Instilling Cyber Hygiene: Creating a Culture of Cyber Resilience Among Your Users

THIS EVENT HAS BEEN CANCELED

This event qualifies for 3 CPEs

Cyber security policies have an avowed goal of improving cyber hygiene in the workforce. But outside of recommending a few best practices, such as asking people to use complex passwords, few government or private sector entities know what actions ensure cyber hygiene. The most widely applied solution remains security awareness training involving simulated phishing attacks in conjunction with some education to assess user readiness. But there is little clarity on how to best create a security awareness campaign, how to craft appropriate phishing simulations, and how to ensure that a phishing test creates cyber hygiene.

Getting this right is not just important, it is critical because the data from such tests are used as indicators in programs such as the DHS’s Continuous Diagnostics and Monitoring and by organizations the world over to define their cyber posture. Recent work from researchers at NIST on the Phish Scale have further underscored the need for an evidence-driven approach for designing phishing simulations. The same is the case with cyber hygiene, where without metrics or guidance, IT managers have been left to reinvent the proverbial wheel for crafting policies and practices.

This workshop provides the missing pieces—teaching managers how to build an effective, evidence-based security training and cyber hygiene program. Using a combination of lectures and case studies, the workshop will:

Cover the fundamentals of cyber hygiene, and provide an understanding of what user hygiene entails and what it does not.
Provide a roadmap for the creation of an effective, data-driven phishing awareness program providing actionable and valid information about user resilience.
Provide the tools and techniques for creating an evidence-based cyber hygiene program.
Arm participants with the working knowledge necessary for building a culture of cyber hygiene within your organization.

Attendees will receive a Certificate of Completion as a result of their seminar participation.

Speaker and Presenter Information

Arun Vishwanath, PhD, MBA, Chief Technologist, Avant Research Group, LLC; Alumni, Berkman Klein Center, Harvard University

Dr. Vishwanath studies the “people problem” of cyber security. His research focuses on improving individual, organizational, and national resilience to cyber attacks by focusing on the weakest links in cyber security— users. His interests are in understanding why people fall prey to social engineering attacks and on ways organizations can harness this understanding to secure cyber space. Dr. Vishwanath also examines how various groups–-criminal syndicates, terrorist networks, hacktivists–-utilize cyber space to commit crime, spread mis-information, recruit operatives, and radicalize others.

He is an alumnus of the Berkman Klein Center at Harvard University and served on a distinguished expert panel for the NSA’s Science of Security & Privacy directorate. In addition to being presented to the principals of national security and law enforcement agencies around the world, his research has been featured on CNN , The Washington Post, Wired, USA Today, Politico, and other national and international news outlets. He also was a Keynote Speaker at DGI’s 7th annual Cyber @930gov and 2018 Cyber Conference.