This document discusses how human behavior is the biggest security threat and proposes a behavioral design approach to securing users. It notes that traditional security awareness training has not been effective and suggests identifying key problems, investigating why they occur in users, and applying behavioral design approaches like creating triggers and raising ability rather than just awareness. The overall message is that improving human behavior can improve security.

1. Session ID:
Session Classification:
Katrina Rodzon
MAD Security
Intermediate
AWARENESSDOESN T MATTER:A
BEHAVIOR DESIGN APPROACHTO
SECURINGUSERS
STU-R32B

2. What is our biggest threat?

3. Microsoft Security Intelligence Report, Volume 11
http://download.microsoft.com/download/0/3/3/0331766E-3FC4-44E5-B1CA-
2BDEB58211B8/Microsoft_Security_Intelligence_Report_volume_11_English.pdf
72.5%
Human Behavior

4. Human Behavior is Our Biggest

5. 1. Stop clicking on links sent to them in emails from people
they don t know
2. Stop falling for Phishing Attacks
3. Use passwords that are actually strong, not just ones that
meet complexity requirements.
MagicWand Question

6. How DoWeTry to Secure
Our Users?

7. Security AwarenessTraining

8. Smoking and Awareness

9. Security Awareness

10. A Behavioral Design
Approach to Securing Users

12. Raising Awareness

13. Bad Passwords

14. Raising Ability

15. CreatingTriggers

16. 1. Identify what key problems are.
2. Investigate why they are occurring in your users.
3. Apply the appropriate behavioral design approach.
Securing Our Users

17. Improve your HUMANS…
Improve your
SECURITY.