SMILE – home of: A collaborative approach in awareness raising François Thill Brussels, 12th June 2012
Feb 24, 2016
SMILE – home of:
A collaborative approach in awareness raising
François ThillBrussels, 12th June 2012
AGENDA
• Starting the wrong way• Improving• Closing the loop
In 2003, launch of www.cases.lu focussed on technical security aspects in layman language.
• not technical enough for specialised press• too technical for our main target groups
Nevertheless :
• we offered an online helpline • it is still successful to date
Starting the wrong
way
• Target oriented• Focussed on real needs
In 2004, courses were provided to pupils aged 13 on an ad-hoc basis :
• teachings still rather technical• only a few behavioural aspects taken into account • children were already over-age
Nevertheless : • teachings included risk assessment
(impact, threat, vulnerability)• contacts with children enabled to hear real-life
stories
Improving
• Target oriented • Focussed on real needs
In 2006, first information security policy for SMEs published :
• paper based - static (no ISMS)• mostly focussed on organisational aspects
Nevertheless :
• focussing on risk assessment and risk treatment (impact, threat, vulnerability)• addressing organisational aspects
Improving
• Security methodologies need to become less discriminatory
In 2006, courses for pupils aged 13 became compulsory
• children are over-aged
Nevertheless :
• teachings are focussed on their needs• pool of real-life stories• class per class teachings• “Facebook” and “Chat-roulette” at its roots
Improving
• Lack of computer knowledge
• Children refrain from speaking to adults because of double victimisation
Since 2007 : communication to the press
• weekly newspaper articles• weekly radio shows• specialised press feeds
Because we know
• the story behind the scene• people’s interests• people’s fears and how to address them
In the press
• People are interested in getting solutions for THEIR problems
•They do not want to get scared
• Security is a cultural challenge
In 2007 : first “lessons learnt” from teaching the children. The report summarizes problems encountered and solutions found.
Children• are lacking computer skills• are left to themselves• surf freely on the Internet
Nevertheless :
• Ministry of Family joined the team• Ombudswoman for the children’s rights reacted on the report with recommendations to the parliament
Enlarging the team
• Lack of computer instructions
• Parents have a wrong perception of impacts
• Children refrain from speaking to adults because of double victimisation
In 2007, a first tool was created by a private company, enabling to :
• manage security services for SME• including a firewall• segregates the networks• runs anti-virus• including an Internet filter
Because
• people want to protect their assets
Technology at last
• SMEs also need tools
• Tools are often discriminatory in terms of costs and complexity
• Security is a behavioural, organisational and technological matter
In 2009-2010, first large-scale campaign• Partners : 12 • Impact on population : 4-5 %
In 2010-2011, a second campaign • Partners : 30• Impact on population : 15-17%
• 2011-2012, a third campaign• about 50 partners – reached about 18%
• 2012-2013 campaign is in preparation• Partners : > 50
Because• we are not the focus of the campaign• partners benefit from the initiative• security is not the most important thing in life
Large scale campaigns
• OCDE : “Culture of security”
• Let others spread your message
In 2009, the first schoolbook published.
Since then, we reached• nearly 100% of all pupils aged 13• nearly 25% of pupils aged 9 – 12
Our knowledge benefits from : • testimonials, real-life examples• top ten problems• feedback from teachers, parents and children
Schools
• OCDE: “Culture of security”
• On the field experience
Since 2009, 15% of government staff sensitized
Our knowledge benefits from :• testimonials , real-life examples• top ten problems• feedback
Government
• OCDE“ Culture of security”
Outlook
• OCDE : “Culture of security”
• Reduce the digital divide in security
BEE-SECURE
• compulsory for teachers• compulsory for pupils aged 9, 12, 16 • enlargement of campaigns
Outlook
• Reduce the digital divide in security
• Reduce complexity of methodologies
• Reduce solutions’ costs
CASES
Include lessons learnt from BEE-SECURE into the behavioural, organisational and technological layers of experise
Produce less discriminatory methodologies
Provide risk assessment platform for all through a dynamic risk assessment, including metrics from CERT
Foster product and services
Outlook
• Provide relevant information
• Create networks
CIRCL
Security dash board• BGB ranking• passive DNS• information exchange
Improve readiness
Provide metrics for risk assessments
Why act as if you were still alone?
Together, let’s aim for cybersecurity!