Cyber security doctrines around the world have an avowed goal of improving user cyber hygiene in the workforce. But no entity within the government or in the private sector is clear about how to achieve this.
Outside of a few thumb rules, such as, asking people to use complex passwords, no cybersecurity professional even knows the behaviors that users should or shouldn't engage in to achieve cyber hygiene.
Often organizations find creative ways of repurposing what they are already doing—such as extending user training or using phish testing performance data—as a proxy for user cyber hygiene. This is the approach taken by the U.S. Department of Homeland Security's Continuous Diagnostics and Mitigation (CDM) program.
But such approaches cloak the problem or attempt to reframe it, rather than address it.
The webinar provides the missing pieces—making it possible for IT managers to better quantify the cyber hygiene levels of users and create an effective culture of cyber safety.
The approach presented involves the use of a recently developed multi-item measure of user cyber hygiene called the Cyber Hygiene Inventory (CHI). The CHI comprises 20-questions that measure five dimensions or facets of cyber hygiene that fit the acronym SAFETY: Storage and device hygiene, Authentication and credential hygiene, Facebook and social media hygiene, Email and messaging hygiene, Transmission hygiene; and Y for "You" highlighting the role of the user in achieving cyber hygiene.
CHI scores range from 0–100 and is a quantitative in indicator of any users' overall cyber hygiene. This single metric provides a bird's-eye view of any users' cyber hygiene and can be compared across users to understand their cyber readiness. CSOs can further drill down into each dimension to understand where the user lacks and by how much they lack compared to others. Furthermore, the CHI can be implemented before and after awareness training to look for gaps.
The webinar will discuss how IT managers can implement this method with existing phishing penetration testing and awareness training approaches to instill a culture of cyber safety within the enterprise. No longer does cyber hygiene have to be just a talking point. Instead, using the CHI, CSOs can measure, track, compare, calibrate—and achieve cyber hygiene.
Arun Vishwanath, Ph.D., MBA, is an alumnus of the Berkman Klein Center at Harvard University. His research focuses on improving individual, organizational, and national resilience to cyber-attacks by focusing on the weakest link in cyber security: Users. His research has been presented at leading venues from the Johns Hopkins Applied Physics Lab to the U.S. Army Cyber Institute at West Point and the United States Senate. arunvishwanath.us