IDC Amsterdam 2013 09 12 Smart Security Solutions require Ditto Designs


Published on

How we exclude people from information security (design) which takes away the overwhelmingly biggest threat-AND-vulnerability; how we need to ditch the top-down compliance approach, and how to do security bottom-up. KISS.

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

IDC Amsterdam 2013 09 12 Smart Security Solutions require Ditto Designs

  1. 1. Street Smart Solutions require Ditto Design Achter de kudde of Vóórdat het misgaat Jurgen van der Vlugt Amsterdam, 12 september 2013
  2. 2. Introductie • Jurgen = Ir.drs. J. van der Vlugt RE CISA CRISC • ISSA, president NL chapter, member Ethics Committee • ISACA, NL board for Roundtables • Supranationale organisatie, IT-audit • Maverisk Consultancy, IS Audit and Advisory services • KPMG, ABN AMRO, host of others • ERM/ORM, (IS) Audit, (Info)Security • Yup: WIP, gaarne ‘vragen’
  3. 3. Agenda • Massa • -loos • … is dom • Reacties • Vangrails • Simpel maar hard • Be Prepared
  4. 4. De massa
  5. 5. Massa-loos: People-less Process & Technology
  6. 6. Resultaat: … is dom
  7. 7. (FUD)
  8. 8. In short, you can screw up with impuny as long as you screw up like everybody else. (David Putnam in Seth Godin, The Icarus Deception, p.203)
  9. 9. Reacties
  10. 10. Eigen Groep Eerst
  11. 11. Respons
  12. 12. Range
  13. 13. Radicalen • (Extremistisch- bureaucratischen) • Defectors (afvalligen) • ALTIJD • Horen erbij! • Houden de boel fris!
  14. 14. Vrijheid door vangrails Aristotle might say that we need rules to protect us from disaster. But at the same time, rules without wisdom are blind and at best guarantee mediocrity – forcing wise practitioners to become outlaws, rule-breakers pursuing a kind of guerrilla war to achieve excellence. Weick found that the longer the checklists for the wildland firefighters became, the more improvisation was shut down. Rules are aids, allies, guides, and checks. But too much reliance on rules can squeeze out the judgement that is necessary to do our work well. ... Better to minimize the number of rules, give up trying to cover every particular circumstance, and instead do more training to encourage skill and practical reasoning and intuition. (Schwartz and Scharpe, Practical Wisdom)
  15. 15. Vangrails: Simpel maar hard Be Prepared
  16. 16. De juiste druk; effectief design • Doorzie het dilemma • Zie de druk van allevier de kringen • Alles op de juiste maat • Stimuleer samenwerking • Pakkans ~ straf • Kies algemene, reactieve (?) • Pas op concentratie-Points of Failure • Alles transparant
  17. 17. Pt > Dt + Rt (Pt > 0) E = Dt + Rt (Pt = 0) → Zero-day exploits, or any unknown vectors
  18. 18. Agenda • Massa • -loos • … is dom • Reacties • Vangrails • Simpel maar hard • Be Prepared
  19. 19. Hoop dat het ritje beviel.Hoop dat het ritje beviel. Dat was alles. Dank U.Dat was alles. Dank U.
  20. 20. Dank u
  21. 21. • Jurgen van der Vlugt • • LinkedIn • Twitter @jvdvlugt • (G+, etc.etc.) Contactdetails Dogma: The problem starts at the secondary level, not with the originator or the developer of the idea but with the people who are attracted by it, who cling to it until their last nail breaks, and who invariably lack the overview, flexibility, imagination, and, most importantly, sense of humor, to maintain it in the spirit in which it was hatched. Ideas are made by masters, dogma by disciples, and the Buddha is always killed on the road. (Tom Robbins, Still Life with Woodpecker, 1984)
  22. 22. Leesvoer
  23. 23. How to Stop