23 de febrero 2006 Infosecurity Iberia 2006 1
Beyond
Awareness
22 de Marzo de 2006 Infosecurity Iberia 2006 3
Awareness
22 de Marzo de 2006 Infosecurity Iberia 2006 4
•Best Practices.
•Compliance with Policies.
•Risks.
•Teach to
•Know and Und...
22 de Marzo de 2006 Infosecurity Iberia 2006 5
•Teach
•Convince.
•Motivate.
Awareness
22 de Marzo de 2006 Infosecurity Iberia 2006 6
Threats
22 de Marzo de 2006 Infosecurity Iberia 2006 7
•Fraud.
•Scams.
•Corruption.
•Blakmail.
Human Threats
22 de Marzo de 2006 Infosecurity Iberia 2006 8
•Tailgating.
•Uncontrolled visitors.
•Mail or phone information requests.
•...
22 de Marzo de 2006 Infosecurity Iberia 2006 9
•The user must reach were systems can’t
•Hoax, Spam, Virus, Phising, Spywar...
22 de Marzo de 2006 Infosecurity Iberia 2006 10
Errors
22 de Marzo de 2006 Infosecurity Iberia 2006 11
Errors
22 de Marzo de 2006 Infosecurity Iberia 2006 12
Errores
180
22 de Marzo de 2006 Infosecurity Iberia 2006 13
•A automatic signal for doors open was requested, but not
granted.
•The pe...
22 de Marzo de 2006 Infosecurity Iberia 2006 14
•Who was guilty for the sinking?
•NONE OF THE ABOVE.
•THE MANAGERS who put...
22 de Marzo de 2006 Infosecurity Iberia 2006 15
Irrationality
22 de Marzo de 2006 Infosecurity Iberia 2006 16
•Honesty.
•Loyalty.
•Professional attitude.
•Healthy skepticism.
Actitud
22 de Marzo de 2006 Infosecurity Iberia 2006 17
Irracionalidad
•Lottery.
•Milgram and Asch experiments:
•Respect to Author...
22 de Marzo de 2006 Infosecurity Iberia 2006 18
Information
22 de Marzo de 2006 Infosecurity Iberia 2006 19
• “When I hear, I forget, when I see, I
remember, when I do, I learn” Conf...
22 de Marzo de 2006 Infosecurity Iberia 2006 20
•Communication Media.
•Posters.
•Mails.
•Meetings.
•Etc.
Informa
22 de Marzo de 2006 Infosecurity Iberia 2006 21
Tuition
22 de Marzo de 2006 Infosecurity Iberia 2006 22
Tuition
22 de Marzo de 2006 Infosecurity Iberia 2006 23
Tuition
22 de Marzo de 2006 Infosecurity Iberia 2006 24
•Check the message reached the other end.
•Exams.
•Surveys.
•Results.
Tuit...
22 de Marzo de 2006 Infosecurity Iberia 2006 25
Motivation
22 de Marzo de 2006 Infosecurity Iberia 2006 26
•Unpleasant actions: They are better
performed without a reward or with a ...
22 de Marzo de 2006 Infosecurity Iberia 2006 27
•They are more effective the more likely they
are, not the more severe the...
22 de Marzo de 2006 Infosecurity Iberia 2006 28
•It is far more likely someone will do
something if it is felt as his or h...
22 de Marzo de 2006 Infosecurity Iberia 2006 29
Responsibility
22 de Marzo de 2006 Infosecurity Iberia 2006 30
Responsibility
22 de Marzo de 2006 Infosecurity Iberia 2006 31
•Understand responsibilities distribution.
•Assum your own responsibility....
22 de Marzo de 2006 Infosecurity Iberia 2006 32
•Transparency.
•Partitioning.
•Separation.
•Rotation.
•Supervision.
Respon...
22 de Marzo de 2006 Infosecurity Iberia 2006 33
Measurement
22 de Marzo de 2006 Infosecurity Iberia 2006 34
•Information – Activity.
•Tuition – Surveys.
•Trust – (No se puede)
•Behav...
22 de Marzo de 2006 Infosecurity Iberia 2006 35
•Inform.
•Teach.
•Motivate.
•Manage.
•TPSRSR.
Summary
Information Security that makes Business
Sense
inovement.es/oism3
Web www.inovement.es
Video Blog youtube.com/user/vaceitu...
22 de Marzo de 2006 Infosecurity Iberia 2006 37
THANKS
Upcoming SlideShare
Loading in …5
×

