SlideShare a Scribd company logo

IDC Amsterdam 2013 09 12 Smart Security Solutions require Ditto Designs

Download as PPT, PDF
Jurgen van der Vlugt
Jurgen van der Vlugt

How we exclude people from information security (design) which takes away the overwhelmingly biggest threat-AND-vulnerability; how we need to ditch the top-down compliance approach, and how to do security bottom-up. KISS.

BusinessTechnology
1 of 33
Street Smart Solutions require Ditto Design Achter de kudde of Vóórdat het misgaat Jurgen van der Vlugt Amsterdam, 12 september 2013
Introductie • Jurgen = Ir.drs. J. van der Vlugt RE CISA CRISC • ISSA, president NL chapter, member Ethics Committee • ISACA, NL board for Roundtables • Supranationale organisatie, IT-audit • Maverisk Consultancy, IS Audit and Advisory services • KPMG, ABN AMRO, host of others • ERM/ORM, (IS) Audit, (Info)Security • Yup: WIP, gaarne ‘vragen’
Agenda • Massa • -loos • … is dom • Reacties • Vangrails • Simpel maar hard • Be Prepared
De massa
Massa-loos: People-less Process & Technology
Resultaat: … is dom
(FUD)
In short, you can screw up with impuny as long as you screw up like everybody else. (David Putnam in Seth Godin, The Icarus Deception, p.203)
Reacties
Eigen Groep Eerst
Respons
Range
Radicalen • (Extremistisch- bureaucratischen) • Defectors (afvalligen) • ALTIJD • Horen erbij! • Houden de boel fris!
Vrijheid door vangrails Aristotle might say that we need rules to protect us from disaster. But at the same time, rules without wisdom are blind and at best guarantee mediocrity – forcing wise practitioners to become outlaws, rule-breakers pursuing a kind of guerrilla war to achieve excellence. Weick found that the longer the checklists for the wildland firefighters became, the more improvisation was shut down. Rules are aids, allies, guides, and checks. But too much reliance on rules can squeeze out the judgement that is necessary to do our work well. ... Better to minimize the number of rules, give up trying to cover every particular circumstance, and instead do more training to encourage skill and practical reasoning and intuition. (Schwartz and Scharpe, Practical Wisdom)
Vangrails: Simpel maar hard Be Prepared
De juiste druk; effectief design • Doorzie het dilemma • Zie de druk van allevier de kringen • Alles op de juiste maat • Stimuleer samenwerking • Pakkans ~ straf • Kies algemene, reactieve (?) sec.systems • Pas op concentratie-Points of Failure • Alles transparant
Pt > Dt + Rt (Pt > 0) E = Dt + Rt (Pt = 0) → Zero-day exploits, or any unknown vectors
Agenda • Massa • -loos • … is dom • Reacties • Vangrails • Simpel maar hard • Be Prepared
Hoop dat het ritje beviel.Hoop dat het ritje beviel. Dat was alles. Dank U.Dat was alles. Dank U.
Dank u
• Jurgen van der Vlugt • Jvdvlugt@maverisk.nl • LinkedIn http://nl.linkedin.com/in/jurgenvandervlugt/ • Twitter @jvdvlugt • (G+, etc.etc.) Contactdetails Dogma: The problem starts at the secondary level, not with the originator or the developer of the idea but with the people who are attracted by it, who cling to it until their last nail breaks, and who invariably lack the overview, flexibility, imagination, and, most importantly, sense of humor, to maintain it in the spirit in which it was hatched. Ideas are made by masters, dogma by disciples, and the Buddha is always killed on the road. (Tom Robbins, Still Life with Woodpecker, 1984)
Leesvoer
How to Stop

Recommended

Permanent open depot rijks in kpmg gebouw v0.3
Permanent open depot rijks in kpmg gebouw v0.3Permanent open depot rijks in kpmg gebouw v0.3
Permanent open depot rijks in kpmg gebouw v0.3Jurgen van der Vlugt
 
Down the Blind Alley (PDF)
Down the Blind Alley (PDF)Down the Blind Alley (PDF)
Down the Blind Alley (PDF)Jurgen van der Vlugt
 
ISSA NL event 2013 06 06 Limits, Not Rails
ISSA NL event 2013 06 06 Limits, Not RailsISSA NL event 2013 06 06 Limits, Not Rails
ISSA NL event 2013 06 06 Limits, Not RailsJurgen van der Vlugt
 
ISSA ORM 2012 June 20 v0.3
ISSA ORM 2012 June 20 v0.3ISSA ORM 2012 June 20 v0.3
ISSA ORM 2012 June 20 v0.3Jurgen van der Vlugt
 
NGI Regio Rdam / Afd IT-A: Stuxnet - Beveiliging en Audit van Proces IT
NGI Regio Rdam / Afd IT-A: Stuxnet - Beveiliging en Audit van Proces ITNGI Regio Rdam / Afd IT-A: Stuxnet - Beveiliging en Audit van Proces IT
NGI Regio Rdam / Afd IT-A: Stuxnet - Beveiliging en Audit van Proces ITJurgen van der Vlugt
 
Wat ruist er door uw data-zee ISACA NL roundtable 2013 06 03
Wat ruist er door uw data-zee ISACA NL roundtable 2013 06 03Wat ruist er door uw data-zee ISACA NL roundtable 2013 06 03
Wat ruist er door uw data-zee ISACA NL roundtable 2013 06 03Jurgen van der Vlugt
 
Uncharted land
Uncharted landUncharted land
Uncharted landSøren K. Poder
 
Agile Development Overview (with a bit about builds)
Agile Development Overview (with a bit about builds)Agile Development Overview (with a bit about builds)
Agile Development Overview (with a bit about builds)David Benjamin
 

Recommended

Permanent open depot rijks in kpmg gebouw v0.3
Permanent open depot rijks in kpmg gebouw v0.3Permanent open depot rijks in kpmg gebouw v0.3
Permanent open depot rijks in kpmg gebouw v0.3Jurgen van der Vlugt
 
Down the Blind Alley (PDF)
Down the Blind Alley (PDF)Down the Blind Alley (PDF)
Down the Blind Alley (PDF)Jurgen van der Vlugt
 
ISSA NL event 2013 06 06 Limits, Not Rails
ISSA NL event 2013 06 06 Limits, Not RailsISSA NL event 2013 06 06 Limits, Not Rails
ISSA NL event 2013 06 06 Limits, Not RailsJurgen van der Vlugt
 
ISSA ORM 2012 June 20 v0.3
ISSA ORM 2012 June 20 v0.3ISSA ORM 2012 June 20 v0.3
ISSA ORM 2012 June 20 v0.3Jurgen van der Vlugt
 
NGI Regio Rdam / Afd IT-A: Stuxnet - Beveiliging en Audit van Proces IT
NGI Regio Rdam / Afd IT-A: Stuxnet - Beveiliging en Audit van Proces ITNGI Regio Rdam / Afd IT-A: Stuxnet - Beveiliging en Audit van Proces IT
NGI Regio Rdam / Afd IT-A: Stuxnet - Beveiliging en Audit van Proces ITJurgen van der Vlugt
 
Wat ruist er door uw data-zee ISACA NL roundtable 2013 06 03
Wat ruist er door uw data-zee ISACA NL roundtable 2013 06 03Wat ruist er door uw data-zee ISACA NL roundtable 2013 06 03
Wat ruist er door uw data-zee ISACA NL roundtable 2013 06 03Jurgen van der Vlugt
 
Uncharted land
Uncharted landUncharted land
Uncharted landSøren K. Poder
 
Agile Development Overview (with a bit about builds)
Agile Development Overview (with a bit about builds)Agile Development Overview (with a bit about builds)
Agile Development Overview (with a bit about builds)David Benjamin
 
CactusCon 2017 - OODA Loop in life & cyber threat intelligence
CactusCon 2017 - OODA Loop in life & cyber threat intelligenceCactusCon 2017 - OODA Loop in life & cyber threat intelligence
CactusCon 2017 - OODA Loop in life & cyber threat intelligenceDave Eilken
 
Leadership Development
Leadership DevelopmentLeadership Development
Leadership DevelopmentKeith Fuller
 
DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101
DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101
DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101Felipe Prado
 
Hackers contemplations
Hackers contemplationsHackers contemplations
Hackers contemplationsChris Roberts
 
Your PhD and You
Your PhD and YouYour PhD and You
Your PhD and YouJulián Urbano
 
Bootstrapping a-devops-matter
Bootstrapping a-devops-matterBootstrapping a-devops-matter
Bootstrapping a-devops-matterSkills Matter
 
Tomer Dvir Be Yourself
Tomer Dvir Be YourselfTomer Dvir Be Yourself
Tomer Dvir Be YourselfMIT Forum of Israel
 
Agile Big Data Practices
Agile Big Data PracticesAgile Big Data Practices
Agile Big Data PracticesAtif Shaikh
 
Business ideas or business opportunities
Business ideas or business opportunitiesBusiness ideas or business opportunities
Business ideas or business opportunitiesAndrew Hirst
 
An Introduction to Design Thinking - DevDay Conference Colombo
An Introduction to Design Thinking - DevDay Conference ColomboAn Introduction to Design Thinking - DevDay Conference Colombo
An Introduction to Design Thinking - DevDay Conference ColomboRaomal Perera
 
Product Discovery Stories: when and how to use a discovery sprint to validate...
Product Discovery Stories: when and how to use a discovery sprint to validate...Product Discovery Stories: when and how to use a discovery sprint to validate...
Product Discovery Stories: when and how to use a discovery sprint to validate...Cprime
 
Creating Value With T Ri Z Methods And Tools - Soiree INSA Paris
Creating Value With T Ri Z Methods And Tools - Soiree INSA ParisCreating Value With T Ri Z Methods And Tools - Soiree INSA Paris
Creating Value With T Ri Z Methods And Tools - Soiree INSA ParisINSA Paris Ile de France
 
Bit by Bit: A Framework for Building Technological Competence as a Lawyer
Bit by Bit: A Framework for Building Technological Competence as a LawyerBit by Bit: A Framework for Building Technological Competence as a Lawyer
Bit by Bit: A Framework for Building Technological Competence as a LawyerJack Pringle
 
Powerful software linkedin
Powerful software linkedinPowerful software linkedin
Powerful software linkedinNaveenkumar Muguda
 
Be Yourself- Startup & Entrepreneurial tips by Tomer Dvir, Mit Forum israel
Be Yourself- Startup & Entrepreneurial tips by Tomer Dvir, Mit Forum israelBe Yourself- Startup & Entrepreneurial tips by Tomer Dvir, Mit Forum israel
Be Yourself- Startup & Entrepreneurial tips by Tomer Dvir, Mit Forum israelJosh (Tzvika) Avnery
 
Sharing knowledge is a super power
Sharing knowledge is a super powerSharing knowledge is a super power
Sharing knowledge is a super powerTOPdesk
 
Intro to Agile and Lean UX
Intro to Agile and Lean UXIntro to Agile and Lean UX
Intro to Agile and Lean UXJacklyn Burgan
 
20170801 GDPR Q&A intro
20170801 GDPR Q&A intro20170801 GDPR Q&A intro
20170801 GDPR Q&A introBrussels Legal Hackers
 
Ob slides - decision making hold(1)
Ob slides - decision making hold(1)Ob slides - decision making hold(1)
Ob slides - decision making hold(1)stuitstrain2
 
Pandas, Data Wrangling & Data Science
Pandas, Data Wrangling & Data SciencePandas, Data Wrangling & Data Science
Pandas, Data Wrangling & Data ScienceKrishna Sankar
 
Much Data 0.95
Much Data 0.95Much Data 0.95
Much Data 0.95Jurgen van der Vlugt
 
Risk Managers Of The Universe
Risk Managers Of The UniverseRisk Managers Of The Universe
Risk Managers Of The UniverseJurgen van der Vlugt
 

More Related Content

Similar to IDC Amsterdam 2013 09 12 Smart Security Solutions require Ditto Designs

CactusCon 2017 - OODA Loop in life & cyber threat intelligence
CactusCon 2017 - OODA Loop in life & cyber threat intelligenceCactusCon 2017 - OODA Loop in life & cyber threat intelligence
CactusCon 2017 - OODA Loop in life & cyber threat intelligenceDave Eilken
 
Leadership Development
Leadership DevelopmentLeadership Development
Leadership DevelopmentKeith Fuller
 
DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101
DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101
DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101Felipe Prado
 
Hackers contemplations
Hackers contemplationsHackers contemplations
Hackers contemplationsChris Roberts
 
Bootstrapping a-devops-matter
Bootstrapping a-devops-matterBootstrapping a-devops-matter
Bootstrapping a-devops-matterSkills Matter
 
Agile Big Data Practices
Agile Big Data PracticesAgile Big Data Practices
Agile Big Data PracticesAtif Shaikh
 
Business ideas or business opportunities
Business ideas or business opportunitiesBusiness ideas or business opportunities
Business ideas or business opportunitiesAndrew Hirst
 
An Introduction to Design Thinking - DevDay Conference Colombo
An Introduction to Design Thinking - DevDay Conference ColomboAn Introduction to Design Thinking - DevDay Conference Colombo
An Introduction to Design Thinking - DevDay Conference ColomboRaomal Perera
 
Product Discovery Stories: when and how to use a discovery sprint to validate...
Product Discovery Stories: when and how to use a discovery sprint to validate...Product Discovery Stories: when and how to use a discovery sprint to validate...
Product Discovery Stories: when and how to use a discovery sprint to validate...Cprime
 
Creating Value With T Ri Z Methods And Tools - Soiree INSA Paris
Creating Value With T Ri Z Methods And Tools - Soiree INSA ParisCreating Value With T Ri Z Methods And Tools - Soiree INSA Paris
Creating Value With T Ri Z Methods And Tools - Soiree INSA ParisINSA Paris Ile de France
 
Bit by Bit: A Framework for Building Technological Competence as a Lawyer
Bit by Bit: A Framework for Building Technological Competence as a LawyerBit by Bit: A Framework for Building Technological Competence as a Lawyer
Bit by Bit: A Framework for Building Technological Competence as a LawyerJack Pringle
 
Be Yourself- Startup & Entrepreneurial tips by Tomer Dvir, Mit Forum israel
Be Yourself- Startup & Entrepreneurial tips by Tomer Dvir, Mit Forum israelBe Yourself- Startup & Entrepreneurial tips by Tomer Dvir, Mit Forum israel
Be Yourself- Startup & Entrepreneurial tips by Tomer Dvir, Mit Forum israelJosh (Tzvika) Avnery
 
Sharing knowledge is a super power
Sharing knowledge is a super powerSharing knowledge is a super power
Sharing knowledge is a super powerTOPdesk
 
Intro to Agile and Lean UX
Intro to Agile and Lean UXIntro to Agile and Lean UX
Intro to Agile and Lean UXJacklyn Burgan
 
Ob slides - decision making hold(1)
Ob slides - decision making hold(1)Ob slides - decision making hold(1)
Ob slides - decision making hold(1)stuitstrain2
 
Pandas, Data Wrangling & Data Science
Pandas, Data Wrangling & Data SciencePandas, Data Wrangling & Data Science
Pandas, Data Wrangling & Data ScienceKrishna Sankar
 

Similar to IDC Amsterdam 2013 09 12 Smart Security Solutions require Ditto Designs (20)

CactusCon 2017 - OODA Loop in life & cyber threat intelligence
CactusCon 2017 - OODA Loop in life & cyber threat intelligenceCactusCon 2017 - OODA Loop in life & cyber threat intelligence
CactusCon 2017 - OODA Loop in life & cyber threat intelligence
 
Leadership Development
Leadership DevelopmentLeadership Development
Leadership Development
 
DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101
DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101
DEF CON 27 - workshop - KRISTY WESTPHAL - analysis 101
 
Hackers contemplations
Hackers contemplationsHackers contemplations
Hackers contemplations
 
Your PhD and You
Your PhD and YouYour PhD and You
Your PhD and You
 
Bootstrapping a-devops-matter
Bootstrapping a-devops-matterBootstrapping a-devops-matter
Bootstrapping a-devops-matter
 
Tomer Dvir Be Yourself
Tomer Dvir Be YourselfTomer Dvir Be Yourself
Tomer Dvir Be Yourself
 
Agile Big Data Practices
Agile Big Data PracticesAgile Big Data Practices
Agile Big Data Practices
 
Business ideas or business opportunities
Business ideas or business opportunitiesBusiness ideas or business opportunities
Business ideas or business opportunities
 
An Introduction to Design Thinking - DevDay Conference Colombo
An Introduction to Design Thinking - DevDay Conference ColomboAn Introduction to Design Thinking - DevDay Conference Colombo
An Introduction to Design Thinking - DevDay Conference Colombo
 
Product Discovery Stories: when and how to use a discovery sprint to validate...
Product Discovery Stories: when and how to use a discovery sprint to validate...Product Discovery Stories: when and how to use a discovery sprint to validate...
Product Discovery Stories: when and how to use a discovery sprint to validate...
 
Creating Value With T Ri Z Methods And Tools - Soiree INSA Paris
Creating Value With T Ri Z Methods And Tools - Soiree INSA ParisCreating Value With T Ri Z Methods And Tools - Soiree INSA Paris
Creating Value With T Ri Z Methods And Tools - Soiree INSA Paris
 
Bit by Bit: A Framework for Building Technological Competence as a Lawyer
Bit by Bit: A Framework for Building Technological Competence as a LawyerBit by Bit: A Framework for Building Technological Competence as a Lawyer
Bit by Bit: A Framework for Building Technological Competence as a Lawyer
 
Powerful software linkedin
Powerful software linkedinPowerful software linkedin
Powerful software linkedin
 
Be Yourself- Startup & Entrepreneurial tips by Tomer Dvir, Mit Forum israel
Be Yourself- Startup & Entrepreneurial tips by Tomer Dvir, Mit Forum israelBe Yourself- Startup & Entrepreneurial tips by Tomer Dvir, Mit Forum israel
Be Yourself- Startup & Entrepreneurial tips by Tomer Dvir, Mit Forum israel
 
Sharing knowledge is a super power
Sharing knowledge is a super powerSharing knowledge is a super power
Sharing knowledge is a super power
 
Intro to Agile and Lean UX
Intro to Agile and Lean UXIntro to Agile and Lean UX
Intro to Agile and Lean UX
 
20170801 GDPR Q&A intro
20170801 GDPR Q&A intro20170801 GDPR Q&A intro
20170801 GDPR Q&A intro
 
Ob slides - decision making hold(1)
Ob slides - decision making hold(1)Ob slides - decision making hold(1)
Ob slides - decision making hold(1)
 
Pandas, Data Wrangling & Data Science
Pandas, Data Wrangling & Data SciencePandas, Data Wrangling & Data Science
Pandas, Data Wrangling & Data Science
 

More from Jurgen van der Vlugt

ACAM-VDA NOREA Adviesdiensten 21 juni 2012
ACAM-VDA NOREA Adviesdiensten 21 juni 2012ACAM-VDA NOREA Adviesdiensten 21 juni 2012
ACAM-VDA NOREA Adviesdiensten 21 juni 2012Jurgen van der Vlugt
 
Adviesdiensten Norea Regio Noord 2012 05 10
Adviesdiensten Norea Regio Noord 2012 05 10Adviesdiensten Norea Regio Noord 2012 05 10
Adviesdiensten Norea Regio Noord 2012 05 10Jurgen van der Vlugt
 
Van Plank Misslaan Naar Spijker Op De Kop V0.3
Van Plank Misslaan Naar Spijker Op De Kop V0.3Van Plank Misslaan Naar Spijker Op De Kop V0.3
Van Plank Misslaan Naar Spijker Op De Kop V0.3Jurgen van der Vlugt
 
Advies Assurance September 2011 V0.97
Advies Assurance September 2011 V0.97Advies Assurance September 2011 V0.97
Advies Assurance September 2011 V0.97Jurgen van der Vlugt
 
VU Information Risk Management Security Management 2010 JvdV
VU Information Risk Management Security Management 2010 JvdVVU Information Risk Management Security Management 2010 JvdV
VU Information Risk Management Security Management 2010 JvdVJurgen van der Vlugt
 
VU Organisatie van het beroep Reglementering Deel I 21 mei 2010
VU Organisatie van het beroep Reglementering Deel I 21 mei 2010VU Organisatie van het beroep Reglementering Deel I 21 mei 2010
VU Organisatie van het beroep Reglementering Deel I 21 mei 2010Jurgen van der Vlugt
 
VU Uitvoering van de audit 28 mei 2010
VU Uitvoering van de audit 28 mei 2010VU Uitvoering van de audit 28 mei 2010
VU Uitvoering van de audit 28 mei 2010Jurgen van der Vlugt
 
Saxion Enschedé College Security 2009
Saxion Enschedé College Security 2009Saxion Enschedé College Security 2009
Saxion Enschedé College Security 2009Jurgen van der Vlugt
 
NOREA Update congres 2007 incl notes
NOREA Update congres 2007 incl notesNOREA Update congres 2007 incl notes
NOREA Update congres 2007 incl notesJurgen van der Vlugt
 
NOREA Regiosessie Reglementen 2010
NOREA Regiosessie Reglementen 2010NOREA Regiosessie Reglementen 2010
NOREA Regiosessie Reglementen 2010Jurgen van der Vlugt
 
Saxion Enschedé College Security 2010
Saxion Enschedé College Security 2010Saxion Enschedé College Security 2010
Saxion Enschedé College Security 2010Jurgen van der Vlugt
 

More from Jurgen van der Vlugt (14)

Much Data 0.95
Much Data 0.95Much Data 0.95
Much Data 0.95
 
Risk Managers Of The Universe
Risk Managers Of The UniverseRisk Managers Of The Universe
Risk Managers Of The Universe
 
ACAM-VDA NOREA Adviesdiensten 21 juni 2012
ACAM-VDA NOREA Adviesdiensten 21 juni 2012ACAM-VDA NOREA Adviesdiensten 21 juni 2012
ACAM-VDA NOREA Adviesdiensten 21 juni 2012
 
Adviesdiensten Norea Regio Noord 2012 05 10
Adviesdiensten Norea Regio Noord 2012 05 10Adviesdiensten Norea Regio Noord 2012 05 10
Adviesdiensten Norea Regio Noord 2012 05 10
 
Van Plank Misslaan Naar Spijker Op De Kop V0.3
Van Plank Misslaan Naar Spijker Op De Kop V0.3Van Plank Misslaan Naar Spijker Op De Kop V0.3
Van Plank Misslaan Naar Spijker Op De Kop V0.3
 
Advies Assurance September 2011 V0.97
Advies Assurance September 2011 V0.97Advies Assurance September 2011 V0.97
Advies Assurance September 2011 V0.97
 
VU Information Risk Management Security Management 2010 JvdV
VU Information Risk Management Security Management 2010 JvdVVU Information Risk Management Security Management 2010 JvdV
VU Information Risk Management Security Management 2010 JvdV
 
VU Organisatie van het beroep Reglementering Deel I 21 mei 2010
VU Organisatie van het beroep Reglementering Deel I 21 mei 2010VU Organisatie van het beroep Reglementering Deel I 21 mei 2010
VU Organisatie van het beroep Reglementering Deel I 21 mei 2010
 
VU Uitvoering van de audit 28 mei 2010
VU Uitvoering van de audit 28 mei 2010VU Uitvoering van de audit 28 mei 2010
VU Uitvoering van de audit 28 mei 2010
 
Saxion Enschedé College Security 2009
Saxion Enschedé College Security 2009Saxion Enschedé College Security 2009
Saxion Enschedé College Security 2009
 
NOREA Update congres 2007 incl notes
NOREA Update congres 2007 incl notesNOREA Update congres 2007 incl notes
NOREA Update congres 2007 incl notes
 
NOREA ALV Symposium Advies 2010
NOREA ALV Symposium Advies 2010NOREA ALV Symposium Advies 2010
NOREA ALV Symposium Advies 2010
 
NOREA Regiosessie Reglementen 2010
NOREA Regiosessie Reglementen 2010NOREA Regiosessie Reglementen 2010
NOREA Regiosessie Reglementen 2010
 
Saxion Enschedé College Security 2010
Saxion Enschedé College Security 2010Saxion Enschedé College Security 2010
Saxion Enschedé College Security 2010
 

Recently uploaded

Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsApsara Of India
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurSuhani Kapoor
 
