How we exclude people from information security (design) which takes away the overwhelmingly biggest threat-AND-vulnerability; how we need to ditch the top-down compliance approach, and how to do security bottom-up. KISS.
21. Vrijheid door vangrails
Aristotle might say that we need rules to protect us from disaster. But at the
same time, rules without wisdom are blind and at best guarantee mediocrity –
forcing wise practitioners to become outlaws, rule-breakers pursuing a kind of
guerrilla war to achieve excellence.
Weick found that the longer the checklists for the wildland firefighters became,
the more improvisation was shut down. Rules are aids, allies, guides, and
checks.
But too much reliance on rules can squeeze out the judgement that is necessary
to do our work well. ...
Better to minimize the number of rules, give up trying to cover every particular
circumstance, and instead do more training to encourage skill and practical
reasoning and intuition. (Schwartz and Scharpe, Practical Wisdom)
23. De juiste druk; effectief design
• Doorzie het dilemma
• Zie de druk van allevier de kringen
• Alles op de juiste maat
• Stimuleer samenwerking
• Pakkans ~ straf
• Kies algemene, reactieve (?) sec.systems
• Pas op concentratie-Points of Failure
• Alles transparant
24.
25. Pt > Dt + Rt
(Pt > 0)
E = Dt + Rt
(Pt = 0) →
Zero-day exploits, or
any unknown vectors
31. • Jurgen van der Vlugt
• Jvdvlugt@maverisk.nl
• LinkedIn http://nl.linkedin.com/in/jurgenvandervlugt/
• Twitter @jvdvlugt
• (G+, etc.etc.)
Contactdetails
Dogma: The problem starts at the secondary level, not with the originator or the developer of
the idea but with the people who are attracted by it, who cling to it until their last nail breaks,
and who invariably lack the overview, flexibility, imagination, and, most importantly, sense of
humor, to maintain it in the spirit in which it was hatched. Ideas are made by masters, dogma
by disciples, and the Buddha is always killed on the road. (Tom Robbins, Still Life with
Woodpecker, 1984)