Cyber-Partnering: Crafting security culture

Thursday
 
28
 
November
10:15 am
 - 
10:55 am
Topic
Security Strategy / Leadership
Agenda
Sign in to add this session to your agenda
Add to My AgendaAdded to My Agenda
Location
Room 218
Theme
Leadership & Governance in Cyber Security

Speakers

Lynore Close
Lynore Close

Lynore Close

Lynore Close

Manager
Scyne Advisory

Synopsis

Cyber security remains a significant challenge for organisations, with teams often operating with limited resources. To address this issue, an alternative method involving the engagement of non-cyber stakeholders in the cybersecurity process is proposed utilising the co-design framework.

As cyber threats become increasingly sophisticated, the need for adaptive security strategies is more critical than ever. This presentation will explore the concept of co-design for cybersecurity professionals. In short co-design can be defined as: “Co-design involves collaborating with a diverse team to identify and understand problems, develop solutions, and test their implementation to improve outcomes and experiences.”

A co-design framework that integrates technical expertise with human dynamics will be introduced, highlighting that fostering sustainable and robust solutions between technical and non-technical teams is important to craft effective cybersecurity strategies. To shift from a survival-oriented to a proactive cybersecurity mindset, organisations, teams, and individuals can thrive even in resource-limited environments. Individuals become agents of change, and collaborative knowledge sharing among diverse stakeholders becomes essential.

The presentation will cover practical strategies for implementing co-design in cybersecurity, addressing both technological and organisational challenges. This framework offers actionable strategies for effectively incorporating a co-design approach into cybersecurity policy, procedures and practices.

A case study demonstrating how co-design framework can be used for implementing a simple yet complex password policy for an enterprise organisation who has different stakeholder requirements (eg a developer, non-technical end user, CISO, Legal and HR personnel) and conflicting technical controls (eg NIST, ISO27001k, CIS Controls, PCI DSS) through the phases of

- pre-design: understand people’s experiences in the context of their lives: past, present, and future

- generative: produce ideas, insights, and concepts that may then be designed and developed

- evaluative: assess, formatively or summatively, the effect or the effectiveness of products, spaces, systems, or services

- post design: Investigate how people actually experience the product, service, or space

This presentation aims to illustrate the tangible benefits of integrating co-design into cybersecurity practices. 

Back to Program

Acknowledgement of Country

We acknowledge the traditional owners and custodians of country throughout Australia and acknowledge their continuing connection to land, waters and community. We pay our respects to the people, the cultures and the elders past, present and emerging.

Acknowledgement of Country