Employees don’t care at all about information security. Why? Because we, the information security professionals, have completely misunderstood how people make decisions and have ignored the recent strides psychology has made in understanding how to motivate people. We are stuck in the mindset that says, “If we can show employees the facts, then they will believe.” What we failed to see is that what people believe determines what facts they accept. We tend to focus on "what" and "how." Our employees only care about "why." We can’t win the cyber arms race with technology alone. What we can win is the hearts and minds of our employees. And THAT is the key to keeping our data safe in the days ahead.
Understand how people make decisions.
Communicate security ideas in motivating ways.
Develop a framework for effective security awareness training.
Director of Information Security,
George Washington University MFA
You must be logged in and own this session in order to