Events , RSA Conference , RSA Conference Videos
Applying Human Risk Management for Better Security Awareness
Ashley Rose, Founder and CEO of Living Security, on Targeted Awareness TrainingCreating and understanding risk profiles for individual users in an organization can help optimize the effectiveness of security awareness training, which is just one tool under the wider umbrella of human risk management, said Ashley Rose, founder and CEO of Living Security.
See Also: Safeguarding Election Integrity in the Digital Age
"There are loads of data in security programs and security technologies that have traditionally not been used in the human or identity context," she said. "Most of the time, we're sending that data back into a SIEM. We're looking at our infrastructure, our networks, our devices - but the human is overlooked," she said. Living Security's approach is to take all that data and bring it together in the context of the user.
"From there we can start understanding where is someone's strengths and weaknesses - where are the gaps in our security programs, which users are the most vigilant users that we should be looking at as security champions, and where are the riskiest users that we need to be paying more attention to," she said. "From there we can take the next step to administer things like security awareness training but doing it in a more intelligence, data-driven approach."
In this video interview with Information Security Media Group at RSA Conference 2024, Rose also discussed:
- Why innovative approaches - such as simulated phishing, escape rooms and gamification - have a positive effect in engaging employees in security awareness training;
- How Living Security uses machine learning and algorithms in bringing disparate information together to put the user in better context for targeted security awareness training;
- How Living Security addresses privacy concerns.
Rose has been the driving force behind Living Security's rapid growth. Founding in 2017, the company is focused on reducing human risk and protecting organizations from cybercrime.