Information Security Awareness, Training and Motivation — Native Intelligence, Inc.

Recommend this article:   Add to your del.icio.us    Digg This   Slashdot   GotNews   StumbledUpon   Reddit

Add Living Books to Your Next Security Awareness Event

What is a Human Library?

Add Living Books to your next security awareness event. A Human Library (offsite link to http://humanlibrary.org/) is a technique to promote dialogue, information interchange, reduce prejudices, and encourage understanding. A Human Library consists of a group of individuals who have agreed to share their knowledge (i.e., information that’s in their head) with others. A Human Library can be a single event with defined start and end times or an ongoing activity where the Living Books come and go much like books are checked in and out from a conventional library.

To create a Human Library for security awareness, set up a space, such as a conference room, auditorium, or cafeteria where your "Living Books" are available for checkout. Living Books are people you have recruited for this event who have experiences of interest to your audience.  Visitors to your library could check out the human books for 15 minutes at a time to speak informally and ask them questions about their experiences or how to address a particular problem.

Your Librarian

The librarian is the person who organizes the Human Library event. The librarian recruits and interviews book candidates, then prepares a short description of the books for readers. The librarian may also provide readers with questions to get the conversations started.

The experiences that might increase security awareness in living books include:

  • Victim of identity theft
  • Computer gaming addict (offsite link to http://www.youtube.com/watch?v=jrKjNwejhfg) "IRL - In Real Life" is an excellent, short documentary about the effects of World of Warcraft addiction, produced as part of a 3rd Year Film Production project at the University of the Creative Arts.
  • Computer Incident Response Team member
  • Penetration tester
  • Social engineer
  • Digital forensics expert
  • Hacker
  • Ethical hacker
  • Help Desk staff member
  • Biometric expert
  • Reformed cyber bully
  • Someone who lost their job as a result of something posted on the Internet
  • Information System Security Officer
  • Senior executive responsible for security policy
  • Privacy expert
  • Electronic Frontier Foundation member
  • Information security blogger
  • HIPAA expert
  • Malware researcher
  • Computer programmer

Guidelines

  • Living Books should be volunteers that are recruited with care to ensure that they are committed and are willing to talk with strangers about important and sometimes very personal issues. Recruit titles that can be linked with current events locally. For example, if a recent data breach resulted in compromised information, look for someone whose identity was stolen as a result.
  • Interview book candidates to ensure the quality of books. Ask the book about their title and motivation to be a book. This is to ensure that books are focused on supporting awareness.
  • Readers can check out a book for 15 minutes, and can extend that time if no one else is waiting to check out that book. Books can check out other books if no one is waiting.
  • There are no stupid questions. A reader can safely ask any question without fear of ridicule. A Human Library provides an opportunity to ask the information security questions you always wanted to ask, but were afraid that asking would make you appear naïve.


Metrics

  • The best sellers are defined as the books that have the most requests for loans.
  • Ask books, readers, and librarians for their comments on their Human Library experience.
  • Ask the books if they would be a book again.
  • Ask if people felt that they benefited from the event.
  • Ask the books if they learned anything from the readers.

What books would you want to read?

What questions would you want to ask a Living Book?


arrow Send your ideas and comments to Kaie at Native Intelligence dot com.

Comments:

Ruth Bandler of FDA suggested that if the Living Books could get continuing education credits (for example, a CISSP might be able to apply the time toward the CISSP CPE credit requirement), this would encourage volunteers.

 

Note: Native Intelligence, Inc. is not affiliated with The Human Library; we just think it’s a great idea that can be adapted for security awareness events.

Article by K Rudolph, CISSP, FITSI-M © Native Intelligence, Inc.  All rights reserved.

Posted: February 29, 2012