{"product_id":"transformational-security-awareness-isbn-9781119566342","title":"Transformational Security Awareness","description":"\u003cp\u003e\u003cb\u003eExpert guidance on the art and science of driving secure behaviors\u003c\/b\u003e\u003cb\u003e \u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003ci\u003eTransformational Security Awareness\u003c\/i\u003e empowers security leaders with the information and resources they need to assemble and deliver effective world-class security awareness programs that drive secure behaviors and culture change. \u003c\/p\u003e \u003cp\u003eWhen all other processes, controls, and technologies fail, humans are your last line of defense. But, how can you prepare them? Frustrated with ineffective training paradigms, most security leaders know that there must be a better way. A way that engages users, shapes behaviors, and fosters an organizational culture that encourages and reinforces security-related values. The good news is that there is hope. That’s what \u003ci\u003eTransformational Security Awareness\u003c\/i\u003e is all about.\u003c\/p\u003e \u003cp\u003e Author Perry Carpenter weaves together insights and best practices from experts in communication, persuasion, psychology, behavioral economics, organizational culture management, employee engagement, and storytelling to create a multidisciplinary masterpiece that transcends traditional security education and sets you on the path to make a lasting impact in your organization.\u003c\/p\u003e \u003cul\u003e \u003cli\u003eFind out what you need to know about marketing, communication, behavior science, and culture management\u003c\/li\u003e \u003cli\u003eOvercome the \u003ci\u003eknowledge-intention-behavior gap\u003c\/i\u003e\n\u003c\/li\u003e \u003cli\u003eOptimize your program to work with the realities of human nature\u003c\/li\u003e \u003cli\u003eUse simulations, games, surveys, and leverage new trends like escape rooms to teach security awareness\u003c\/li\u003e \u003cli\u003ePut effective training together into a well-crafted campaign with ambassadors\u003c\/li\u003e \u003cli\u003eUnderstand the keys to sustained success and ongoing culture change\u003c\/li\u003e \u003cli\u003eMeasure your success and establish continuous improvements\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eDo you care more about what your employees \u003ci\u003eknow\u003c\/i\u003e or what they \u003ci\u003edo\u003c\/i\u003e? It's time to transform the way we think about security awareness. If your organization is stuck in a security awareness rut, using the same ineffective strategies, materials, and information that might check a compliance box but still leaves your organization wide open to phishing, social engineering, and security-related employee mistakes and oversights, then you NEED this book.\u003c\/p\u003e \u003cp\u003eForeword xxi\u003c\/p\u003e \u003cp\u003eIntroduction xxiii\u003c\/p\u003e \u003cp\u003e\u003cb\u003eI The Case for Transformation 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e1 \u003c\/b\u003e\u003cb\u003eYou Know Why 3\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eHumans Are the Last Line of Defense 4\u003c\/p\u003e \u003cp\u003eData Breaches Tell the Story 6\u003c\/p\u003e \u003cp\u003eAuditors and Regulators Recognize the Need for Security Awareness Training 11\u003c\/p\u003e \u003cp\u003eTraditional Security Awareness Program Methods Fall Short of Their Goals 