1 / 16

Why Don’t They Do as They’re Told?

Why Don’t They Do as They’re Told?. Wendy Goucher. Special Note . This deck appears as presented at the Malta Chapter conference (with pictures protected). This means there are no notes or explanations. If you want to ask me to explain something then please do drop me an Email to

marja
Download Presentation

Why Don’t They Do as They’re Told?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Why Don’t They Do as They’re Told? Wendy Goucher

  2. Special Note This deck appears as presented at the Malta Chapter conference (with pictures protected). This means there are no notes or explanations. If you want to ask me to explain something then please do drop me an Email to wendy@goucher.co.uk And I will try to explain myself in a slightly more helpful way. Special thanks to everyone for making us feel so welcome

  3. Mobile Working

  4. Risk

  5. Why?

  6. Why?

  7. Because they’re Stupid? • “People are the Weakest Link in Information Security” • Weakness needs considered • handling and exercise

  8. The Challenge of Mobile Device Security • Just telling them doesn’t work. • Rewards and Punishments are ineffective in the medium term. • They are going to be out of your reach.

  9. Internalisation • Understand the risk • Believe in the risk • Trust the solution • Believe in their implementation

  10. Building Intentions WendyGoucher’s work. Please respect my IPR

  11. The Road of Good Intentions • Gulf of Execution • Motivation • Deterrent • Secure • Behaviour • Conversion • Behavioural • Intention • Abandoned intention • Insecure • or lack of secure • behaviour WendyGoucher’s work. Please respect my IPR

  12. GoE • Motivators • Deterrents • External Source WendyGoucher’s work. Please respect my IPR • Management • External Source • Positive • Re-enforcement • Lack of trust in source expertise • Visible Monitoring • Lack of Expertise • Employee Participation • Resource Scarcity • Inappropriate Training • Feedback channel • Elapsed Time since last performed • Internal Source • Self Efficacy • Commitment • Habit • Implementation intention • Lack of Commitment • Response • Cost • Response Cost • Autonomy • Tension between task and security • Work Pressure • Internal Source

  13. Make it Meaningful • Most people care more about • Personal Risk • than Corporate Risk • Use That • Knowledge

  14. Why don’t they do as they’re told? • Because they don’t believe or understand the risks. • Because they don’t think the risks are significant. • Because they find the controls get in the way of their work. • Because they don’t think the effort is worth it.

  15. Hints and Tips • Communicate the Risk • Make their effort meaningful • Operational Compatibility • Make controls and guidance a matter of principle rather than specifics • Operational Compatibility

  16. Any Questions? • wendy@goucher.co.uk

More Related