Lunch and discussion begin at 12:30 pm. No RSVP required from current Princeton faculty, staff, and students. Open to members of the public by invitation only. Please contact Jean Butcher at if you are interested in attending a particular lunch.

This talk is about ‘Security Awareness’, the buzzword that is being used to describe anything that prevents a human agent from engendering information security risk. All manners of institutions, governments, private corporations, and non-profits, are worried that no technical security solution is proof against a single human error. A single click can render everything, information, systems, and people, exposed. On the one hand there is a growing pessimism, is it possible to even measure let alone reduce the ‘human’ security risk? Simultaneously, the security awareness industry is increasing in size every year, with more companies on the market with ever more complex solutions to the ‘end-user’ problem.

Is the investment in security awareness worth it? This talk attempts to provide an answer. It draws from both academic literature and practitioner stories to provide an exhaustive picture of security awareness, why it is needed, where it fails, and what works.

Bio:

Vaibhav Garg is a Visiting Research Collaborator at CITP, the editor in chief of ACM Computers & Society, and a Director of Information Security at Visa Inc. His research lies at the intersection of information security, human behavior, and policy. The goal of his research is to understand how individuals assimilate security information, why they demonstrate specific security behaviors, and what is the impact on both organizational and public policy. He is currently working on a book on security awareness. Vaibhav holds a PhD in Security Informatics from Indiana University, Bloomington.