Practical Security Awareness - Lessons Learnt and Best Practices

Presented at DeepSec 2019 „Internet of Facts and Fears“, Unknown date/time (Unknown duration).

This talk will show lessons learnt from awareness campaigns I ran in several organisations. The focus lies on the instructional design of staff training to motivate the staff, enable them to work with complexity and helping them to transfer the new knowledge to their job. Some practical examples with regards to teaching password rules will be shown.

Presenters:

  • Stefan Schumacher - Magdeburger Institut für Sicherheitsforschung
    Stefan Schumacher is the president of the Magdeburg Institute for Security Research and editor of the Magdeburg Journal for Security Research in Magdeburg/Germany. He started his hacking career before the fall of the Berlin Wall, on a small East German computer with 1.75 MHz and a Datasette drive. Ever since, he liked to explore technical and social systems, with a focus on security and how to exploit them. He was a NetBSD developer for some years and involved in several other Open Source projects and events. He studied Educational Science and Psychology, has done a lot of unique research about the Psychology of Security with a focus on Social Engineering, User Training and Didactics of Security/Cryptography. Currently he's leading the research project Psychology of Security,focusing on fundamental qualitative and quantitative research about the perception and construction of security. He presents the results of his research regularly at international conferences like AusCert Australia, Chaos Communication Congress, Chaos Communciation Camp, DeepSec, DeepIntel, Positive Hack Days Moscow or LinuxDays Luxembourg and in security related journals and books.

Links:

Similar Presentations: