SlideShare a Scribd company logo

Carrot stick-consequences-app secdc-2010

Download as KEY, PDF
O
orcus666

"The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thoughts on Security Reform" Presentation by Benjamin Tomhave at OWASP 2010 AppSec DC Cofnerence. Uploading here for non-mac users. (http://www.owasp.org/index.php/The_Unintended_Consequences_of_Beating_Users_with_Carrot_Sticks:_Radical_Thoughts_on_Security_Reform)

TechnologyBusiness
1 of 57
The Unintended Consequences of Beating Users with Carrot Sticks Radical Thoughts on Security Reform Benjamin Tomhave, MS, CISSP 11/11/10 - AppSecDC 2010
The Falcon’s View http://www.secureconsulting.net/ @falconsview
Quick Definitions & Background
• Positive • Encouraging • Motivating
• Indemnification • Reduced premiums • Praise / Celebration • Bribe vs Reward
• Negative • Punishing • (de?)Motivating
• Regulations • HIPAA and PKI • PKI in general • Some security programs
Consequences (Intended / Unintended)
Impact • Positive • Negative • Neutral
Story: Airline Seatbelts • Seatbelts on taxi... • Seatbelts in the air... • Consequences?
Uncertainty • Not talking Heisenberg... • In infosec... measured much lately? • How well do we know ourselves?
Peltzman Effect
! Decision
Uncertainty Applies! :( ? ! Action :| Decision ! :) Consequence Impact
Unintended Consequences • Fines vs Safe Harbor • Mindlessly strict policies • Ubiquitous encryption • Humiliation vs Enablement
Sidebar: Education, NCLB, & Enablement • Enablement culture • Training vs Education • How do you measure teacher performance?
"Careful. We don't want to learn from this." -Bill Watterson
Psychology & The Human Paradox Gap
What’s the Problem? • Does society as a whole "get it"? • How about your entire organization? • How about everyone in this room?
Sidebar: FishNet Report • Decision-makers say top spend priorities are firewalls, AV, authN, and anti-malware. • Same people say top threats are mobile computing, social networks, and cloud. h/t: http://1raindrop.typepad.com/1_raindrop/2010/10/reconcile-this.html
Sidebar: FishNet Report • Decision-makers say top spend priorities are firewalls, AV, authN, and anti-malware. WTF?!?!? • Same people say top threats are mobile computing, social networks, and cloud. h/t: http://1raindrop.typepad.com/1_raindrop/2010/10/reconcile-this.html
On... BIAS
On... BIAS "If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way.” --Bertrand Russell
On... BIAS "Facts are meaningless. You could use facts to prove anything that's even remotely true!" --Homer Simpson
*The Human Paradox Gap Image Source: http://www.theninjacamp.com/lifestyle/lifestyle.html *HPG: Credited to Michael Santarcangelo www.securitycatalyst.com/learn
Uncertainty Applies! :( ? ! Action :| Decision ! :) Consequence HPG: Distance Impact between Action & Impact.
More on HPG... • Tew: “The key to success is massive failure.” • In engineering, failure teaches lessons! • If there’s no connection between action and impact, then what’s the motivation for change?
Recent Research
From IEEE Computer... • Social pressure is useful • Intent to comply is vital • Sanctions better than rewards By Mikko Siponen , Seppo Pahnila , M. Adam Mahmood Issue Date: February 2010, pp. 64-71
Additional Thoughts... • Ultimately about narrowing HPG • Visibility, ease of compliance key • Rewards overused, depreciated?
From Click-It or Ticket... • Seat belt use increased over time • Increased perception of enforcement • Favorable attitudes Source: Lance Spitzner, http://www.securingthehuman.org/blog/ticket-or-click-it/
Some Thoughts... • HPG was narrowed • Correlated vs Causal • What about generational changes? • What about other programs?
On... STATISTICS
On... STATISTICS "Do not put your faith in what statistics say until you have carefully considered what they do not say." --William W. Watt
On... STATISTICS "There are three kinds of lies: lies, damned lies and statistics." --Leonard H. Courtney (misattributed by Samuel Clemens to Disraeli)
On... FRAMING
On... FRAMING "The greatest challenge to any thinker is stating the problem in a way that will allow a solution." --Bertrand Russell
On... FRAMING "Living in a vacuum sucks." --Adrienne E. Gusoff
Key Topics
Policies • Not all policies are equal! • “Best” practices? • What about process? • What’s the objective?
Awareness Training • “Best” practices? • Closing the HPG? • Just annually? • Measuring success?
Survivability & Sustainability • Engineer for • Optimize for resilience growth! • Expect failures • Green -> Blue
Sidebar: Survivability • Hoff’s 3 Rs: • Resistance • Recognition • Recovery • Defensibility & Recoverability • Civilization: West vs. East
Integrated Security Practices • Build security in... • Add to job descriptions... • Part of performance... • Do you really need a dedicated security team?
Risk Management + Threat Modeling • Evidence-based & quantitative risk • Threat modeling w/ scenarios • Business processes!
On... APPROACHES
On... APPROACHES "Tradition is what you resort to when you don't have the time or the money to do it right." --Kurt Herbert Alder
R Y M A Success Strategies U M S
1. Narrow the HPG
2. Model Success
3. Culture Change
4. Sensible & Automatic
5. More Carrots
6. Build Security In
7. Go Blue: Sustainability
END. Ben Tomhave @falconsview btomhave@geminisecurity.com http://www.secureconsulting.net/

Recommended

Marcus Ranum on Bad Idea Zombies
Marcus Ranum on Bad Idea Zombies Marcus Ranum on Bad Idea Zombies
Marcus Ranum on Bad Idea Zombies
David Strom
 
Brighttalk outage insurance- what you need to know - final
Brighttalk outage insurance- what you need to know - finalBrighttalk outage insurance- what you need to know - final
Brighttalk outage insurance- what you need to know - finalAndrew White
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Sandra (Sandy) Dunn
 
GrrCON 2018: Stop boiling the ocean!
GrrCON 2018: Stop boiling the ocean!GrrCON 2018: Stop boiling the ocean!
GrrCON 2018: Stop boiling the ocean!
Joel Cardella
 
How Four Cognitive Biases Deceive Analysts and Destroy Actionability
How Four Cognitive Biases Deceive Analysts and Destroy ActionabilityHow Four Cognitive Biases Deceive Analysts and Destroy Actionability
How Four Cognitive Biases Deceive Analysts and Destroy Actionability
Eric Garland
 
Big Data Berlin – Automating Decisions is the Next Frontier for Big Data
Big Data Berlin – Automating Decisions is the Next Frontier for Big DataBig Data Berlin – Automating Decisions is the Next Frontier for Big Data
Big Data Berlin – Automating Decisions is the Next Frontier for Big Data
Lars Trieloff
 
Lsc session
Lsc sessionLsc session
Lsc sessionJim "Brodie" Brazell
 
How to Spot and Cope with Emerging Transitions in Complex Systems for Organiz...
How to Spot and Cope with Emerging Transitions in Complex Systems for Organiz...How to Spot and Cope with Emerging Transitions in Complex Systems for Organiz...
How to Spot and Cope with Emerging Transitions in Complex Systems for Organiz...
Eric Garland
 

Recommended

Marcus Ranum on Bad Idea Zombies
Marcus Ranum on Bad Idea Zombies Marcus Ranum on Bad Idea Zombies
Marcus Ranum on Bad Idea Zombies
David Strom
 
Brighttalk outage insurance- what you need to know - final
Brighttalk outage insurance- what you need to know - finalBrighttalk outage insurance- what you need to know - final
Brighttalk outage insurance- what you need to know - finalAndrew White
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Sandra (Sandy) Dunn
 
GrrCON 2018: Stop boiling the ocean!
GrrCON 2018: Stop boiling the ocean!GrrCON 2018: Stop boiling the ocean!
GrrCON 2018: Stop boiling the ocean!
Joel Cardella
 
How Four Cognitive Biases Deceive Analysts and Destroy Actionability
How Four Cognitive Biases Deceive Analysts and Destroy ActionabilityHow Four Cognitive Biases Deceive Analysts and Destroy Actionability
How Four Cognitive Biases Deceive Analysts and Destroy Actionability
Eric Garland
 
Big Data Berlin – Automating Decisions is the Next Frontier for Big Data
Big Data Berlin – Automating Decisions is the Next Frontier for Big DataBig Data Berlin – Automating Decisions is the Next Frontier for Big Data
Big Data Berlin – Automating Decisions is the Next Frontier for Big Data
Lars Trieloff
 
Lsc session
Lsc sessionLsc session
Lsc sessionJim "Brodie" Brazell
 
How to Spot and Cope with Emerging Transitions in Complex Systems for Organiz...
How to Spot and Cope with Emerging Transitions in Complex Systems for Organiz...How to Spot and Cope with Emerging Transitions in Complex Systems for Organiz...
How to Spot and Cope with Emerging Transitions in Complex Systems for Organiz...
Eric Garland
 
Massive Failure: What Disasters Can Teach Us About Experience Design
Massive Failure: What Disasters Can Teach Us About Experience DesignMassive Failure: What Disasters Can Teach Us About Experience Design
Massive Failure: What Disasters Can Teach Us About Experience Design
gsmith
 
Social Information Architecture
Social Information ArchitectureSocial Information Architecture
Social Information Architecture
gsmith
 
Business Reasons for Predictive Applications
Business Reasons for Predictive ApplicationsBusiness Reasons for Predictive Applications
Business Reasons for Predictive Applications
Lars Trieloff
 
Designing with a biased mind
Designing with a biased mindDesigning with a biased mind
Designing with a biased mind
Nitin Ramrakhyani
 
Decision-Taking
Decision-TakingDecision-Taking
Decision-Taking
Manage Train Learn
 
Evolving it security Threats and Solutions
Evolving it security Threats and SolutionsEvolving it security Threats and Solutions
Evolving it security Threats and Solutions
University of Hertfordshire
 
I got 99 problems but tech aint one
I got 99 problems but tech aint oneI got 99 problems but tech aint one
I got 99 problems but tech aint one
Nirmal Mehta
 
Data Natives 2015: Predictive Applications are Going to Steal Your Job: this ...
Data Natives 2015: Predictive Applications are Going to Steal Your Job: this ...Data Natives 2015: Predictive Applications are Going to Steal Your Job: this ...
Data Natives 2015: Predictive Applications are Going to Steal Your Job: this ...
Lars Trieloff
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to Compliance
Evan Francen
 
How to get value out of data
How to get value out of dataHow to get value out of data
How to get value out of dataLars Trieloff
 
Security Operations as a Video Game (Bsides Vancouver 2019)
Security Operations as a Video Game (Bsides Vancouver 2019)Security Operations as a Video Game (Bsides Vancouver 2019)
Security Operations as a Video Game (Bsides Vancouver 2019)
Rob Fry
 
Creating a Technology Disaster Plan
Creating a Technology Disaster PlanCreating a Technology Disaster Plan
Creating a Technology Disaster Plan
Legal Services National Technology Assistance Project (LSNTAP)
 
The Stadium Business - Technology of Engagement
The Stadium Business - Technology of EngagementThe Stadium Business - Technology of Engagement
The Stadium Business - Technology of Engagement
University of Hertfordshire
 
Human Element In Security
Human Element In SecurityHuman Element In Security
Human Element In Security
Vineet Sood
 
Automated decision making with predictive applications – Big Data Brussels
Automated decision making with predictive applications – Big Data BrusselsAutomated decision making with predictive applications – Big Data Brussels
Automated decision making with predictive applications – Big Data Brussels
Lars Trieloff
 
Net Gen Norms
Net Gen NormsNet Gen Norms
Net Gen Norms
Phil Macoun
 
Work or Play
Work or PlayWork or Play
Work or Play
University of Hertfordshire
 
Technologies of Attractions - Museums, Galaries, Zoos, Castles, Dockyards, Fu...
Technologies of Attractions - Museums, Galaries, Zoos, Castles, Dockyards, Fu...Technologies of Attractions - Museums, Galaries, Zoos, Castles, Dockyards, Fu...
Technologies of Attractions - Museums, Galaries, Zoos, Castles, Dockyards, Fu...
University of Hertfordshire
 
CSA Fall Summit 2017
CSA Fall Summit 2017CSA Fall Summit 2017
CSA Fall Summit 2017
Chad Hoffmann
 
Smartcon 2015 – Automated Decisions in the Supply Chain
Smartcon 2015 – Automated Decisions in the Supply ChainSmartcon 2015 – Automated Decisions in the Supply Chain
Smartcon 2015 – Automated Decisions in the Supply ChainLars Trieloff
 
The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thou...
The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thou...The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thou...
The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thou...
Ben Tomhave
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise Security
Stephen Cobb
 

More Related Content

What's hot

Massive Failure: What Disasters Can Teach Us About Experience Design
Massive Failure: What Disasters Can Teach Us About Experience DesignMassive Failure: What Disasters Can Teach Us About Experience Design
Massive Failure: What Disasters Can Teach Us About Experience Design
gsmith
 
Social Information Architecture
Social Information ArchitectureSocial Information Architecture
Social Information Architecture
gsmith
 
Business Reasons for Predictive Applications
Business Reasons for Predictive ApplicationsBusiness Reasons for Predictive Applications
Business Reasons for Predictive Applications
Lars Trieloff
 
Designing with a biased mind
Designing with a biased mindDesigning with a biased mind
Designing with a biased mind
Nitin Ramrakhyani
 
Decision-Taking
Decision-TakingDecision-Taking
Decision-Taking
Manage Train Learn
 
Evolving it security Threats and Solutions
Evolving it security Threats and SolutionsEvolving it security Threats and Solutions
Evolving it security Threats and Solutions
University of Hertfordshire
 
I got 99 problems but tech aint one
I got 99 problems but tech aint oneI got 99 problems but tech aint one
I got 99 problems but tech aint one
Nirmal Mehta
 
Data Natives 2015: Predictive Applications are Going to Steal Your Job: this ...
Data Natives 2015: Predictive Applications are Going to Steal Your Job: this ...Data Natives 2015: Predictive Applications are Going to Steal Your Job: this ...
Data Natives 2015: Predictive Applications are Going to Steal Your Job: this ...
Lars Trieloff
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to Compliance
Evan Francen
 
How to get value out of data
How to get value out of dataHow to get value out of data
How to get value out of dataLars Trieloff
 
Security Operations as a Video Game (Bsides Vancouver 2019)
Security Operations as a Video Game (Bsides Vancouver 2019)Security Operations as a Video Game (Bsides Vancouver 2019)
Security Operations as a Video Game (Bsides Vancouver 2019)
Rob Fry
 
Creating a Technology Disaster Plan
Creating a Technology Disaster PlanCreating a Technology Disaster Plan
Creating a Technology Disaster Plan
Legal Services National Technology Assistance Project (LSNTAP)
 
The Stadium Business - Technology of Engagement
The Stadium Business - Technology of EngagementThe Stadium Business - Technology of Engagement
The Stadium Business - Technology of Engagement
University of Hertfordshire
 
Human Element In Security
Human Element In SecurityHuman Element In Security
Human Element In Security
Vineet Sood
 
Automated decision making with predictive applications – Big Data Brussels
Automated decision making with predictive applications – Big Data BrusselsAutomated decision making with predictive applications – Big Data Brussels
Automated decision making with predictive applications – Big Data Brussels
Lars Trieloff
 
Net Gen Norms
Net Gen NormsNet Gen Norms
Net Gen Norms
Phil Macoun
 
Work or Play
Work or PlayWork or Play
Work or Play
University of Hertfordshire
 
Technologies of Attractions - Museums, Galaries, Zoos, Castles, Dockyards, Fu...
Technologies of Attractions - Museums, Galaries, Zoos, Castles, Dockyards, Fu...Technologies of Attractions - Museums, Galaries, Zoos, Castles, Dockyards, Fu...
Technologies of Attractions - Museums, Galaries, Zoos, Castles, Dockyards, Fu...
University of Hertfordshire
 
CSA Fall Summit 2017
CSA Fall Summit 2017CSA Fall Summit 2017
CSA Fall Summit 2017
Chad Hoffmann
 
Smartcon 2015 – Automated Decisions in the Supply Chain
Smartcon 2015 – Automated Decisions in the Supply ChainSmartcon 2015 – Automated Decisions in the Supply Chain
Smartcon 2015 – Automated Decisions in the Supply ChainLars Trieloff
 

What's hot (20)

Massive Failure: What Disasters Can Teach Us About Experience Design
Massive Failure: What Disasters Can Teach Us About Experience DesignMassive Failure: What Disasters Can Teach Us About Experience Design
Massive Failure: What Disasters Can Teach Us About Experience Design
 
Social Information Architecture
Social Information ArchitectureSocial Information Architecture
Social Information Architecture
 
Business Reasons for Predictive Applications
Business Reasons for Predictive ApplicationsBusiness Reasons for Predictive Applications
Business Reasons for Predictive Applications
 
Designing with a biased mind
Designing with a biased mindDesigning with a biased mind
Designing with a biased mind
 
Decision-Taking
Decision-TakingDecision-Taking
Decision-Taking
 
Evolving it security Threats and Solutions
Evolving it security Threats and SolutionsEvolving it security Threats and Solutions
Evolving it security Threats and Solutions
 
I got 99 problems but tech aint one
I got 99 problems but tech aint oneI got 99 problems but tech aint one
I got 99 problems but tech aint one
 
Data Natives 2015: Predictive Applications are Going to Steal Your Job: this ...
Data Natives 2015: Predictive Applications are Going to Steal Your Job: this ...Data Natives 2015: Predictive Applications are Going to Steal Your Job: this ...
Data Natives 2015: Predictive Applications are Going to Steal Your Job: this ...
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to Compliance
 
How to get value out of data
How to get value out of dataHow to get value out of data
How to get value out of data
 
Security Operations as a Video Game (Bsides Vancouver 2019)
Security Operations as a Video Game (Bsides Vancouver 2019)Security Operations as a Video Game (Bsides Vancouver 2019)
Security Operations as a Video Game (Bsides Vancouver 2019)
 
Creating a Technology Disaster Plan
Creating a Technology Disaster PlanCreating a Technology Disaster Plan
Creating a Technology Disaster Plan
 
The Stadium Business - Technology of Engagement
The Stadium Business - Technology of EngagementThe Stadium Business - Technology of Engagement
The Stadium Business - Technology of Engagement
 
Human Element In Security
Human Element In SecurityHuman Element In Security
Human Element In Security
 
Automated decision making with predictive applications – Big Data Brussels
Automated decision making with predictive applications – Big Data BrusselsAutomated decision making with predictive applications – Big Data Brussels
Automated decision making with predictive applications – Big Data Brussels
 
Net Gen Norms
Net Gen NormsNet Gen Norms
Net Gen Norms
 
Work or Play
Work or PlayWork or Play
Work or Play
 
Technologies of Attractions - Museums, Galaries, Zoos, Castles, Dockyards, Fu...
Technologies of Attractions - Museums, Galaries, Zoos, Castles, Dockyards, Fu...Technologies of Attractions - Museums, Galaries, Zoos, Castles, Dockyards, Fu...
Technologies of Attractions - Museums, Galaries, Zoos, Castles, Dockyards, Fu...
 
CSA Fall Summit 2017
CSA Fall Summit 2017CSA Fall Summit 2017
CSA Fall Summit 2017
 
Smartcon 2015 – Automated Decisions in the Supply Chain
Smartcon 2015 – Automated Decisions in the Supply ChainSmartcon 2015 – Automated Decisions in the Supply Chain
Smartcon 2015 – Automated Decisions in the Supply Chain
 

Similar to Carrot stick-consequences-app secdc-2010

The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thou...
The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thou...The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thou...
The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thou...
Ben Tomhave
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise Security
Stephen Cobb
 
"Security on the Brain" Security & Risk Psychology Workshop Nov 2013
"Security on the Brain" Security & Risk Psychology Workshop Nov 2013"Security on the Brain" Security & Risk Psychology Workshop Nov 2013
"Security on the Brain" Security & Risk Psychology Workshop Nov 2013
Adrian Wright
 
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Kimberley Dray
 
How to Not Destroy the World - the Ethics of Web Design
How to Not Destroy the World - the Ethics of Web DesignHow to Not Destroy the World - the Ethics of Web Design
How to Not Destroy the World - the Ethics of Web Design
Morten Rand-Hendriksen
 
Brighttalk reason 114 for learning math - final
Brighttalk reason 114 for learning math - finalBrighttalk reason 114 for learning math - final
Brighttalk reason 114 for learning math - finalAndrew White
 
Safety Gamification
Safety GamificationSafety Gamification
Safety Gamification
Stephen Knightly
 
DeepSec 2014 - The Measured CSO
DeepSec 2014 - The Measured CSODeepSec 2014 - The Measured CSO
DeepSec 2014 - The Measured CSO
Alexander Hutton
 
Effective Cybersecurity Communication Skills
Effective Cybersecurity Communication SkillsEffective Cybersecurity Communication Skills
Effective Cybersecurity Communication Skills
Jack Whitsitt
 
Social engineering and indian jugaad
Social engineering and indian jugaadSocial engineering and indian jugaad
Social engineering and indian jugaad
n|u - The Open Security Community
 
VMUG UserCon Presentation for 2018
VMUG UserCon Presentation for 2018VMUG UserCon Presentation for 2018
VMUG UserCon Presentation for 2018
Jon Hildebrand
 
GRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of usersGRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of users
Joel Cardella
 
What could kill NSTIC? A friendly threat assessment in 3 parts.
What could kill NSTIC? A friendly threat assessment in 3 parts.What could kill NSTIC? A friendly threat assessment in 3 parts.
What could kill NSTIC? A friendly threat assessment in 3 parts.
Phil Wolff
 
BYOD: Beating IT's Kobayashi Maru
BYOD: Beating IT's Kobayashi MaruBYOD: Beating IT's Kobayashi Maru
BYOD: Beating IT's Kobayashi Maru
Michele Chubirka
 
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Shawn Tuma
 
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
EC-Council
 
Intro to a Data-Driven Computer Security Defense
Intro to a Data-Driven Computer Security DefenseIntro to a Data-Driven Computer Security Defense
Intro to a Data-Driven Computer Security Defense
Roger Grimes
 
The Key to Great Teams: Understanding the Human Operating System
The Key to Great Teams: Understanding the Human Operating SystemThe Key to Great Teams: Understanding the Human Operating System
The Key to Great Teams: Understanding the Human Operating System
Atlassian
 
Evaluating and ImprovingBomb Threat Planning Process.pdf
Evaluating and ImprovingBomb Threat Planning Process.pdfEvaluating and ImprovingBomb Threat Planning Process.pdf
Evaluating and ImprovingBomb Threat Planning Process.pdf
eliasox
 
Running with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsRunning with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needs
Michael Scheidell
 

Similar to Carrot stick-consequences-app secdc-2010 (20)

The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thou...
The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thou...The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thou...
The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thou...
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise Security
 
"Security on the Brain" Security & Risk Psychology Workshop Nov 2013
"Security on the Brain" Security & Risk Psychology Workshop Nov 2013"Security on the Brain" Security & Risk Psychology Workshop Nov 2013
"Security on the Brain" Security & Risk Psychology Workshop Nov 2013
 
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
 
How to Not Destroy the World - the Ethics of Web Design
How to Not Destroy the World - the Ethics of Web DesignHow to Not Destroy the World - the Ethics of Web Design
How to Not Destroy the World - the Ethics of Web Design
 
Brighttalk reason 114 for learning math - final
Brighttalk reason 114 for learning math - finalBrighttalk reason 114 for learning math - final
Brighttalk reason 114 for learning math - final
 
Safety Gamification
Safety GamificationSafety Gamification
Safety Gamification
 
DeepSec 2014 - The Measured CSO
DeepSec 2014 - The Measured CSODeepSec 2014 - The Measured CSO
DeepSec 2014 - The Measured CSO
 
Effective Cybersecurity Communication Skills
Effective Cybersecurity Communication SkillsEffective Cybersecurity Communication Skills
Effective Cybersecurity Communication Skills
 
Social engineering and indian jugaad
Social engineering and indian jugaadSocial engineering and indian jugaad
Social engineering and indian jugaad
 
VMUG UserCon Presentation for 2018
VMUG UserCon Presentation for 2018VMUG UserCon Presentation for 2018
VMUG UserCon Presentation for 2018
 
GRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of usersGRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of users
 
What could kill NSTIC? A friendly threat assessment in 3 parts.
What could kill NSTIC? A friendly threat assessment in 3 parts.What could kill NSTIC? A friendly threat assessment in 3 parts.
What could kill NSTIC? A friendly threat assessment in 3 parts.
 
BYOD: Beating IT's Kobayashi Maru
BYOD: Beating IT's Kobayashi MaruBYOD: Beating IT's Kobayashi Maru
BYOD: Beating IT's Kobayashi Maru
 
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
 
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
 
Intro to a Data-Driven Computer Security Defense
Intro to a Data-Driven Computer Security DefenseIntro to a Data-Driven Computer Security Defense
Intro to a Data-Driven Computer Security Defense
 
The Key to Great Teams: Understanding the Human Operating System
The Key to Great Teams: Understanding the Human Operating SystemThe Key to Great Teams: Understanding the Human Operating System
The Key to Great Teams: Understanding the Human Operating System
 
Evaluating and ImprovingBomb Threat Planning Process.pdf
Evaluating and ImprovingBomb Threat Planning Process.pdfEvaluating and ImprovingBomb Threat Planning Process.pdf
Evaluating and ImprovingBomb Threat Planning Process.pdf
 
Running with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needsRunning with Scissors: Balance between business and InfoSec needs
Running with Scissors: Balance between business and InfoSec needs
 

Recently uploaded

Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 

Recently uploaded (20)

Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 

Carrot stick-consequences-app secdc-2010

Editor's Notes

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n
  18. \n
  19. \n
  20. \n
  21. \n
  22. \n
  23. \n
  24. \n
  25. \n
  26. \n
  27. \n
  28. \n
  29. \n
  30. \n
  31. \n
  32. \n
  33. \n
  34. \n
  35. \n
  36. \n
  37. \n
  38. \n
  39. \n
  40. \n
  41. \n
  42. \n
  43. \n
  44. \n
  45. \n
  46. \n
  47. \n
  48. \n
  49. \n
  50. \n
  51. \n
  52. \n
  53. \n
  54. \n
  55. \n
  56. \n
  57. \n
  58. \n
  59. \n
  60. \n
  61. \n
  62. \n
  63. \n
  64. \n
  65. \n
  66. \n
  67. \n
  68. \n
  69. \n