Finance Reflection


New on The Edge: How Industrial IoT Security Can Catch Up With OT/IT Convergence In the report "Human-Centred Security: Positively Influencing Security Behavior," ISF recommends organizations not only overhaul their security training programs, but also fundamentally change the role training plays in go to these guys prodding employees to make consistently secure choices both in the digital and physical world. Central to that is taking up the mantle of secure behavior by design. The concepts of "safe by design" or "secure by design" are well-established psychological enablers of behavior. For example, regulators and technical architects across the automobile and airlines industries prioritize safety above all else. "This has to emanate across the entire ecosystem, from the seatbelts in vehicles, to traffic lights, to stringent exams for drivers," says Daniel Norman, senior solutions analyst for ISF and author of the report. "This ecosystem is designed in a way where an individual's ability to behave insecurely is reduced, and if an unsafe behavior is performed, then the impacts are minimized by robust controls." As he explains, these principles of security by design can translate to cybersecurity in a number of ways, including how applications, tools, policies, and procedures are all designed. The goal is to provide every employee role "with an easy, efficient route toward good behavior." This means sometimes changing the physical office environment or the digital user interface (UI) environment. For example, security by design to improve phishing susceptibility might include implementing easy-to-use phishing reporting buttons within employee email clients. Similarly, it might mean creating colorful pop-ups in email platforms to remind users not to send confidential information.  "As a starting point, an individual will always choose to be productive in their current role over behaving securely. [Production]