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdfCatalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdfOrient Homes
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessAggregage
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
DEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docxDEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docxRodelinaLaud
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
Socio-economic-Impact-of-business-consumers-suppliers-and.pptx
Socio-economic-Impact-of-business-consumers-suppliers-and.pptxSocio-economic-Impact-of-business-consumers-suppliers-and.pptx
Socio-economic-Impact-of-business-consumers-suppliers-and.pptxtrishalcan8
 
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service DewasVip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewasmakika9823
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Roomdivyansh0kumar0
 

Recently uploaded (20)

Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
 
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdfCatalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for Success
 
Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517
Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517
Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
DEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docxDEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docx
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
Socio-economic-Impact-of-business-consumers-suppliers-and.pptx
Socio-economic-Impact-of-business-consumers-suppliers-and.pptxSocio-economic-Impact-of-business-consumers-suppliers-and.pptx
Socio-economic-Impact-of-business-consumers-suppliers-and.pptx
 
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service DewasVip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
 

IDC Amsterdam 2013 09 12 Smart Security Solutions require Ditto Designs

  • 1. Street Smart Solutions require Ditto Design Achter de kudde of Vóórdat het misgaat Jurgen van der Vlugt Amsterdam, 12 september 2013
  • 2. Introductie • Jurgen = Ir.drs. J. van der Vlugt RE CISA CRISC • ISSA, president NL chapter, member Ethics Committee • ISACA, NL board for Roundtables • Supranationale organisatie, IT-audit • Maverisk Consultancy, IS Audit and Advisory services • KPMG, ABN AMRO, host of others • ERM/ORM, (IS) Audit, (Info)Security • Yup: WIP, gaarne ‘vragen’
  • 3. Agenda • Massa • -loos • … is dom • Reacties • Vangrails • Simpel maar hard • Be Prepared
  • 6.
  • 8.
  • 9.
  • 10. (FUD)
  • 11.
  • 12. In short, you can screw up with impuny as long as you screw up like everybody else. (David Putnam in Seth Godin, The Icarus Deception, p.203)
  • 13.
  • 14.
  • 18. Range
  • 19.
  • 20. Radicalen • (Extremistisch- bureaucratischen) • Defectors (afvalligen) • ALTIJD • Horen erbij! • Houden de boel fris!
  • 21. Vrijheid door vangrails Aristotle might say that we need rules to protect us from disaster. But at the same time, rules without wisdom are blind and at best guarantee mediocrity – forcing wise practitioners to become outlaws, rule-breakers pursuing a kind of guerrilla war to achieve excellence. Weick found that the longer the checklists for the wildland firefighters became, the more improvisation was shut down. Rules are aids, allies, guides, and checks. But too much reliance on rules can squeeze out the judgement that is necessary to do our work well. ... Better to minimize the number of rules, give up trying to cover every particular circumstance, and instead do more training to encourage skill and practical reasoning and intuition. (Schwartz and Scharpe, Practical Wisdom)
  • 23. De juiste druk; effectief design • Doorzie het dilemma • Zie de druk van allevier de kringen • Alles op de juiste maat • Stimuleer samenwerking • Pakkans ~ straf • Kies algemene, reactieve (?) sec.systems • Pas op concentratie-Points of Failure • Alles transparant
  • 24.
  • 25. Pt > Dt + Rt (Pt > 0) E = Dt + Rt (Pt = 0) → Zero-day exploits, or any unknown vectors
  • 26.
  • 27. Agenda • Massa • -loos • … is dom • Reacties • Vangrails • Simpel maar hard • Be Prepared
  • 28. Hoop dat het ritje beviel.Hoop dat het ritje beviel. Dat was alles. Dank U.Dat was alles. Dank U.
  • 29.
  • 31. • Jurgen van der Vlugt • Jvdvlugt@maverisk.nl • LinkedIn http://nl.linkedin.com/in/jurgenvandervlugt/ • Twitter @jvdvlugt • (G+, etc.etc.) Contactdetails Dogma: The problem starts at the secondary level, not with the originator or the developer of the idea but with the people who are attracted by it, who cling to it until their last nail breaks, and who invariably lack the overview, flexibility, imagination, and, most importantly, sense of humor, to maintain it in the spirit in which it was hatched. Ideas are made by masters, dogma by disciples, and the Buddha is always killed on the road. (Tom Robbins, Still Life with Woodpecker, 1984)