Caring Not Scaring - An Evaluation of a Workshop to Train Apprentices as Security Champions

Uta Menges, Jonas Hielscher, Laura Kocksch, Annette Kluge, M. Angela Sasse

Publikation: Bidrag til bog/antologi/rapport/konference proceedingKonferenceartikel i proceedingForskningpeer review

1 Citationer (Scopus)
43 Downloads (Pure)

Abstract

Security champions are regular employees who have deeper knowledge in information security and a direct connection with the security team. Through this connection, they can facilitate the diffusion of security knowledge to employees and back to the security team. We worked with a German organization with more than 20,000 employees that decided to create such a program, starting with a three day in-person workshop with n = 17 young apprentices to train them to become security champions. Internal and external speakers were invited, to pass on their security knowledge to the apprentices. We contributed to the workshop program with Serious LEGO, security mythbusting exercises, and Q&A sessions. However, our main goal was to evaluate the workshops' impact on the participants. We gathered data through interviews, surveys and observation before, during and after the workshop. We found that the workshop did indeed influence the security behavior of young employees. However, the external security experts presented outdated or incorrect security knowledge, and recommended secure behaviours that contradicted company security policies. We identified incentives and motivations that participants brought to the role. In addition to tailoring security training content appropriately, we identify preparatory steps, and support that organizations need to put in place to support security champions who take on the role.

OriginalsprogEngelsk
TitelEuroUSEC '23 : Proceedings of the 2023 European Symposium on Usable Security
Antal sider16
ForlagAssociation for Computing Machinery (ACM)
Publikationsdato16 okt. 2023
Sider237-252
ISBN (Trykt)9798400708145
DOI
StatusUdgivet - 16 okt. 2023
BegivenhedThe 2023 European Symposium on Usable Security - Copenhagen, Danmark
Varighed: 16 okt. 202317 okt. 2023

Konference

KonferenceThe 2023 European Symposium on Usable Security
Land/OmrådeDanmark
ByCopenhagen
Periode16/10/202317/10/2023

Fingeraftryk

Dyk ned i forskningsemnerne om 'Caring Not Scaring - An Evaluation of a Workshop to Train Apprentices as Security Champions'. Sammen danner de et unikt fingeraftryk.

Citationsformater