Add a Living Book to Your Security Awareness Events
Add Living Books to Your Next Security Awareness Event
What is a Human Library?
A Human Library is a technique to promote dialogue, information interchange, reduce prejudices, and encourage understanding. A Human Library consists of a group of individuals who have agreed to share their knowledge (i.e., information that’s in their head) with others. A Human Library can be a single event with defined start and end times or an ongoing activity where the Living Books come and go much like books are checked in and out from a conventional library.
To create a Human Library for security awareness, set up a space, such as a conference room, auditorium, or cafeteria where your "Living Books" are available for checkout. Living Books are people you have recruited for this event who have experiences of interest to your audience. Visitors to your library could check out the human books for 15 minutes at a time to speak informally and ask them questions about their experiences or how to address a particular problem.
The librarian is the person who organizes the Human Library event. The librarian recruits and interviews book candidates, then prepares a short description of the books for readers. The librarian may also provide readers with questions to get the conversations started.
The experiences that might increase security awareness in living books include:
- Victim of identity theft
- Computer gaming addict - "IRL - In Real Life" is an excellent, short documentary about the effects of World of Warcraft addiction, produced as part of a 3rd Year Film Production project at the University of the Creative Arts.
- Computer Incident Response Team member
- Penetration tester
- Social engineer
- Digital forensics expert
- Ethical hacker
- Help Desk staff member
- Biometric expert
- Reformed cyber bully
- Someone who lost their job as a result of something posted on the Internet
- Information System Security Officer
- Senior executive responsible for security policy
- Privacy expert
- Electronic Frontier Foundation member
- Information security blogger
- HIPAA expert
- Malware researcher
- Computer programmer
Living Books should be volunteers that are recruited with care to ensure that they are committed and are willing to talk with strangers about important and sometimes very personal issues. Recruit titles that can be linked with current events locally. For example, if a recent data breach resulted in compromised information, look for someone whose identity was stolen as a result.
Interview book candidates to ensure the quality of books. Ask the book about their title and motivation to be a book. This is to ensure that books are focused on supporting awareness.
Readers can check out a book for 15 minutes, and can extend that time if no one else is waiting to check out that book. Books can check out other books if no one is waiting.
There are no stupid questions. A reader can safely ask any question without fear of ridicule. A Human Library provides an opportunity to ask the information security questions you always wanted to ask, but were afraid that asking would make you appear naïve.
Idea: For security professionals who volunteer to be Living Books, perhaps there could be continuing education credits (for example, a CISSP might be able to apply the time toward the CISSP CPE credit requirement).
The best sellers are defined as the books that have the most requests for loans.
Ask books, readers, and librarians for their comments on their Human Library experience.
Ask the books if they would be a book again.
Ask if people felt that they benefited from the event.
Ask the books if they learned anything from the readers.
Share Your Thoughts
What books would you want to read?
What questions would you want to ask a Living Book?
Let us know - and we'll add your ideas to this article!