Cryptography gives us powerful and yet fragile information security controls. Strong confidentiality and authentication mechanisms are wonderful provided they are well designed, implemented, used, managed and maintained … but cryptographic controls have a nasty tendency of failing open, sometimes becoming spectacularly insecure - which is just one of the information risks associated with cryptography.
Since this is ‘only’ a security awareness module, we’ve avoided delving into the advanced mathematics that underpins cryptography, while at the same time giving enough information for the module to be both interesting and actionable. Cryptography is a complex, technical topic, for sure, but that's no reason for the awareness program to ignore it and hope for the best!
Even if you have the expertise and interest to research and prepare your own awareness materials, wouldn't you rather spend your valuable time interacting with your colleagues, spreading the word about information security and helping them see the light?
Talking of spending time in the organization, the train-the-trainer guide in the module offers guidance on how we envisage the materials being used, and offers a bunch of creative ideas to make your awareness program more interactive and, yes, fun. This month, there are some “crypto-toys” for workers to explore basic encryption mechanisms, hands-on, and the chance to mess around with medieval-style wax seals, not unlike those on our awareness posters every month. More than simply a design touch, they are a subtle historical reference to a physical form of information security, a tip o’ the hat to our predecessors.
No comments:
Post a Comment
The floor is yours ...