Loading…
The Security Culture Conference 2015 takes place in beautyful Oslo in June - the best time to enjoy the city of Oslo, the beaches, the food, the vikings and so much more!

Using Oslo as the setting scene, the Security Culture Conference 2015 focus on building security culture using best practice. The speakers have extensive experience from building security culture using the Security Culture Framework (https://scf.roer.com), and will be sharing their experiences through talks and workshops.

The full day pass includes all talks and workshops, and you can choose the topics that are relevant to you and your cultural needs.

To maximize the return for your organization - bring colleagues from HR, Communications and Security - then you can attend workshops tailored to each roles needs, and kick-start the security culture results in your workspace!  

The conference at a brief: build on the security culture framework, we look at how to involve people in your culture program, how to measure your culture and how to build a security culture program from scratch. You will also learn from the experiences of using the framework to build culture in different industries and countries.

What are you waiting for? Sign up today!  

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Thursday, June 18
 

08:45

Boat from Oslo Rådhus / PIPEVIKA
To reach the venue, you should meet the Conference Crew at the Pipevika Harbour to take the boat to Bygdøynes at 0855. You will be met at the harbor by the conference crew volunteers - just look for us! You will be guided to the destination!

NOTE: You should buy your ticket (35/one way) at the harbor, so please be in time.

More information and map: http://www.visitoslo.com/no/aktiviteter-og-attraksjoner/aktiviteter/?TLp=181623&Bygdoyfergene 
Thursday June 18, 2015 08:45 - 09:15

09:45

Opening Keynote
The Opening Keynote explores what security culture is, and what makes it an important tool for organizations. 
Speakers
avatar for Roar Thon

Roar Thon

Security Culture, NSM
Har arbeidet i NSM siden 2003 og har de siste årene arbeidet med menneskers bruk av teknologi og hvordan dette påvirker sikkerheten i virksomheter og samfunnet.Roar Thon på Twitter... Read More →

Thursday June 18, 2015 09:45 - 10:15
  Keynote

10:15

Security Culture in Development
The majority of security vulnerabilities come from flaws in software code. While the rate in which these flaws occur remains constant, we are now developing more code than ever before as well as deploying software to many more devices. We must address the software development process and it can only be done by creating a culture of security. This session presents the Security Culture Framework (SCF) and applies it to an entirely fictional development organization. We will discuss awareness training and tying the training to tangible improvements in code. By using the SCF Topics/Planner/Metrics approach, we will move the organization toward developing every more secure code. The presentation will conclude with take-aways for applying the SCF to your software development team.
Speakers
avatar for J. Wolfgang Göerlich

J. Wolfgang Göerlich

Vice President of Strategic Programs, CBI (Creative Breakthroughs, Inc.)
J Wolfgang Goerlich supports information security initiatives for clients in the healthcare, education, financial services, and energy verticals. In his current role with CBI, a cyber security consultancy, Wolfgang is the vice president for security programs. Wolfgang also leads the... Read More →

Thursday June 18, 2015 10:15 - 11:00
  Talk

11:00

Building and Maintaining Security Culture
In this talk Kai Roer will introduce the Security Culture Framework and explain how to plan and execute your security culture programmes. You will learn how to structure your security awareness work to align with, and strengthen your organizational culture. 

The talk is based on the book "Build a Security Culture" by the speaker. 
Speakers
avatar for Kai Roer

Kai Roer

Senior Partner, The Roer Group AS
Kai is a well known expert on security culture and behaviors. He is the creator of the free and open Security Culture Framework, the author of several books, a university guest lecturer in Europe and Asia, a Fellow to the National Cybersecurity Institute in Washington DC, and a Ron... Read More →

Thursday June 18, 2015 11:00 - 11:30
  Talk

11:30

Behavioral outcomes of security culture

This talk will address the effect of security culture on behavioral outcomes such as security awareness and behavior. To test the effect a measurement instrument was developed and empirically tested through a large empirical study including employees from 84 organizations. Implications for managers responsible for strategies to improve employees’ security behaviors will be discussed.
Speakers
WR

Waldo Rocha Flores

Consultant, EY
Waldo works at EY in Oslo where he is responsible for the behavioral information securitymanagement service. He has conducted research in behavioral information security at the Royal Institute of Technology (KTH), in Stockholm, Sweden. Waldo has published his research in a various conference... Read More →

Thursday June 18, 2015 11:30 - 12:00
  Talk

12:00

LUNCH
Yes! Time to fill the belly!
There is a lot of culture in food! Imagine what you eat normally, and compare that to food you know other people eat, food you would never try yourself! Share your thoughts with your peers during lunch!
Thursday June 18, 2015 12:00 - 12:45
  Mingle

12:45

Workshop: Creating Results with the Security Culture Framework
Limited Capacity seats available
We dig into the Security Culture Framework, and looks at how to understand the target audience, and crafting our message in a way that makes sense. We will use the Culture Diamond to build our understanding and to learn the different perspectives should consider when crafting our security awareness messages. 
The workshop is facilitated by Kai Roer, the creator of the Security Culture Framework.
Speakers
avatar for Kai Roer