Information Security Awareness

5,198 views
5,113 views

Published on

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
5,198
On SlideShare
0
From Embeds
0
Number of Embeds
3,832
Actions
Shares
0
Downloads
28
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • CABEZON
  • Classic approach
  • El phising es una estafa en dos fases, primero se suplanta al banco, luego se suplanta al cliente.
  • El phising es una estafa en dos fases, primero se suplanta al banco, luego se suplanta al cliente.
  • “ The Herald of Free Enterprise”
  • ¿WHO WAS GUILTY FOR THE SINKING?
  • ¿WHO WAS GUILTY FOR THE SINKING?
  • Empleado, No es medible sólo se puede basar en la experiencia -> Evitar rotación
  • Empleado, No es medible sólo se puede basar en la experiencia -> Evitar rotación
  • Check wikipedia for milgram experiment, asch experiment, kitty genovese case
  • Ejemplo "pon contraseñas que nadie que te conozca adivinaría“
  • Information Security Awareness

    1. 1. 23 de febrero 2006 Infosecurity Iberia 2006 1 Beyond Awareness
    2. 2. 22 de Marzo de 2006 Infosecurity Iberia 2006 3 Awareness
    3. 3. 22 de Marzo de 2006 Infosecurity Iberia 2006 4 •Best Practices. •Compliance with Policies. •Risks. •Teach to •Know and Understand. Awareness
    4. 4. 22 de Marzo de 2006 Infosecurity Iberia 2006 5 •Teach •Convince. •Motivate. Awareness
    5. 5. 22 de Marzo de 2006 Infosecurity Iberia 2006 6 Threats
    6. 6. 22 de Marzo de 2006 Infosecurity Iberia 2006 7 •Fraud. •Scams. •Corruption. •Blakmail. Human Threats
    7. 7. 22 de Marzo de 2006 Infosecurity Iberia 2006 8 •Tailgating. •Uncontrolled visitors. •Mail or phone information requests. •Forgotten doc in Printers, Fax, etc. •Trust in uniforms. Human Threats
    8. 8. 22 de Marzo de 2006 Infosecurity Iberia 2006 9 •The user must reach were systems can’t •Hoax, Spam, Virus, Phising, Spyware. •Backup copies. •Authentication Sharing. •Undeleted discarded information. •...but systems should help. Amenazas Técnicas
    9. 9. 22 de Marzo de 2006 Infosecurity Iberia 2006 10 Errors
    10. 10. 22 de Marzo de 2006 Infosecurity Iberia 2006 11 Errors
    11. 11. 22 de Marzo de 2006 Infosecurity Iberia 2006 12 Errores 180
    12. 12. 22 de Marzo de 2006 Infosecurity Iberia 2006 13 •A automatic signal for doors open was requested, but not granted. •The person who had to close the doors was sleeping. •The official who had to check the doors couldn’t do it, they were short of personnel and was busy doing something else. •The boat was designed for a different route, so the ramp was too high. For this reason it was ballasted, and the ballast wasn’t drained because they were short of time. •As they were short of time, the captain started full throttel, which caused the wave the sink the boat. Errores
    13. 13. 22 de Marzo de 2006 Infosecurity Iberia 2006 14 •Who was guilty for the sinking? •NONE OF THE ABOVE. •THE MANAGERS who put the crew in a position were human error was possible and likely,. Errores
    14. 14. 22 de Marzo de 2006 Infosecurity Iberia 2006 15 Irrationality
    15. 15. 22 de Marzo de 2006 Infosecurity Iberia 2006 16 •Honesty. •Loyalty. •Professional attitude. •Healthy skepticism. Actitud
