Blog
GDPR and Security Culture in Europe
All forms of government intervention, such as legislation and regulation, are driven by the need to manage risk, and, where possible, leverage opportunity, for the perceived benefit of the state and its citizens. The European Union’s General Data Protection Regulation...
Facebook and GDPR – A Perfect Storm for Changing Security Awareness?
Something quite unique is taking place right now. A confluence of two unrelated events and news stories that together may have enough of an impact to help influence security awareness and behaviour. I'm firstly talking about the rapidly approaching May 25th deadline...
Bruce Hallas to Keynote at CRESTCon & IISP Congress Conference and Exhibition
We are pleased to announce that Bruce Hallas will keynote at CRESTCon and IISP Congress 2018, taking place on May 3rd in London. Now in its sixth year, CRESTCon and IISP Congress is a unique event that brings together leading technical and business information...
What can Security Training Learn from Behavioural Economics?
The discipline of Behavioural Economics provides one of the cornerstones of the SABC Framework for for successfully influencing security awareness, behaviour and culture. In a recent interview with Professional Security Magazine, Marmalade Box founder, Bruce Hallas,...
Four Key Themes on Security Awareness, Behaviour and Culture from ISC2 Secure Summit, London
Back in December I shared the stage with Dr. Ciaran McMahon and Dr. Jessica Barker as we completed our 2017 grand tour of Europe delivering the Security ABC Workshop at ISC2 London. The workshop’s were really very well attended, with in excess of 100 CISSP’s and non...
Are bad analogies killing your security training program? Bruce Hallas Interviewed for CSO Online
Bruce Hallas, along with former speechwriter to Bill Clinton and Re-thinking the Human Factor podcast guest, John Pollack were recently interviewed for an article on CSO Online. In it they talk about how security training and awareness campaigns often fail to change...
CISOs identify the human factor as their top threat
CISOs are worried and unhappy and it's the human factor in their organisations that's to blame. That’s pretty clear from a recent cross-sector survey of information security professionals by the Ponemon Institute. With over two-thirds thinking that their company would...
Behavioural Economics: When irrationality is the remarkably logical decision
The link between Behavioural Economics and the design of effective Security Awareness programmes may, at first, not be apparent. In fact, its theories and lessons have greatly impacted our work here at Marmalade Box. Let me explain. For two centuries, the idea that...
Security awareness – design with the goal in mind
In the information security sector, one of our main aims is to change, create or reinforce some specific behaviour. How well we do this depends largely on whether or not the 'product' we design meets the needs of our 'consumers'. Ineffective design results in...
Want to raise security awareness and influence behaviour? Get a personal brand
It’s 20 years since management guru Tom Peters coined the phrase ‘personal brand’ – the on-going process of managing our image to influence the way others think of us. Even if we don’t actively do this, we all have a personal brand by default. Like it or not, this is...
The world’s not one size. Why have a ‘one size fits all’ communications approach?
Clear communications are critical in business, probably more so today than ever before. Without it, things that should happen don’t, and things that shouldn’t happen do. In fact, poor communication with others is one of the major causes of project failure, according...
Do you have the right information security brand?
Branding is “the art of aligning what you want people to think about your company with what people actually do think about your company. And vice-versa,” says Jay Baer of digital marketing consultancy Convince & Convert. That seems a cogent description. But...