cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Building a Culture of Cybersecurity - Have Your Voice Heard

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Building a Culture of Cybersecurity - Have Your Voice Heard

Re: Building a Culture of Cybersecurity - Have Your Voice Heard

Tim_ISC2
ISC2 Team

(ISC)² is assisting MIT’s Cybersecurity at MIT Sloan (CAMS) Research Consortium in collecting information for their research on building a cybersecurity culture.  You may have heard Dr. Pearlson on a recent (ISC)2 Think Tank Webcast in July where she shared her perspective on how successful organizations have developed a culture of cybersecurity.  She and her colleague Dr. Keman Huang are asking for your help to help them fine-tune their research with input from cybersecurity professionals.

 

The survey will ask your opinion about cybersecurity practices at your company.  It takes less than 10 min to complete and can be completely anonymous (or if you want to receive a copy of their results, you can provide your email). While your participation is completely voluntary, and you are not obligated to participate, it would help their research if they could collect your opinions and views on cybersecurity.  All of the data collected will be held confidential and no participant’s name will be used in any of the publications resulting from this survey.

 

If you'd like to participate in the survey, you can access it here

 

If you decide to participate, please complete at your earliest convenience.  Dr. Pearlson will be sharing the early results of the data they collect at a session she'll be presenting at the (ISC)² Security Congress in New Orleans this fall.

 

Please reach out directly to Dr. Pearlson (kerip@mit.edu) or Dr. Huang (keman@mit.edu) if you have any questions.

6 Comments
CISOScott
Community Champion

Thanks for bringing this to our attention. We need more studies like this to help us get the message of importance of cybersecurity across.

rslade
Influencer II

> Tim_ISC2 ((ISC)² Team) posted a new article in (ISC)² Updates on 08-02-2018

>   She and her colleague
> Dr. Keman Huang are asking for your help to help them fine-tune their research
> with input from cybersecurity professionals.   The survey will ask your opinion
> about cybersecurity practices at your company.  It takes less than 10 min to
> complete

I should have triggered on the word "opinion."

While I am generally more than willing to help with research, this is yet another opinion survey on what people think about security, or what they think about their company.  I fail to see how they are going to get anything useful out of this.

But, unless you obsess over your answers, it does take less than 10 minutes.

CISOScott
Community Champion

Yes @rslade the one thing I learned from my 4 years getting a BS degree is that you can make statistics lie for you, based on the questions you ask. "Is president (insert name) doing a good job or a great job?"  100% of people surveyed said our president is doing a good job, X% said he was doing a great job!

 

I filled out the survey and put my email in hoping they would contact me to discuss it further. I was hoping that others, like yourself, who have good ideas and experience to offer would do the same and even though the survey isn't perfect, perhaps the follow on conversations would be.

rslade
Influencer II
> CISOScott (Contributor III) mentioned you in a post! Join the conversation

> I was hoping that others, like yourself, who have good
> ideas and experience to offer would do the same and even though the survey
> isn't perfect, perhaps the follow on conversations would be.

Yeah, I left my address, but I'm not holding my breath about being contacted ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Patriotism is the Rohypnol of the American Public
- John Bender, http://bantha.cjb.net/john
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade
kpearlson
Viewer

Just want to weigh in here...first, thank you to (ISC)2 for supporting our research.  We are very interesting in how companies build a cybersecurity culture.  Getting input from this community is going to help us further our research.  This is not being done automatically or by a robot.  Dr. Huang and I are real people with research backgrounds trying to use our skills to learn about cybersecurity culture.  Our plans are to collect as many responses from this community as we can, then to reflect back what we learn in a presentation/discussion at the Security Congress this fall.  

 

I see from some of the comments that there may be some concerns about our survey.  Thank you for raising them here so I can respond in a way that hopefully provides more transparency to our project.


We are researchers at MIT and we have many years of experience with research like this.  If you were able to attend the (ISC)2 ThinkTank Discussion in July, you might have heard about this project and/or the model upon which this survey is based.  If you want to know more, here's the link to a paper we have written about the model:  https://cams.mit.edu//wp-content/uploads/Profiling_the_organizational_Cybersecurity_culture.pdf    Here is the link to the ThinkTank discussion on this topic: https://www.isc2.org/en/News-and-Events/Webinars/ThinkTank 

 

We are asking for your opinion because we believe if we collect enough perspectives on culture, we will be able to make some insightful comments about how to build a cybersecurity culture.  We are using well-accepted research methodology and principles.  And our survey has been through a rigorous process at MIT for use with 'human subjects.'   Whether it provides any useful insights is yet to be seen (and that's why we are so excited to work with this group).  The more responses we collect, the better our results should be and the more useful our insights.  Happy that it has only taken less than 10 min to respond.  Good to have that confirmed.  

 

We do plan to reach out to everyone who gives us your email/contact info.  We may have additional questions as we start to analyze the data we collect, but at a minimum you will receive a copy of our findings.  But, of course, we won't have findings until the study is done and that will be a few months.

 

So if you have any additional concerns or questions, please feel free to post here and/or contact me directly at kerip@mit.edu.  I'll respond as quickly as I can.  Thank you in advance for supporting our work.  

kpearlson
Viewer

Dear (ISC)2 Community,

 

We are reaching back out to see if we can encourage you to help us with this research.  We have received 29 responses and we are hoping to get 100 or more responses from the group so we have a significant sample of data to use for our presentation at the Congress this fall.  Please give us your thoughts and opinions on your organization's cybersecurity culture here:   MIT cybersecurity culture survey

 

Thank you!

Keman and Keri

Cybersecurity at MIT Sloan Research Consortium

https://cams.mit.edu