    16. 16. 22 de Marzo de 2006 Infosecurity Iberia 2006 17 Irracionalidad •Lottery. •Milgram and Asch experiments: •Respect to Authority. •Uncontested Obedience. •Response to group pressure. •Uniforms. •Conformism. •Kitty Genovese case. •You are more likely to stick to your deciosions if you make them public.
    17. 17. 22 de Marzo de 2006 Infosecurity Iberia 2006 18 Information
    18. 18. 22 de Marzo de 2006 Infosecurity Iberia 2006 19 • “When I hear, I forget, when I see, I remember, when I do, I learn” Confucius (551-479 BC) •Positive messages are remembered better than negative ones. •Two frequent errors : •Too much information. •Information too technical. Inform
    19. 19. 22 de Marzo de 2006 Infosecurity Iberia 2006 20 •Communication Media. •Posters. •Mails. •Meetings. •Etc. Informa
    20. 20. 22 de Marzo de 2006 Infosecurity Iberia 2006 21 Tuition
    21. 21. 22 de Marzo de 2006 Infosecurity Iberia 2006 22 Tuition
    22. 22. 22 de Marzo de 2006 Infosecurity Iberia 2006 23 Tuition
    23. 23. 22 de Marzo de 2006 Infosecurity Iberia 2006 24 •Check the message reached the other end. •Exams. •Surveys. •Results. Tuition
    24. 24. 22 de Marzo de 2006 Infosecurity Iberia 2006 25 Motivation
    25. 25. 22 de Marzo de 2006 Infosecurity Iberia 2006 26 •Unpleasant actions: They are better performed without a reward or with a small one. •Pleasan actions: Motivation is lost if they are rewarded. •Rewards: •Material ones. •Acknowledgement for your peers. Motivation - Rewards
    26. 26. 22 de Marzo de 2006 Infosecurity Iberia 2006 27 •They are more effective the more likely they are, not the more severe they are. •Punishments: •Material. •Losing face. Motivación - Pusnihment
    27. 27. 22 de Marzo de 2006 Infosecurity Iberia 2006 28 •It is far more likely someone will do something if it is felt as his or her own will. •It is more likely an action will be taken if we believe in it. •To persuade is more difficult than reward or punish, but far for difficult. Motivación - Persuasion
    28. 28. 22 de Marzo de 2006 Infosecurity Iberia 2006 29 Responsibility
    29. 29. 22 de Marzo de 2006 Infosecurity Iberia 2006 30 Responsibility
    30. 30. 22 de Marzo de 2006 Infosecurity Iberia 2006 31 •Understand responsibilities distribution. •Assum your own responsibility. •Stablish barriers for information gathering and collusion. Responsibility
    31. 31. 22 de Marzo de 2006 Infosecurity Iberia 2006 32 •Transparency. •Partitioning. •Separation. •Rotation. •Supervision. Responsibility
    32. 32. 22 de Marzo de 2006 Infosecurity Iberia 2006 33 Measurement
    33. 33. 22 de Marzo de 2006 Infosecurity Iberia 2006 34 •Information – Activity. •Tuition – Surveys. •Trust – (No se puede) •Behaviour – Trials, practice. Medición
    34. 34. 22 de Marzo de 2006 Infosecurity Iberia 2006 35 •Inform. •Teach. •Motivate. •Manage. •TPSRSR. Summary
    35. 35. Information Security that makes Business Sense inovement.es/oism3 Web www.inovement.es Video Blog youtube.com/user/vaceituno Blog ism3.com Twitter twitter.com/vaceituno Presentations slideshare.net/vaceituno/presentations Articles slideshare.net/vaceituno/documents
    36. 36. 22 de Marzo de 2006 Infosecurity Iberia 2006 37 THANKS

    ×