Awareness training was yesterday – awareness culture is today
This is how the message of the six speakers at the ISACA/IIS symposium 2025 on 21 January 2025 on the topic ‘The Human Factor in Information Security’ can be summarised.
‘Culture is how we do things,’ said Carolin Schneider, getting right to the heart of the matter. Milena Thalmann illustrated how people use their own well-trodden paths for the “how” and leave the safe paths behind. Stefan Rothenbühler provided a practical reality check of the dangers lurking on these paths and how people can operate on them, while Katja Dörlemann took a holistic approach. Lia Fey showed approaches to getting people to leave their beaten tracks and walk on the safe paths. Communication that takes into account the diversity of people is the key to motivation. Tim Geppert has researched the fact that awareness culture can not only be created but also measured. His research spans the arc from the recording of human behaviour in information security to practical application.
Florian Deumeland moderated the symposium for the second time. The concluding discussion once again delved into the topics of the day and made it clear that a security culture is the basis for ‘The Human Factor in Information Security’ and that this is independent of AI and technology.
Group picture with Florian Deumeland, Tim Geppert, Katja Dörlemann, Carolin Schneier,
Stefan Rothenbühler, Milena Thalmann (from left to right) and Lia Fey (on screen, remote)
Panel discussion chaired by Florian Deumeland