1 / 18

SMILE – home of:

SMILE – home of:. A collaborative approach in awareness raising François Thill Brussels, 12th June 2012. AGENDA Starting the wrong way Improving Closing the loop. In 2003, launch of www.cases.lu focussed on technical security aspects in layman language.

dooley
Download Presentation

SMILE – home of:

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SMILE – home of: A collaborative approach in awareness raising François Thill Brussels, 12th June 2012

  2. AGENDA • Starting the wrong way • Improving • Closing the loop

  3. In 2003, launch of www.cases.lu focussed on technical security aspects in layman language. • not technical enough for specialised press • too technical for our main target groups • Nevertheless : • we offered an online helpline • it is still successful to date • Starting the wrong way • Target oriented • Focussed on real needs

  4. In 2004, courses were provided to pupils aged 13 on an ad-hoc basis : • teachings still rather technical • only a few behavioural aspects taken into account • children were already over-age • Nevertheless : • teachings included risk assessment • (impact, threat, vulnerability) • contacts with children enabled to hear real-life stories • Improving • Target oriented • Focussed on real needs

  5. Improving • Security methodologies need to become less discriminatory • In 2006, first information security policy for SMEs published : • paper based - static (no ISMS) • mostly focussed on organisational aspects • Nevertheless : • focussing on risk assessment and risk treatment • (impact, threat, vulnerability) • addressing organisational aspects

  6. Improving • Lack of computer knowledge • Children refrain from speaking to adults because of double victimisation • In 2006, courses for pupils aged 13 became compulsory • children are over-aged • Nevertheless : • teachings are focussed on their needs • pool of real-life stories • class per class teachings • “Facebook” and “Chat-roulette” at its roots

  7. In the press • People are interested in getting solutions for THEIR problems • They do not want to get scared • Security is a cultural challenge • Since 2007 : communication to the press • weekly newspaper articles • weekly radio shows • specialised press feeds • Because we know • the story behind the scene • people’s interests • people’s fears and how to address them

  8. Enlarging the team • Lack of computer instructions • Parents have a wrong perception of impacts • Children refrain from speaking to adults because of double victimisation • In 2007 : first “lessons learnt” from teaching the children. The report summarizes problems encountered and solutions found. • Children • are lacking computer skills • are left to themselves • surf freely on the Internet • Nevertheless : • Ministry of Family joined the team • Ombudswoman for the children’s rights reacted on the report with recommendations to the parliament

  9. Technology at last • SMEs also need tools • Tools are often discriminatory in terms of costs and complexity • Security is a behavioural, organisational and technological matter • In 2007, a first tool was created by a private company, enabling to : • manage security services for SME • including a firewall • segregates the networks • runs anti-virus • including an Internet filter • Because • people want to protect their assets

  10. Large scale campaigns • OCDE : • “Culture of security” • Let others spread your message • In 2009-2010, first large-scale campaign • Partners : 12 • Impact on population : 4-5 % • In 2010-2011, a second campaign • Partners : 30 • Impact on population : 15-17% • 2011-2012, a third campaign • about 50 partners – reached about 18% • 2012-2013 campaign is in preparation • Partners : > 50 • Because • we are not the focus of the campaign • partners benefit from the initiative • security is not the most important thing in life

  11. Schools • OCDE: • “Culture of security” • On the field experience • In 2009, the first schoolbook published. • Since then, we reached • nearly 100% of all pupils aged 13 • nearly 25% of pupils aged 9 – 12 • Our knowledge benefits from : • testimonials, real-life examples • top ten problems • feedback from teachers, parents and children

  12. Government • OCDE • “ Culture of security” • Since 2009, 15% of government staff sensitized • Our knowledge benefits from : • testimonials , real-life examples • top ten problems • feedback

  13. Outlook • OCDE : “Culture of security” • Reduce the digital divide in security • BEE-SECURE • compulsory for teachers • compulsory for pupils aged 9, 12, 16 • enlargement of campaigns

  14. Outlook • Reduce the digital divide in security • Reduce complexity of methodologies • Reduce solutions’ costs • CASES • Include lessons learnt from BEE-SECURE into the behavioural, organisational and technological layers of experise • Produce less discriminatory methodologies • Provide risk assessment platform for all through a dynamic risk assessment, including metrics from CERT • Foster product and services

  15. Outlook • Provide relevant information • Create networks • CIRCL • Security dash board • BGB ranking • passive DNS • information exchange • Improve readiness • Provide metrics for risk assessments

  16. Why act as if you were still alone?

  17. Together, let’s aim for cybersecurity!

  18. Thank you francois.thill@eco.public.lu SMILE – home of:

More Related