14\u003c\/p\u003e \u003cp\u003eKey Takeaways 16\u003c\/p\u003e \u003cp\u003eReferences 17\u003c\/p\u003e \u003cp\u003e\u003cb\u003e2 \u003c\/b\u003e\u003cb\u003eChoosing a Transformational Approach 19\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eYour “Why” Determines Your “What” 20\u003c\/p\u003e \u003cp\u003eDown the Rabbit Hole 21\u003c\/p\u003e \u003cp\u003eOutlining the Key Components and Tools of a Transformational Program 24\u003c\/p\u003e \u003cp\u003eA Map of What’s to Come 28\u003c\/p\u003e \u003cp\u003ePart 1 in a Nutshell 30\u003c\/p\u003e \u003cp\u003ePart 2 in a Nutshell 30\u003c\/p\u003e \u003cp\u003ePart 3 in a Nutshell 31\u003c\/p\u003e \u003cp\u003eKey Takeaways 32\u003c\/p\u003e \u003cp\u003eNotes and References 32\u003c\/p\u003e \u003cp\u003e\u003cb\u003eII The Tools of Transformation 35\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e3 \u003c\/b\u003e\u003cb\u003eMarketing and Communications 101 for Security Awareness Leaders 37\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Communications Conundrum 38\u003c\/p\u003e \u003cp\u003eThe Marketing Connection 40\u003c\/p\u003e \u003cp\u003eDefining Marketing 44\u003c\/p\u003e \u003cp\u003eEmbedding Your Messages 53\u003c\/p\u003e \u003cp\u003eGet the Right Message to the Right Person at the Right Time 70\u003c\/p\u003e \u003cp\u003eCampaigns: If You Aren’t Reinforcing, Your Audience Is Forgetting 76\u003c\/p\u003e \u003cp\u003eTracking Results and Measuring Effectiveness 76\u003c\/p\u003e \u003cp\u003eKnow When to Ask for Help 77\u003c\/p\u003e \u003cp\u003eKey Takeaways 78\u003c\/p\u003e \u003cp\u003eNotes and References 78\u003c\/p\u003e \u003cp\u003eAdditional Reading 81\u003c\/p\u003e \u003cp\u003e\u003cb\u003e4 \u003c\/b\u003e\u003cb\u003eBehavior Management 101 for Security Awareness Leaders 83\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eYour Users Aren’t Stupid, They’re Human 85\u003c\/p\u003e \u003cp\u003eThinking, Fast and Slow 87\u003c\/p\u003e \u003cp\u003eSystem 1 Thinking 88\u003c\/p\u003e \u003cp\u003eSystem 2 Thinking 91\u003c\/p\u003e \u003cp\u003eWorking with Human Nature Rather Than Against 93\u003c\/p\u003e \u003cp\u003eThe Nuts and Bolts of Shaping Behavior 96\u003c\/p\u003e \u003cp\u003eThe Fogg Behavior Model 97\u003c\/p\u003e \u003cp\u003eThe Problem with Motivation 103\u003c\/p\u003e \u003cp\u003e\u003ci\u003eNudge \u003c\/i\u003eThem in the Right Direction 103\u003c\/p\u003e \u003cp\u003eFrames: Why Context Is Everything 109\u003c\/p\u003e \u003cp\u003eDesigning and Debugging Behavior 117\u003c\/p\u003e \u003cp\u003eBeing Intentional with Target Groups 117\u003c\/p\u003e \u003cp\u003eDebugging Behaviors 118\u003c\/p\u003e \u003cp\u003eDesign “Power Prompts” Wherever Possible 122\u003c\/p\u003e \u003cp\u003ePassword Management Example, Continued 123\u003c\/p\u003e \u003cp\u003eHabits Make Hard Things Easier to Do 130\u003c\/p\u003e \u003cp\u003eThinking About Guardrails 132\u003c\/p\u003e \u003cp\u003eTracking Results and Measuring Effectiveness 133\u003c\/p\u003e \u003cp\u003eKey Takeaways 134\u003c\/p\u003e \u003cp\u003eNotes and References 135\u003c\/p\u003e \u003cp\u003eAdditional Reading 137\u003c\/p\u003e \u003cp\u003e\u003cb\u003e5 \u003c\/b\u003e\u003cb\u003eCulture Management 101 for Security Awareness Leaders 141 \u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSecurity Culture is Part of Your Larger Organizational Culture 144\u003c\/p\u003e \u003cp\u003eGetting