Security Awareness Design in the New Normal Age

People working in our cyber world have access to a wide range of information including sensitive personal or corporate information which increases the risk to it. One of the aspects of the protection of this data is to train the user to behave more securely. This means that every person who handles sensitive information, their own or that of other people, be aware of the risks that their use can pose as well as how to do their job in such a way as to reduce that risk.

The approach we use for that is called 'Security awareness' but would be more accurately described as security 'un-awareness' because most of the problems come where the user doesn't know about a risk from their behaviour, or its potential impact. In these post COVID days of 'New Normal' working, in which staff spend more of their time working at home, organisations are still responsible for the protection of sensitive personal and corporate data. This means that it is more important than ever to create an effective security awareness communication process.

This book will primarily consider the problem of hitting that 'Sweet Spot' in the age of 'New Normal' working, which means that the knowledge about secure practice is not only understood and remembered, but also reliably put into practice - even when a person is working alone. This will be informed by academic research as well as experience, both my own and learnt from my fellow professionals, and then will be used to demonstrate how 'New Normal' working can improve security awareness as well as challenge it.

在我們的網絡世界中工作的人們可以獲得各種信息，包括敏感的個人或企業信息，這增加了風險。保護這些數據的一個方面是培訓用戶更安全地行為。這意味著每個處理敏感信息的人，無論是自己的還是他人的，都要意識到他們的使用可能帶來的風險，以及如何以減少風險的方式工作。

我們用於此的方法被稱為“安全意識”，但更準確地說應該稱為安全“無意識”，因為大多數問題出現在用戶不知道自己的行為存在風險或其潛在影響的情況下。在這個“新常態”工作的COVID後的日子裡，員工在家工作的時間更長，組織仍然負責保護敏感的個人和企業數據。這意味著現在比以往任何時候都更重要創建一個有效的安全意識傳播過程。

本書將主要考慮在“新常態”工作時代達到“甜蜜點”的問題，這意味著對安全實踐的知識不僅被理解和記住，而且可靠地付諸實踐 - 即使一個人獨自工作。這將以學術研究和經驗為基礎，包括我自己的經驗以及從同行專業人士那裡學到的經驗，並將用於展示“新常態”工作如何改善安全意識以及挑戰它。

Wendy Goucher is an Information Security and Risk Consultant at Goucher Consulting. Most of her work is focused on working with organisations to devise policy and procedures that are both compliant with external rules and operationally effective. Wendy has also designed and delivered security awareness programs and material in a range of organisations including a FTSE 100 organisation. She also used her training and experience as a lecturer as part of a team that produced the teaching materials for a security awareness curriculum to be rolled out to children ages 5 to 18 in a middle eastern country. More recently Wendy is the author of the successful 'Nettie in Cyberland' series of books which use stories to start the conversation about cyber security between children around the age of five and their parents and carers. Her other books include Information Security Auditor: Careers in Information Security (BCS Guides to IT Roles) 2015 and has co-authored The CIO's Guide to Information Security Incident Management in 2018.

Wendy Goucher是Goucher Consulting的資訊安全和風險顧問。她的大部分工作都集中在與組織合作制定符合外部規則且在操作上有效的政策和程序。Wendy還設計並提供安全意識計劃和材料，涵蓋了包括一家FTSE 100公司在內的多個組織。她還利用自己作為講師的培訓和經驗，與團隊一起為一個中東國家的5至18歲兒童開發了安全意識課程的教材。最近，Wendy還是成功的《Nettie in Cyberland》系列書籍的作者，這些書籍通過故事的方式開始了五歲左右的兒童與父母和照顧者之間關於網絡安全的對話。她的其他著作包括2015年的《Information Security Auditor: Careers in Information Security (BCS Guides to IT Roles)》以及2018年合著的《The CIO's Guide to Information Security Incident Management》。