Are your users best equipped to handle the threats of today?  How about your key roles in the business?  Are your security professionals able to perform their jobs at the state of practice for today’s threat environment? How do you know?

MAD Security understands the value of ensuring that your people are performing optimally.  While the information security industry tends to focus on technology to prevent attacks on systems, the  humans are the largest attack surface.  Yet, we provide those humans the same tired old training methods and get frustrated when they aren’t equipped to protect the organization.   A workforce that is equipped to identify and mitigate sophisticated attacks on information systems can significantly enhance an organization’s overall information security posture and reduce security incidents that result in lost productivity and compromised data.

I know when to bring in the rock stars! You guys really ARE good at this!

Director of Information Security at US Federal Government Agency

 

From industry initiatives like the National Initiative for Cybersecurity Education (NICE) to standards like NIST SP 800 -16, the programs that focus on this type of improvement are clear:  there are three types of user behavior that shape the success of your information security program.

awarenessPyramid_blue

1.  End User Awareness that ensures that your users act as the first line of defense against threats
2. Role-based Awareness for Key Roles to ensure that each role has the specific security knowledge that makes the user the most effective
3. A highly trained and effective information security workforce.

MAD Security has crafted a methodology that will assess your organization’s human assets and then shape their behavior around security to provide the most effective

Wouldn’t it be nice if we could just install a firewall on our users that ensured that they always did the right thing?  By following the MAD methodology it could be almost that easy.

Perform Cultural Assessments

The first step to a high-performing security culture is to know why your organization isn’t getting the results it needs.  Working with your staff, MAD’s team of security behavioral scientists will perform a short, highly focused cultural assessment  to determine the priorities and blocks around key behavior within your organization.  This engagement helps to establish a roadmap that includes key performance indicators (KPIs) based upon the objectives of your organization. These KPIs facilitate the tracking and measurement of these objectives as you implement your security program.

Establish User Awareness

End Users are the first line of defense against security threats.  This is an area well-understood by compliance initiatives – nearly every standard requires some amount of annual awareness training.  Rather than wasting this time, MAD has created a behavior-focused end-user training that meets those requirements and actually overcomes the common blocks that prevent awareness training from working.   And then we can go beyond annual awareness training to establish advanced messages that achieve the KPIs laid out in the cultural assessment.

Awareness for Key Roles

Many roles within the organization require a different understanding of information security  than the average worker.  For example: a project manager running IT projects needs to know things about security than the intern who just started in the marketing department.  Staff in these roles need specially focused awareness training that allows them not to just perform as a normal user, but to optimize for security within their actual job function.  MAD provides the industry’s first annual role-based awareness content to focus on specific high-value roles in the industry.

Information Security Education

Having an effective workforce protecting the organization does very little if the information security department itself is ineffective.   Far too often, a lack of knowledge within the information security department leads to ineffective controls, vulnerable systems and a much more accessible attack surface than is appropriate for the organization.  The industry largely eschews training because traditional training is inefficient – if you have to stop doing your job for weeks at a time to learn, it’s a burden on the organization and the person.  MAD focuses on providing training at optimal efficiency and effectiveness.