Started 147\u003c\/p\u003e \u003cp\u003eUnderstanding Your Culture’s Status Quo 149\u003c\/p\u003e \u003cp\u003eGo Viral: Unleash the Power of Culture Carriers 156\u003c\/p\u003e \u003cp\u003eCultures in (Potential) Conflict: Remember Global and Social Dynamics 164\u003c\/p\u003e \u003cp\u003eCultural Forces 165\u003c\/p\u003e \u003cp\u003eStructures 167\u003c\/p\u003e \u003cp\u003ePressures 167\u003c\/p\u003e \u003cp\u003eRewards 169\u003c\/p\u003e \u003cp\u003eRituals 169\u003c\/p\u003e \u003cp\u003eTracking Results and Measuring Effectiveness 171\u003c\/p\u003e \u003cp\u003eKey Takeaways 171\u003c\/p\u003e \u003cp\u003eNotes and References 172\u003c\/p\u003e \u003cp\u003eAdditional Reading 174\u003c\/p\u003e \u003cp\u003e\u003cb\u003e6 \u003c\/b\u003e\u003cb\u003eWhat’s in a Modern Security Awareness Leader’s Toolbox? 175\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eContent Is King: Videos, Learning Modules, and More 176\u003c\/p\u003e \u003cp\u003eBig Box Shopping: A Content Analogy 178\u003c\/p\u003e \u003cp\u003eTypes of Content 181\u003c\/p\u003e \u003cp\u003eExperiences: Events, Meetings, and Simulations 186\u003c\/p\u003e \u003cp\u003eMeetings, Presentations, and Lunch-and-Learns 187\u003c\/p\u003e \u003cp\u003eTabletop Exercises 188\u003c\/p\u003e \u003cp\u003eRituals 189\u003c\/p\u003e \u003cp\u003eWebinars 190\u003c\/p\u003e \u003cp\u003eGames 190\u003c\/p\u003e \u003cp\u003eSimulated Phishing and Social Engineering 191\u003c\/p\u003e \u003cp\u003eOther Simulations and Embodied Learning 192\u003c\/p\u003e \u003cp\u003eInteractions with Other Technologies 193\u003c\/p\u003e \u003cp\u003eRelationships: Bringing Context to Content and Experiences 194\u003c\/p\u003e \u003cp\u003eBe Intentional and Opportunistic, Always 195\u003c\/p\u003e \u003cp\u003eStories and Analogies 195\u003c\/p\u003e \u003cp\u003eTapping into Cultural Trends 195\u003c\/p\u003e \u003cp\u003eOpportunistic Campaigns Based on New Organizational Initiatives and Current Events 196\u003c\/p\u003e \u003cp\u003eThe Critical “At Home” Connection 197\u003c\/p\u003e \u003cp\u003eUse Your Metrics and Anecdotes to Help Tell and Reinforce Your Story 197\u003c\/p\u003e \u003cp\u003eKey Takeaways 198\u003c\/p\u003e \u003cp\u003eNotes and References 198\u003c\/p\u003e \u003cp\u003e\u003cb\u003e7 \u003c\/b\u003e\u003cb\u003eVoices of Transformation: Interviews with Security Awareness Vendors 201\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAnna Collard, Popcorn Training 201\u003c\/p\u003e \u003cp\u003eChris Hadnagy, Social Engineer 204\u003c\/p\u003e \u003cp\u003eDrew Rose, Living Security 209\u003c\/p\u003e \u003cp\u003eGary Berman, The CyberHero Adventures: Defenders of the Digital Universe 211\u003c\/p\u003e \u003cp\u003eJason Hoenich, Habitu8 214\u003c\/p\u003e \u003cp\u003eJim Shields, Twist and Shout 217\u003c\/p\u003e \u003cp\u003eKai Roar, CLTRe 219\u003c\/p\u003e \u003cp\u003eLisa Plaggemier, InfoSec Institute 221\u003c\/p\u003e \u003cp\u003eMasha Sedova, Elevate Security 224\u003c\/p\u003e \u003cp\u003eStu Sjouwerman, KnowBe4 226\u003c\/p\u003e \u003cp\u003eTom Pendergast, MediaPRO 228\u003c\/p\u003e \u003cp\u003eWinn Schwartau, The Security Awareness Company (SAC) 231\u003c\/p\u003e \u003cp\u003eReference 236\u003c\/p\u003e \u003cp\u003e\u003cb\u003eIII The Process of Transformation 237\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e8 \u003c\/b\u003e\u003cb\u003eLiving Your Awareness Program