Rounds & Stops - A Security Awareness Tool

FISSEA Conference: 2018 Contest

Each year, the Federal Information System Security Educators' Association (FISSEA) sponsors a conference and a contest for security awareness and training materials. 2018 is the 31^st annual conference. This year's theme is "Hardening the Human: The Power of Cybersecurity Awareness and Training." The two-day conference is held at the National Institute of Standards and Technology (NIST) in Gaithersburg, Maryland.

Contest entrants can show off their work in six categories, including security awareness posters and videos, newsletters, web sites, training scenarios, and motivational items. Here's our contest entry for 2018 Motivational Item.  (Update: March 14, 2018 - FISSEA chose the Rounds and Stops as the winner.)

A Security Awareness Tool for Personal Connection

Most security awareness materials are designed to reach as many people as possible – inspirational videos, compelling phishing training, or clever posters and banners.   But what is lacking is a personal connection – something that makes the individual feel that their personal behavior is being noticed (for better or for worse).  By transforming security awareness materials from mass marketing to personalized recognition, security educators are empowered to more convincingly change behavior while invoking a sense of involvement and recognition on the part of their audience.

This innovation provides security practitioners with a new and exciting tool to reach staff by “catching them doing something right” with a “round” of applause. Use the "stop signals" to offer specific feedback that is more likely to result in a friendly, but memorable, event that will help avoid risky security behavior in the future.

As you make your security rounds, conduct random walk-throughs and security tests and give out these two-sided security tokens (Rounds of Applause and Stop Signals) for specific security-related behaviors. One side identifies the behavior and the other side is the applause or stop sign.

Give Rounds of Applause for behaviors you want to encourage.  Let people exchange Rounds for fabulous prizes.  Likewise, Stop Signals that are turned in with ideas for how to prevent similar problems can also be exchanged for fabulous prizes.

For tests, try tailgating – or tell someone that you forgot your access/PIV/CAC card and ask that person to let you into a secure area. Or ask for sensitive information or their password (so you can fix a problem).  Remember, better you than an outsider.  Look for unattended devices, sensitive documents in the trash or in conference rooms after meeting, unattended logged-in computers, and passwords in plain sight.  Look for good behaviors as well – logged-off computers, clean desktops, people challenging strangers.

Security Rounds and Stops are made of varnished maple. They are 1.8 inches in diameter and 1/8 inch thick. We designed these in Adobe Illustrator and cut them on a 60-watt laser.

Rounds of Applause

We had help from Amira Armond of Kieri Solutions, LLC, G. Mark Hardy of National Security Corporation, Niomi Rosenberg, of Nomi Designs, LLC, and Bryan Walthall with feedback on the design for these motivational items.

Stop Signals

A Winning History

We've won the FISSEA motivational item contest:

• 2018 for security rounds and stops
• 2017 for security awareness coffee stirs
• 2016 with security awareness cupcake toppers (to get the party started)
• 2007 for security awareness calendars (Ask us for 2018 calendars, we make them available free on request every year)
• 2006 for security awareness memo pads
• 2005 for security awareness fortune cookies