October, the nationwide security month of the year. A month we use to share security knowledge internally and externally. Following USA and EUs information security organ (ENISA) yearly security month we take extra responsibility to increase security awareness and protection.

Therefore, we come together and deliver free security related presentations in October. People working in IT all over Norway participates and upon request from colleagues of the tech community we are handing out free presentations to spread the knowledge of security.
NORSIS (Norwegian Center for Information Security) rallies through October, giving us a platform to offer presentations and participants to place orders for digital or physical presentations of the topics they can choose from.
Here is a list of my colleagues and me in Sopra Steria’s free presentation offers:
2-faktor autentisering, hvorfor er det så viktig? med Camilla Olsen.
Leverandør + informasjonssikkerhet + personvern =sant? med Kaja Felix Sønslien.
Det var en gang et ransomware angrep.. med Marius Sandbu.
[Ditt personvernforedrag her] med Ida Thorsrud.
Deploying and managing Microsoft Sentinel as Code med Truls Dahlsveen.
Sikker utvikling av infrastrukturkode ( DevSecOps ) med Tor Ivar Asbølmo.
Sikkerhetskommunikasjon – hvordan skal vi snakke om informasjonssikkerhet? med Therese Bjerkestrand.
Secure client trust between Azure AD tenants med Roy Apalnes (me).
And I would also recommend reading other related blogs, posting security knowledge:
Tor Ivar gives us 10 useful tips to stay secure, personally and professionally.
NSM also pitching in giving free access to participate in their security course.

I believe this is important work, because technology can’t solve every threat out here in the security space.
We are humans with all the pros and cons coming with being a human. We can be manipulated, and we forget things. It’s not because we are bad people, it is our DNA, whether we want it or not.
BUT, we can’t give up! We must balance technology and information.

Too much technology will make it very complex or complicated, and reduce the user-friendly experience. In extreme cases, to the point users will find workarounds or they get frustrated. Frustrated users will complain and might not get any work done. This doesn’t go well with the boss, and you will be ordered to reduce security back down. Getting the work done will win in most battles, so we need to find the golden place between user friendly and secure.
BUT, if we can’t raise security with technology, we need to inform users how they can help us all stay secure. And this isn’t one time at the beginning of employment, we must continue to inform about security on a regular basis.
Information and knowledge need to hit the audience the right way. People working in IT might understand the critical statistics and even we can be afraid sometimes. We need to back down and clear our mind. Because it feels like we can’t even use a computer on the Internet.

SO, how should we inform our regular users? How will they understand? How will we have them take on the responsibility?
Regular users’ needs continuedly reminders, or else they forget and shift focus to other tasks. It’s just how we work being human.
They will understand and take on responsibility when they feel their valuable data and assets is having real risk. The key to having users become security aware is through their feelings. Their feeling of being valuable and creating valuable assets worth protecting.
Leave a Reply
You must be logged in to post a comment.