Through the Eyes and Lives of Your Audience 239\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eA Learner Journey Map: Awareness in the Context of Life 240\u003c\/p\u003e \u003cp\u003eKey Takeaways 248\u003c\/p\u003e \u003cp\u003eNotes and References 248\u003c\/p\u003e \u003cp\u003e\u003cb\u003e9 \u003c\/b\u003e\u003cb\u003ePutting It All Together 251\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBefore You Begin 252\u003c\/p\u003e \u003cp\u003eThe Five Secrets of Security Awareness Success 252\u003c\/p\u003e \u003cp\u003eTips for Gaining Buy-In 259\u003c\/p\u003e \u003cp\u003eLeverage Cialdini’s Principles of Persuasion 264\u003c\/p\u003e \u003cp\u003eMaking Adjustments 269\u003c\/p\u003e \u003cp\u003eThoughts About Crafting Campaigns 269\u003c\/p\u003e \u003cp\u003eThinking Through Target Groups 271\u003c\/p\u003e \u003cp\u003eBe Intentional with Recognition and Reward 277\u003c\/p\u003e \u003cp\u003eAssembling Your Culture Carriers 277\u003c\/p\u003e \u003cp\u003eMeasuring Your Success 278\u003c\/p\u003e \u003cp\u003eWhat Does the Future Hold? 279\u003c\/p\u003e \u003cp\u003eKey Takeaways 280\u003c\/p\u003e \u003cp\u003eNotes and References 281\u003c\/p\u003e \u003cp\u003e\u003cb\u003e10 \u003c\/b\u003e\u003cb\u003eClosing Thoughts 283\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eLeverage the Power of Community. 283\u003c\/p\u003e \u003cp\u003eBe a Lifelong Learner 285\u003c\/p\u003e \u003cp\u003eBe a Realistic Optimist 290\u003c\/p\u003e \u003cp\u003eConclusion 291\u003c\/p\u003e \u003cp\u003e\u003cb\u003e11 \u003c\/b\u003e\u003cb\u003eVoices of Transformation: Interviews with Security Awareness Program Leaders 293\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBruce Hallas, Marmalade Box 294\u003c\/p\u003e \u003cp\u003eCarlos Miró, MUFG Union Bank 296\u003c\/p\u003e \u003cp\u003eDr. Cheryl O. Cooper, Sprint Corporation 298\u003c\/p\u003e \u003cp\u003eKrina Snider, Sprint 302\u003c\/p\u003e \u003cp\u003eMark Majewski, Quicken Loans 305\u003c\/p\u003e \u003cp\u003eMichael Lattimore, Independent Consultant 307\u003c\/p\u003e \u003cp\u003eMo Amin, Independent Consultant 311\u003c\/p\u003e \u003cp\u003ePrudence Smith, Senior Cyber and Information Security Consultant and Industry Speaker 313\u003c\/p\u003e \u003cp\u003eThom Langford, (TL)2 Security 320\u003c\/p\u003e \u003cp\u003eTory Dombrowski, Takeform 323\u003c\/p\u003e \u003cp\u003eAppendix: Seven Key Reminder Nudges to Help Your Recall 329\u003c\/p\u003e \u003cp\u003eIndex 331\u003c\/p\u003e  \u003cp\u003e\u003cb\u003ePERRY CARPENTER\u003c\/b\u003e is the Chief Evangelist and Strategy Officer for KnowBe4, the world's most popular security awareness and simulated phishing platform. A former security awareness researcher and CISO advisor at Gartner Research, he now works closely with Kevin Mitnick, arguably the world's most famous hacker. Perry frequently addresses management audiences at major cybersecurity conferences.   \u003c\/p\u003e\u003cp\u003e\"I love seeing graduates of my Boot Camp use Behavior Design to address real-world problems. Perry does just that in Transformational Security Awareness, and the results are compelling.\"\u003cbr\u003e \u003cb\u003e—BJ FOGG P\u003csmall\u003eH\u003c\/small\u003eD,\u003c\/b\u003e Researcher and Founder of the Stanford University Behavior Design Lab, Author of \u003ci\u003eTiny Habits: The Small Changes that Change Everything\u003c\/i\u003e \t \u003c\/p\u003e\u003cp\u003e\u003cb\u003eDO YOU CARE MORE ABOUT WHAT YOUR EMPLOYEES KNOW, OR WHAT THEY DO?