I’ve noticed an uptick in online discussions about information security and privacy awareness ideas. I don’t know what provoked the increased buzz, but I’m happy to see it, and more sincere consideration of actually doing activities to truly raise awareness.
I’ve been providing awareness communications and activities to organizations for twenty-five years, and have written a couple of books on the topic, and one of the most effective, and fun for participants, awareness raising activities is showing a movie that includes information security and or privacy concepts, and then having a discussion afterwards about those concepts and how they can apply not only at work, but also at home.
Many movies, including popular box office hits and television programs, contain story lines and details that you will find helpful for your information security and privacy education efforts. Some may work well within an organization, while others may not be at all suitable for your business environment.
For example, explicit language and visuals may be present in some of these and not appropriate for certain business environments. Also, some of these movies were widely panned by security critics as not representing reality well at all. In such cases it is a great awareness tool to view such a movie with your target audience and analyze what information is good, and what information would not be feasible in the real world. Just use care and caution when considering which films to show.
There are so many movies to choose from! I provide an entire section in my book listing them. I don’t have a favorite, though; I like many of them. And some, such as Blackhat (2015), Wreck-It Ralph (2012), I, Robot (2004), The Net (1995), Sneakers (1992), and WarGames (1983) are often pointed to as good movies to show for information security awareness. And sure, they are. But let’s go beyond the most obvious. Here are a few others, possibly not as widely known, that I’ve used for awareness events that have resulted in great discussion of the associated concepts afterwards by those in attendance.
- For Privacy: The Final Cut (2004) with Robin Williams. This is a movie about how memory implants have become de rigueur for every person. They will record every moment of every person’s life. And at the end of life, special morticians called “cutters” will then edit the histories of people before they show the memories of the deceased to their survivors at the funeral. This film considers the consequences of learning dark, horrible activities that the deceased participated in, and also shows how a significant portion of the population protests the use of the memory implants and go to great lengths to try and surgically bypass them. Particularly interesting discussions can be had with this movie about privacy and ethics, especially now considering all the Right to Be Forgotten discussions that are occurring and laws being implemented throughout the world.
- For Computer Security: The Billion Dollar Bubble (1978) with James Woods. This tells the tale of how changes to computer code covered up a $200 million fraud, and is based on the true story of the Equity Funding Corporation of America fraud. The concepts and lessons are still as applicable today as they were over fifty years ago. I’ve used this movie to point out all the areas where basic security controls were lacking, and where there were not enough checks and balances (e.g., logging, separation of duties, etc.) to catch the fraud from the beginning. This is an especially great movie to show to your IT, Information Security and Internal Audit departments.
- For the Internet of Things Security, Privacy and Safety: The Brave Little Toaster (1987) and The Brave Little Toaster to the Rescue (1997). Yes, these are animated, but don’t let that stop you. These movies are about how electric appliances work together to defeat evil situations. They talk about computer security concepts throughout the entire movies. Backups? You’d be silly not to make them! Viruses? They’re everywhere! And they also show sharing code with each other, and using the commands from one appliance to another. Hmm. Cortana, can you tell Alexa to tell Nest to open the door when the drone gets here to deliver our groceries? Yep; the concepts are almost more relevant today than 28 years ago. I showed them to a small group of developers and systems engineers a couple of years ago, and I had to keep pausing throughout because they would say things like, “Hey; wait a minute. We could create devices to do that! Consider if…” and then they would brainstorm on how to make the devices communicate to each other, to autonomously take actions, and then consider the associated security and privacy risks they’d need to mitigate.
Clearly one or more of these movies will not work in some organizations. However, in others they will be a raging success, and will give information security and privacy practitioners a chance to discuss important concepts in a fun and interactive activity. Use your common sense, go forth, succeed, “live long and prosper”!
This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.
Tags: Dell, Information Security, IT compliance, policies and procedures, power more, privacy, privacy professor, privacyprof, risk management, security awareness, security training Rebecca Herold, toprank