THE WAY TO INSTIL A SECURITY-AWARE CULTURE IN YOUR BUSINESS
eRiskology™
get in their heads.
•A 3-year, organic programmeapplying simple, intuitive, personal multi-media messaging through 4 harmonised“pathways”.
•Pathways are designed to measure existing and changing awareness states through the capture of key performance indicators collected to confirm & measure cultural change.
•Behaviour changes are also verified through live social engineering tests conducted against the staff to produce, what we have called, a calculated InfoSec Quotient (I.Q) rating for your business.
•eRiskology™ will not only get in their heads – it will prove its in their heads. Other security awareness solutions don’t come close to this achievement.
THE eRISKOLOGY SECURITY AWARENESS PROGRAMME
eRiskology™
INSPIRE EMPOWER MEASUREENGAGE
COMBINES 4 LEARNING PATHWAYS
eRiskology™
INSPIREInspire them through meaningful, thought-provoking and collaborative onsiteworkshops given to your staff by seasoned information security risk trainers.
Stimulate your staff’s notions on cyber security by questioning their ideas ofprivacy, highlighting their extreme reliance on technology and challenging anyassumptions they may have that the devices they depend upon daily areinherently secure.
The first step to solving a problem is recognising there isone.
eRiskologyINSPIRE EMPOWER MEASUREENGAGE
eRiskology ISA COURSE
Deliver real-world scenarios that staff can relate and connect with in their everyday lives
INSPIRE EMPOWER MEASUREENGAGE
FACE-TO-FACE WORKSHOPS
EMPOWEREmpower them by providing focused, interactive, multi-media eLearning oncritically fundamental information security topics such as: “What is it?”, “Whydoes it matter?”, “What does good security look like?”, “How does hackingwork?” and “What should I do now?”.
Light, interesting and jargon-free course content that takes around 45 minutesto complete. It’s followed by a test to confirm that their understandingempowers them to act.
Knowledge is power and interest pulls the switch.
eRiskology
get in their heads.
INSPIRE EMPOWER MEASUREENGAGE
eRiskology ISA COURSE
Interactive courses are presented by a subject matter expert who presents current methodologies & best defenses
INSPIRE EMPOWER MEASUREENGAGE
INTERESTING & NARRATED eLEARNING
eRiskology ISA COURSE
MODULE 1: What is it?Following this module, users should be able to correctly confirm:
• The definition of information security
• The objective of information security (to ensure the “Confidentiality”, “Availability” and “Integrity” of the information)
• All information security is based on the fundamental principle of “need to know”.
• Information must be protected from both intentional (theft) and unintentional (accidental) loss
• Information security requires the implementation of security “controls”.
• Effective information security requires controls be implemented for people, process and technology.
• Because technology changes constantly – do the threats to information.
MODULE 2: Why does it matter?
MODULE 3: What does good security look like?
MODULE 4: How does hacking work?
MODULE 5: What should I do?
TEST MODULE: What have I learned?
MODULE 1: What is it?
MODULES
INSPIRE EMPOWER MEASUREENGAGE
ISA eLEARNING COURSE MODULE 1 OVERVIEW
ENGAGEEngage them through a consistent flow (monthly) of current, relevant andfascinating information that they can use in both their personal andprofessional lives. Short videos, podcasts, infographics, bulletins and alertsensure they stay engaged.
Feeding staff a steady diet of current examples, trends, threats and bestpractice will nourish and strengthen the messages they received in workshopsand online training and increase the chances they will change their behaviour.
Repetition is the mother of learning and the father ofaction, which makes it the DNA of change.
eRiskology
get in their heads.
INSPIRE EMPOWER MEASUREENGAGE
INFOGRAPHICS DAILY ALERTS MONTHLY BULLETINS
INSPIRE EMPOWER MEASUREENGAGE
CONTINUAL AND MEANINGFUL CONTENT DELIVERED THROUGH ENGAGING MEDIA
VIDEOS PODCASTSCONTESTSWEBINARS
MEASUREMeasure them by collecting metrics at each of the previous stages through surveys, tests and quizzes and then conducting a series of social engineering tests annually, designed to confirm if they assimilated the information, increased their awareness and changed their behaviour.
Program metrics recorded in the first year can then be used as benchmark to document behavioural changes attained yearly thereafter.
If you can’t measure it, you can’t improve it.
INSPIRE EMPOWER MEASUREENGAGE
1 2 3 4 5 6 7 8 9 10 11 12 1 2 3 4 5 6 7 8 9 10 11 12 1 2 3 4 5 6 7 8 9 10 11 12
INSPIRE
EMPOWER
ENGAGE
MEASURE
36 MONTHS – THE JOURNEYPATHWAYS
InfoSec Quotient (metric) capture
THE THREE YEAR PROGRAMME TRACKS BEHAVIOURAL CHANGE
INSPIRE EMPOWER MEASUREENGAGEYear
2
Year
1
Year
3
•Based on key performance indicators captured from your staff over 36 months.
•Annual metrics are used to tweak program content in the following year to ensure understanding and raise awareness levels.
•Measuring their growing appreciation, awareness and practice of information security.
•See quantifiable progress over the full programme period.
INSPIRE EMPOWER MEASUREENGAGE
EACH YEAR YOUR BUSINESS WILL BE ASSIGNED AN INFOSEC (I.Q.)
InfoSec Quotient (I.Q) rating
53
PHISHING
Specific testing activities will be discussed and agreed prior to our engagement, but as a baseline, eRiskology™ typically conducts the following social engineering tests
for purposes of collecting the cited KPIs:
TELEPHONE PRE-TEXTING
INSPIRE EMPOWER MEASUREENGAGE
SOCIAL ENGINEERING IS CONDUCTED TO MEASURE BEHAVIOURAL CHANGE
eRiskology™
4 PATHWAYS THATINSTIL AND NURTURE A SECURITY-AWARE
CULTURE IN YOUR BUSINESS — GUARANTEED
INSPIRE EMPOWER MEASUREENGAGE
get in their heads.
eRiskology™
GET IN THEIR HEADS AND BEGIN TO TRANSFORM YOUR BUSINESS TODAY