Innovation awareness
After a weekend on the farm, I'm back to the day-job, preparing April's awareness module on 'security innovation'.
The scope of this module is becoming clearer day-by-day. Two perspectives, in particular, stand out because of their relevance to information risk and security. Here's a scope/introductory slide from the staff seminar:
First there's the invention and creativity angle, including the creation, exploitation and protection of intellectual property. We have covered Intellectual Property Rights several times already so we could dip into the library of content for something suitable to repurpose this month. However I brought up patent trolls a few days ago, a new topic that avoids regurgitating old content. We can refer to IPR in general terms without going into detail, then expand a little on patent trolls.
Secondly, there's the issue of both driving and responding to changes. Again, we've covered change management before so there may be general background stuff in our awareness library we can dust off. This time we're focusing specifically on risk and security changes involving or brought about by technology and social innovations, though, so here too we will be creating brand new content just for this module.
This is par for the course for us. None of the security awareness topics in our bulging portfolio is truly static although admittedly some are more mature than others. In practice, we always find novel perspectives to explore, even for the more stable ones - such as the annual malware topic spawning ransomware this year. Since the world has moved on since we last covered them, there are invariably new issues and incidents to report too. It keeps us on our toes and avoids the awareness materials becoming stale.
Our monthly cycle was innovative when we launched it back in 2003. I've noticed a few other awareness suppliers toying with periodic updates from time to time since then, the periods ranging from 1 week to 1 year or more. Several produce regular newsletters with an assortment of current news, although most only cover tech "cybersecurity" issues and don't provide enough context or explanation for the general security awareness audience. It still feels right to me to focus on a different information risk and security-related topic every calendar month, and to take a deliberately broad perspective with unusual topics such as ... 'security innovation'. An added bonus is that it makes researching and preparing the materials more satisfying for those of us with a short attention span and perfectionist nature. Generally speaking, the last week of any month is a slog but the anticipation of a short break before moving on to the next topic motivates us to get the module finished and delivered.
Our monthly cycle was innovative when we launched it back in 2003. I've noticed a few other awareness suppliers toying with periodic updates from time to time since then, the periods ranging from 1 week to 1 year or more. Several produce regular newsletters with an assortment of current news, although most only cover tech "cybersecurity" issues and don't provide enough context or explanation for the general security awareness audience. It still feels right to me to focus on a different information risk and security-related topic every calendar month, and to take a deliberately broad perspective with unusual topics such as ... 'security innovation'. An added bonus is that it makes researching and preparing the materials more satisfying for those of us with a short attention span and perfectionist nature. Generally speaking, the last week of any month is a slog but the anticipation of a short break before moving on to the next topic motivates us to get the module finished and delivered.