SMILE – home of:

A collaborative approach in awareness raising

François ThillBrussels, 12th June 2012

AGENDA

• Starting the wrong way• Improving• Closing the loop

In 2003, launch of www.cases.lu focussed on technical security aspects in layman language.

• not technical enough for specialised press• too technical for our main target groups

Nevertheless :

• we offered an online helpline • it is still successful to date

Starting the wrong

way

• Target oriented• Focussed on real needs

In 2004, courses were provided to pupils aged 13 on an ad-hoc basis :

• teachings still rather technical• only a few behavioural aspects taken into account • children were already over-age

Nevertheless : • teachings included risk assessment

(impact, threat, vulnerability)• contacts with children enabled to hear real-life

stories

Improving

• Target oriented • Focussed on real needs

In 2006, first information security policy for SMEs published :

• paper based - static (no ISMS)• mostly focussed on organisational aspects

Nevertheless :

• focussing on risk assessment and risk treatment (impact, threat, vulnerability)• addressing organisational aspects

Improving

• Security methodologies need to become less discriminatory

In 2006, courses for pupils aged 13 became compulsory

• children are over-aged

Nevertheless :

• teachings are focussed on their needs• pool of real-life stories• class per class teachings• “Facebook” and “Chat-roulette” at its roots

Improving

• Lack of computer knowledge

• Children refrain from speaking to adults because of double victimisation

Since 2007 : communication to the press

• weekly newspaper articles• weekly radio shows• specialised press feeds

Because we know

• the story behind the scene• people’s interests• people’s fears and how to address them

In the press

• People are interested in getting solutions for THEIR problems

•They do not want to get scared

• Security is a cultural challenge

In 2007 : first “lessons learnt” from teaching the children. The report summarizes problems encountered and solutions found.

Children• are lacking computer skills• are left to themselves• surf freely on the Internet

Nevertheless :

• Ministry of Family joined the team• Ombudswoman for the children’s rights reacted on the report with recommendations to the parliament

Enlarging the team

• Lack of computer instructions

• Parents have a wrong perception of impacts

• Children refrain from speaking to adults because of double victimisation

In 2007, a first tool was created by a private company, enabling to :

• manage security services for SME• including a firewall• segregates the networks• runs anti-virus• including an Internet filter

Because

• people want to protect their assets

Technology at last

• SMEs also need tools

• Tools are often discriminatory in terms of costs and complexity

• Security is a behavioural, organisational and technological matter

In 2009-2010, first large-scale campaign• Partners : 12 • Impact on population : 4-5 %

In 2010-2011, a second campaign • Partners : 30• Impact on population : 15-17%

• 2011-2012, a third campaign• about 50 partners – reached about 18%

• 2012-2013 campaign is in preparation• Partners : > 50

Because• we are not the focus of the campaign• partners benefit from the initiative• security is not the most important thing in life

Large scale campaigns

• OCDE : “Culture of security”

• Let others spread your message

In 2009, the first schoolbook published.

Since then, we reached• nearly 100% of all pupils aged 13• nearly 25% of pupils aged 9 – 12

Our knowledge benefits from : • testimonials, real-life examples• top ten problems• feedback from teachers, parents and children

Schools

• OCDE: “Culture of security”

• On the field experience

Since 2009, 15% of government staff sensitized

Our knowledge benefits from :• testimonials , real-life examples• top ten problems• feedback

Government

• OCDE“ Culture of security”

Outlook

• OCDE : “Culture of security”

• Reduce the digital divide in security

BEE-SECURE

• compulsory for teachers• compulsory for pupils aged 9, 12, 16 • enlargement of campaigns

Outlook

• Reduce the digital divide in security

• Reduce complexity of methodologies

• Reduce solutions’ costs

CASES

Include lessons learnt from BEE-SECURE into the behavioural, organisational and technological layers of experise

Produce less discriminatory methodologies

Provide risk assessment platform for all through a dynamic risk assessment, including metrics from CERT

Foster product and services

Outlook

• Provide relevant information

• Create networks

CIRCL

Security dash board• BGB ranking• passive DNS• information exchange

Improve readiness

Provide metrics for risk assessments

Why act as if you were still alone?

Together, let’s aim for cybersecurity!

Thank you

francois.thill@eco.public.lu

SMILE – home of: