THE WAY TO INSTIL A SECURITY-AWARE CULTURE IN YOUR BUSINESS

eRiskology™

get in their heads.

•A 3-year, organic programmeapplying simple, intuitive, personal multi-media messaging through 4 harmonised“pathways”.

•Pathways are designed to measure existing and changing awareness states through the capture of key performance indicators collected to confirm & measure cultural change.

•Behaviour changes are also verified through live social engineering tests conducted against the staff to produce, what we have called, a calculated InfoSec Quotient (I.Q) rating for your business.

•eRiskology™ will not only get in their heads – it will prove its in their heads. Other security awareness solutions don’t come close to this achievement.

THE eRISKOLOGY SECURITY AWARENESS PROGRAMME

eRiskology™

INSPIRE EMPOWER MEASUREENGAGE

COMBINES 4 LEARNING PATHWAYS

eRiskology™

INSPIREInspire them through meaningful, thought-provoking and collaborative onsiteworkshops given to your staff by seasoned information security risk trainers.

Stimulate your staff’s notions on cyber security by questioning their ideas ofprivacy, highlighting their extreme reliance on technology and challenging anyassumptions they may have that the devices they depend upon daily areinherently secure.

The first step to solving a problem is recognising there isone.

eRiskologyINSPIRE EMPOWER MEASUREENGAGE

eRiskology ISA COURSE

Deliver real-world scenarios that staff can relate and connect with in their everyday lives

INSPIRE EMPOWER MEASUREENGAGE

FACE-TO-FACE WORKSHOPS

EMPOWEREmpower them by providing focused, interactive, multi-media eLearning oncritically fundamental information security topics such as: “What is it?”, “Whydoes it matter?”, “What does good security look like?”, “How does hackingwork?” and “What should I do now?”.

Light, interesting and jargon-free course content that takes around 45 minutesto complete. It’s followed by a test to confirm that their understandingempowers them to act.

Knowledge is power and interest pulls the switch.

eRiskology

get in their heads.

INSPIRE EMPOWER MEASUREENGAGE

eRiskology ISA COURSE

Interactive courses are presented by a subject matter expert who presents current methodologies & best defenses

INSPIRE EMPOWER MEASUREENGAGE

INTERESTING & NARRATED eLEARNING

eRiskology ISA COURSE

MODULE 1: What is it?Following this module, users should be able to correctly confirm:

• The definition of information security

• The objective of information security (to ensure the “Confidentiality”, “Availability” and “Integrity” of the information)

• All information security is based on the fundamental principle of “need to know”.

• Information must be protected from both intentional (theft) and unintentional (accidental) loss

• Information security requires the implementation of security “controls”.

• Effective information security requires controls be implemented for people, process and technology.

• Because technology changes constantly – do the threats to information.

MODULE 2: Why does it matter?

MODULE 3: What does good security look like?

MODULE 4: How does hacking work?

MODULE 5: What should I do?

TEST MODULE: What have I learned?

MODULE 1: What is it?

MODULES

INSPIRE EMPOWER MEASUREENGAGE

ISA eLEARNING COURSE MODULE 1 OVERVIEW

ENGAGEEngage them through a consistent flow (monthly) of current, relevant andfascinating information that they can use in both their personal andprofessional lives. Short videos, podcasts, infographics, bulletins and alertsensure they stay engaged.

Feeding staff a steady diet of current examples, trends, threats and bestpractice will nourish and strengthen the messages they received in workshopsand online training and increase the chances they will change their behaviour.

Repetition is the mother of learning and the father ofaction, which makes it the DNA of change.

eRiskology

get in their heads.

INSPIRE EMPOWER MEASUREENGAGE

INFOGRAPHICS DAILY ALERTS MONTHLY BULLETINS

INSPIRE EMPOWER MEASUREENGAGE

CONTINUAL AND MEANINGFUL CONTENT DELIVERED THROUGH ENGAGING MEDIA

VIDEOS PODCASTSCONTESTSWEBINARS

MEASUREMeasure them by collecting metrics at each of the previous stages through surveys, tests and quizzes and then conducting a series of social engineering tests annually, designed to confirm if they assimilated the information, increased their awareness and changed their behaviour.

Program metrics recorded in the first year can then be used as benchmark to document behavioural changes attained yearly thereafter.

If you can’t measure it, you can’t improve it.

INSPIRE EMPOWER MEASUREENGAGE

1 2 3 4 5 6 7 8 9 10 11 12 1 2 3 4 5 6 7 8 9 10 11 12 1 2 3 4 5 6 7 8 9 10 11 12

INSPIRE

EMPOWER

ENGAGE

MEASURE

36 MONTHS – THE JOURNEYPATHWAYS

InfoSec Quotient (metric) capture

THE THREE YEAR PROGRAMME TRACKS BEHAVIOURAL CHANGE

INSPIRE EMPOWER MEASUREENGAGEYear

2

Year

1

Year

3

•Based on key performance indicators captured from your staff over 36 months.

•Annual metrics are used to tweak program content in the following year to ensure understanding and raise awareness levels.

•Measuring their growing appreciation, awareness and practice of information security.

•See quantifiable progress over the full programme period.

INSPIRE EMPOWER MEASUREENGAGE

EACH YEAR YOUR BUSINESS WILL BE ASSIGNED AN INFOSEC (I.Q.)

InfoSec Quotient (I.Q) rating

53

PHISHING

Specific testing activities will be discussed and agreed prior to our engagement, but as a baseline, eRiskology™ typically conducts the following social engineering tests

for purposes of collecting the cited KPIs:

TELEPHONE PRE-TEXTING

INSPIRE EMPOWER MEASUREENGAGE

SOCIAL ENGINEERING IS CONDUCTED TO MEASURE BEHAVIOURAL CHANGE

eRiskology™

4 PATHWAYS THATINSTIL AND NURTURE A SECURITY-AWARE

CULTURE IN YOUR BUSINESS — GUARANTEED

INSPIRE EMPOWER MEASUREENGAGE

get in their heads.

eRiskology™

GET IN THEIR HEADS AND BEGIN TO TRANSFORM YOUR BUSINESS TODAY