Kai Roer

Senior Partner, The Roer Group AS
Kai is a well known expert on security culture and behaviors. He is the creator of the free and open Security Culture Framework, the author of several books, a university guest lecturer in Europe and Asia, a Fellow to the National Cybersecurity Institute in Washington DC, and a Ron... Read More →

Thursday June 18, 2015 12:45 - 14:45
  Workshop

12:45

Workshop: Measuring Security Culture
Limited Capacity seats available
Measuring employees’ actual security behaviors is a constant challenge for security managers
and consultants. The reason behind this is that it’s difficult to convince managers to participate 
in assessments where their employees’ actual security behaviors are being observed, e.g., 
phishing assessments. Hence, there is a need for complementary methods to be used to both 
asses security behaviors and, if needed, change behaviors. Scenario-based surveys have been 
proposed to assess actual behaviors. Using security scenarios relevant for the organization can 
raise discussions among employees triggering their cognitive processing which is pre-condition 
for learning and adapting to new behaviors. This workshop will discuss how observations of 
security behaviors can be performed using phishing e-mails, and how behavioral security 
scenarios can be developed and used to measure employees’ security behaviors. The aim is 
that the participants will be able to identify relevant threats, develop methods to measure the 
vulnerability related to those threats, and be able to communicate the results to key 
stakeholders of the organization.
Speakers
WR

Waldo Rocha Flores

Consultant, EY
Waldo works at EY in Oslo where he is responsible for the behavioral information securitymanagement service. He has conducted research in behavioral information security at the Royal Institute of Technology (KTH), in Stockholm, Sweden. Waldo has published his research in a various conference... Read More →

Thursday June 18, 2015 12:45 - 14:45
  Workshop

15:00

JUST EAT, a Security Culture story
  • Identifying goals and objectives. What are we trying to achieve?
  • Culture eats Strategy for Breakfast. Developing a program to change fundamental attitudes.
  • Maintaining Momentum. Keeping your audience interested.
  • Measuring Success. Didn't we do well (or not)
Speakers
avatar for Shan Lee

Shan Lee

Head of Information Security, JUST EAT PLC
I am passionate about promoting a Security Culture in what is a fast moving and rapidly expanding multinational environment. I have previously worked for a variety of organisations ranging from resellers to financial institutions and in my spare time I'm an insufferable Land Rover... Read More →

Thursday June 18, 2015 15:00 - 15:30
  Talk

15:30

Popping the Bubble

Now you’re thinking “Bubble?  You what…”

Let me explain.  My experience is that a lot of the time we security types - yes, you and me - don’t actually know what the rest of the departments within the business actually do on a day-to-day basis.  We know they exist and what their purpose is but we don’t appreciate their pain points.  We’ve all heard, way too many times, the quotation from Sun Tzu’s “The Art of War”: “If you know the enemy and know yourself you need not fear the results of a hundred battles.”

I would argue that a lot of us don’t know our own organisation as well as we should, let alone the enemy.

If we consider a typical enterprise organisation it will have departments such as HR, legal, sales, PR, marketing, accounts, IT and many others.  These all have their own objectives, their own stresses and strains and targets to meet – essentially they are in their own little bubble trying to do the best they can with what they have and more often than not information security is the last thing on their minds - So if we are all in our own little bubbles, how can information security departments be effective for their businesses?   

In this talk I’ll look at how you can step out of your bubble and help build more effective and positive relationships within your organisation.


Speakers
avatar for Mo Amin

Mo Amin

Independent InfoSec Consultant
Mo Amin is a London based information security professional. He started out in the world of desktop support where he honed his communication skills from there he transitioned into information security. Since then he has acquired a broad range of experience across the field ranging... Read More →

Thursday June 18, 2015 15:30 - 16:00
TBA
  Talk

16:00

Closing remarks
Closing remarks and thanks that are due! 
Speakers
avatar for Kai Roer

Kai Roer

Senior Partner, The Roer Group AS
Kai is a well known expert on security culture and behaviors. He is the creator of the free and open Security Culture Framework, the author of several books, a university guest lecturer in Europe and Asia, a Fellow to the National Cybersecurity Institute in Washington DC, and a Ron... Read More →

Thursday June 18, 2015 16:00 - 16:15
  Talk

18:30

EXTRA: A Cultural Experience of Dinner (Dinner Party)
Limited Capacity seats available
Dinner Ticket (Addon-Ticket)
In order to join the dinner, you either need a Conference Ticket with Dinner, or the extra Dinner Ticket. 
Special ticket required! 
An extra option: keep the dialogue going at the Farewell Dinner.

Experience the culture of food, with tales of how food is a vital part of our culture.  
Thursday June 18, 2015 18:30 - 21:00
  Farewell dinner