Learn how to create your own cyber security awareness plan 

Since a few years, the Cyber Security Coalition has successfully run a training programme called ‘Cyber Security Awareness & Culture Manager’. Last Thursday, the permanent chair of the Coalition’s Awareness Focus Group selected 31 participants for this year’s edition of the training. We congratulate all selected participants for this achievement and we look forward to fruitful interaction in the course, which will kick off on September 21st. 

We spoke with Alexandre Pluvinage, Head of Human Security at ING BE & DBNL and creator of the programme. 

Your job title is “Head of Human Security”. What does this entail? 

When most people hear about IT security, they think about firewalls and antimalware protection. Of course, these are important tools, but you have to put the same effort into human security. More than 90 percent of cyber security attacks against companies are targeting people, for instance with phishing or social engineering. In my role as Head of Human Security, I report to the CISO (Chief Information Security Officer) about these aspects. And I’m glad that more and more companies are having the same approach. 

What’s so important about cyber security awareness? 

If you’re running a transport company and you’re hiring truck drivers, you’re not giving them the keys to the trucks without verifying whether they have a valid driver’s license and whether they drive safely. But not a lot of organisations verify whether their employees are able to use their IT systems safely. Many aren’t even teaching them safe use of their systems. 

A few years ago the number of attacks against companies involving employees was not so significant. Now, especially with the hybrid way of working, these cyber attacks are rife. By doing company tasks on your private computer and the other way around, you’re mixing your private risks with professional risks. Employees should know about these risks, and they should know whom to report to when they notice something unusual. 

So how do you start to develop a cyber security awareness roadmap in your organization? 

The most important part is: just start with something simple. As soon as you have something, you can build on it and learn from it. 

If you want to start raising awareness about cyber security among your employees, download the Cyber Security KIT that the Cyber Security Coalition published. This will help you with password security, phishing, social engineering, customers’ personal data and safely working from home. 

You’ve created the ‘Cyber Security Awareness & Culture Manager’ training programme, a certification by the Cyber Security Coalition. Why did you create this? 

There are other certifications for cyber security awareness, but I wanted to create a very pragmatic programme. During the various modules you learn how to manage stakeholders, how to change people’s behaviour and so on, but you also apply this knowledge to your own organisation and build a cyber security awareness plan. 

So after getting this certification, people can apply the lessons learnt directly in their own organisation? 

Exactly. I’m the trainer of the last module of the programme, and in this session everything is put together. And then there’s a final test, where participants present the cyber security awareness roadmap they prepared for their organisation during the programme. This roadmap is validated by a jury of security awareness experts. 

You get the certification, which is supported by the Cyber Security Coalition and the Centre for Cyber Security Belgium (CCB), if you can prove that you understood the methodology and you are able to create a security awareness roadmap. 

This roadmap should be realistic. For instance, if you’re working for a small company with a tight budget, it’s not realistic to come up with a big plan with all bells and whistles. The plan should fit your organisation. 

So if you get this certification, you return to your organisation with a validated security awareness roadmap, but you have also learned how to create it step by step. 

Do you want to know more about security awareness? Discover the full programme and download the application form for the ‘Cyber Security Awareness & Culture Manager’ training. 

Other blog posts

30 November: Computer Security Day: Ada Lovelace

On computer security day we pay tribute to Ada Lovelace, the forgotten mother of the computer. Often described as the first computer programmer — before computers were even invented — Ada was a real visionary. Imagine what she might have achieved had Babbage actually built his “computer” and she hadn’t died at the age of 36.

Privacy Focus Group: AI and Data Protection

The second webinar of the Privacy Focus Group on the subject of ‘Artificial Intelligence’ (AI) tackles a major challenge: how to reconcile the use of AI with the demands of GDPR, particularly regarding data protection? It is still very much unknown territory for developers, users and privacy protection officers. This webinar helps you find your way!

API Security

API’s (Application Programming Interfaces) are ubiquitous and used to interconnect all our popular web applications. Without API’s, applications cannot communicate and we would simply not be able to use the majority of the current cloud and web applications. But at the same time, because of these API’s, security threats are greater than ever. API attacks are different compared to traditional attacks: they target vulnerabilities in the business logic, and hackers exploit these zero-day vulnerabilities.

Privacy Focus Group: AI : Basic concepts and regulatory trends

This webinar organized by the Privacy Focus Group in cooperation with KU Leuven helps you gain a much-needed insight in the hot topic of Artificial Intelligence (AI). It gives an overview of the different types of AI applications and points to the ethical and societal implications of the use of such applications. It is a splendid starting point to delve deeper into the fascinating world of AI.

Share this useful content with friends: