possible to reach the masses without other society actors like the government.  … that we ‘must start ethical computer education at a much earlier age. We strongly believe…
  22. 22.  … that it is too early to think that awareness does not work.  … that we are raising awareness in quite a good way.  … that we can do it better. We strongly believe…
  23. 23. If you believe that, do not waste your time discussing whether it works. 
  24. 24. Thank You David.Harley (@eset.com) Sebastian.Bortnik(@eset.com)

×