The Security Culture Conference 2015 takes place in beautyful Oslo in June - the best time to enjoy the city of Oslo, the beaches, the food, the vikings and so much more!

Using Oslo as the setting scene, the Security Culture Conference 2015 focus on building security culture using best practice. The speakers have extensive experience from building security culture using the Security Culture Framework (https://scf.roer.com), and will be sharing their experiences through talks and workshops.

The full day pass includes all talks and workshops, and you can choose the topics that are relevant to you and your cultural needs.

To maximize the return for your organization - bring colleagues from HR, Communications and Security - then you can attend workshops tailored to each roles needs, and kick-start the security culture results in your workspace!  

The conference at a brief: build on the security culture framework, we look at how to involve people in your culture program, how to measure your culture and how to build a security culture program from scratch. You will also learn from the experiences of using the framework to build culture in different industries and countries.

What are you waiting for? Sign up today!  
Back To Schedule
Thursday, June 18 • 12:45 - 14:45
Workshop: Measuring Security Culture LIMITED

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Limited Capacity seats available

Measuring employees’ actual security behaviors is a constant challenge for security managers
and consultants. The reason behind this is that it’s difficult to convince managers to participate 
in assessments where their employees’ actual security behaviors are being observed, e.g., 
phishing assessments. Hence, there is a need for complementary methods to be used to both 
asses security behaviors and, if needed, change behaviors. Scenario-based surveys have been 
proposed to assess actual behaviors. Using security scenarios relevant for the organization can 
raise discussions among employees triggering their cognitive processing which is pre-condition 
for learning and adapting to new behaviors. This workshop will discuss how observations of 
security behaviors can be performed using phishing e-mails, and how behavioral security 
scenarios can be developed and used to measure employees’ security behaviors. The aim is 
that the participants will be able to identify relevant threats, develop methods to measure the 
vulnerability related to those threats, and be able to communicate the results to key 
stakeholders of the organization.


Waldo Rocha Flores

Consultant, EY
Waldo works at EY in Oslo where he is responsible for the behavioral information securitymanagement service. He has conducted research in behavioral information security at the Royal Institute of Technology (KTH), in Stockholm, Sweden. Waldo has published his research in a various conference... Read More →

Thursday June 18, 2015 12:45 - 14:45 CEST