When it comes to cyber security, human-centric design can be used to create controls and processes that are more effective and easier to use for employees which in turn, increases education and awareness. Human-centric design involves understanding the behavior of the users who will be interacting with the controls and processes. By studying how employees interact with technology and identifying pain points and challenges, organizations can design more effective controls and processes that are easier to use and more likely to be followed.

For this session we are joined by Saleshni Sharma, Director, Regional Information Security Officer at Berkley Insurance. According to Saleshni, information security is closely related to risk appetite. The main role of any information security professional is to communicate risks effectively, whether it be business related, technology or personnel. “If we do this successfully 80% of the difficult part of our job is done”. Saleshni enjoys working in a high-performance and highly collaborative environment and with that in mind, our session will discuss: 

• Fostering a culture of cyber security that extends beyond the internal IT department. This includes training employees on cyber security best practices, establishing clear policies and procedures, and promoting cyber security awareness throughout the organization.
• Training and awareness: Human-centric design can also be used to design more effective training and awareness programs. By understanding how employees learn and retain information, organizations can design training programs that are more engaging and effective. This can help to increase employee knowledge and awareness of cyber security risks and best practices.
• Understanding user behaviour by providing context and feedback to help employees better understand the importance of cyber security controls and processes
• Simplifying processes to make them more intuitive and user-friendly which can help to reduce errors and increase compliance.