Introduction

Please note that this first version of the English manual was created with machine translation from the Dutch version. (on September 10, 2024)

The Canvas Method for Information Security is a workshop-based approach through which teams learn to recognize and address information security risks in their work and work environment. This is important because 80% of data breaches can be traced back to human actions.

In a structured dialogue, concerns and perceived risks are explicitly identified, and risk-reducing measures are recognized and made measurable. Teams become aware of their own responsibility for information security and privacy, and develop ownership.

The result is a significantly increased risk awareness among employees and the internalization of policies within business processes.

The Canvas Method implements a PDCA cycle for the continuous improvement of information security and privacy, thus fulfilling an important part of NIS 2, GDPR, and ISO 27001. The Canvas Method easily integrates with existing management systems within the organization.

Here's a short video highlighting the use of the Canvases in the domain of information security.

Website: https://canvasmethod.org

Contributions

Like all materials, this guide for the Canvas Method is published under Creative Commons (CC BY-SA 4.0). Contributions and suggestions for improvement are encouraged! You can do this via GitHub or by sending an email to richard@thinkingsecurity.works.