Digestable Risk Assessment: creating a security booklet to encourage secure thoughts, not just security tools
|Digestable Risk Assessment: creating a security booklet to encourage secure thoughts, not just security tools|
|Presenter(s)||Anqi Li, Michael Carbone|
|Title(s)||Design Lead, Manager of Security Education|
|2017 theme||Training & Best Practices|
Thursday March 9 615pm-715pm at Think Tank
We created an introductory risk assessment booklet A First Look at Digital Security which tries to get people into the security mindset, not just present tools. It is an attempt to walk non-tech people through a risk assessment without using the jargon of infosec to do it -- the booklet uses animal characters to think through some intimidating situations where vulnerabilities and risks are mitigated using particular practices.
We have pushed the content and design files to GitHub:
This session would present the booklet for feedback, expansion, and use. Some ideas include:
- There are currently four "security archetypes" and we hope to eventually have a rotating cast of about 10 or so -- always 4 in the booklet, but being able to switch in and out profiles based on the audience it is serving.
- Add some content for DIY self-assessment (or showing it more concretely for the characters), such as introducing the threat/assessment table, as used in SIAB or Holistic Security, or the Secure Communications Framework.
- Ways to better collaborate on a design-heavy guide.
We'd love your thoughts on what would be most helpful for an accessible and approachable guide to risk assessment -- the goal is to produce a successfully evolving document and thoroughly community-focused project.
|Target Groups||Software Developers, Security Trainers, Advocacy/Policy Professional, Front Line Activists|