\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003e\u003ci\u003eTransformational Security Awareness\u003c\/i\u003e offers a fresh, multidisciplinary approach to building a vital culture of awareness and secure behavior. Weaving together insights and best practices from experts in communication, persuasion, psychology, behavioral economics, organizational culture management, employee engagement, and storytelling, author Perry Carpenter empowers organizations to focus on the human element. The tools he provides let you create behavior change that enhances security at every level. \u003c\/p\u003e\u003cp\u003eWhat good is \u003ci\u003eawareness\u003c\/i\u003e if your people still don't care or behave in ways that reflect the security values that you are training on? Building secure users requires an intentional focus on behavior and cultural supports, finding actionable ways to intersect with users in the ways that will be most impactful; from relevant information, to behavioral interventions, to cultural and social supports and pressures. This book helps you optimize your security program to include and work with the realities of human nature. Using the insight provided by behavioral and marketing disciplines, you'll learn to engage users, shape behaviors, and foster an organizational culture that encourages and reinforces security-related values. Don't just change what your employees \u003ci\u003eknow,\u003c\/i\u003e change what they \u003ci\u003edo\u003c\/i\u003e because actions not knowledge will determine whether your organization is breached or secure. \u003c\/p\u003e\u003cp\u003eWith \u003ci\u003eTransformational Security Awareness,\u003c\/i\u003e you'll learn to account for the most important factor of your in your security program: the human factor. Discover how to: \u003c\/p\u003e\u003cul\u003e \u003cli\u003eOvercome the knowledge-intention-behavior gap\u003c\/li\u003e \u003cli\u003eTeach security awareness using simulations, games, surveys, and other methods\u003c\/li\u003e \u003cli\u003eRecognize why technological security tools aren't enough\u003c\/li\u003e \u003cli\u003eDevelop a well-crafted security awareness program that leverages effective training, behavior shaping techniques, and a network of 'culture carriers'\u003c\/li\u003e \u003cli\u003eUnderstand the keys to sustained success and ongoing culture change\u003c\/li\u003e \u003cli\u003eMeasure your success and establish continuous improvements\u003c\/li\u003e \u003c\/ul\u003e  \u003cp\u003e\u003cb\u003e\u003ci\u003eHere's what I know:\u003c\/i\u003e\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003e\"A transformational security awareness program \u003ci\u003ewill\u003c\/i\u003e pay-off. In the same way that a steady stream of water over time will create a canyon; or that small amounts of money invested will, through the magic of compound interest, turn into large sums of money, your efforts \u003ci\u003edo\u003c\/i\u003e make a lasting impact!\" \u003cb\u003e—Perry Carpenter\u003c\/b\u003e\u003c\/p\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47990405923045,"sku":"NP9781119566342","price":30.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781119566342.jpg?v=1761787698","url":"https:\/\/k12savings.com\/products\/transformational-security-awareness-isbn-9781119566342","provider":"K12savings","version":"1.0","type":"link"}