SlideShare a Scribd company logo
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
The Human Factor
in
Information Technology
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Introduction
• 75% of security incidents caused by
human error
• Technology oriented civilization
• General ignorance in all layers of the
civilization
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Work environment
• Employees often clueless about
security improvements.
• Incidents often caused by :
– Configuration error
– Misinterpretation
– Intentionally action
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Design issue
• Techies needs vs business needs
• Business function vs security
• User-friendly vs security
• The strength of the design is often the
downfall to it. Regular users do not
think as those who designed it
• Design should identify human and
societal need
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Technology
• Technology rapidly changes resulting
in inability to manage
• Technology often ties us to our work
and instead making it easier it gets
worse
• Top notch technology is expensive and
does not guarantee security.
• Implementers often external, could
leave insecure traces, purposely or by
error
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Social engineering
• Art of deception or persuasion
– The exploits
– Human based social engineering
– Technology based social engineering
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Social engineering
The Exploits
• Diffusion of responsibility
• Trust relationships
• Moral duty
• Guilt
• Desire to be helpful
• Cooperation
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Human based
Social engineering
• Impersonation
• The VIP approach
• Shoulder surfing
• Dumpster diving
• Piggy backing
• Third party approach
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Technology
Social engineering
• Popup windows
• Mail attachments
• Spam, Spim, chain emails, hoaxes
• Websites
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Countermeasures
Building a human firewall
• Convince top management
– Top down approach
– Prove security is business enabler not a cost
enabler only.
– According to Gartner the executive board has 3
mayor questions when confronted with security
issues:
• Is our security policy enforced fairly and consistently?
• Would employees, contractors and partners know if a
security violation occurred?
• Would the company know how to handle and react if
they recognize a security violation?
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Countermeasures
Building a human firewall
• Assign and clarify roles/responsibilities
– Separation of duties, do people have the authority
– Careful with overlapping duties
– Clear statements from management
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Countermeasures
Building a human firewall
• Define an action plan linked to a budget
– Assessment of relative value of information
assets
– Use a risk assessment approach
– Prioritize asset values to simplify budgetting
– Involve all units
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Countermeasures
Building a human firewall
• Develop/update the policy framework
– Policies evolve just as the law in real life
– Written in language everyone can understand
– Align with business goals, constraining or
contradictory policies end up in the forgotten list
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Countermeasures
Building a human firewall
• Develop incident response program
– Reduce damage
– Recover quick and efficient
– Keep a trace of the security event, learn from it
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Countermeasures
Building a human firewall
• Develop a security awareness program
– Conduct a survey to find the weak and strong
domains
– Repetition is the key to success
– Events happening in the world could be the
initiator
– It should not be limited to a one shot. Use any
means possible such as quiz, posters, intranet,
mails etc..
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Countermeasures
Building a human firewall
• Develop a security awareness program
– Senior management
– Mid management
– Staff
– Technical staff
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Countermeasures
Target audience
• Develop a security awareness program
– Senior management
• Focus on key elements, risk level, loss
• Numerical or statistical approach
• Examples of real life
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Countermeasures
Target audience
• Develop a security awareness program
– Mid management
• Granular approach on policies, procedures,…
• In charge of mapping it to different departments
• Use business examples
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Countermeasures
Target audience
• Develop a security awareness program
– Staff
• Repetition = key to success
• Split into job related groups
• Stress on the importance of his/her job and the security
related issues involved
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Countermeasures
Target audience
• Develop a security awareness program
– Technical Staff
• Audit trails often see as work control
• Often integrate security after everything is running
• Convince them security protects also their work
environment
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Countermeasures
Building a human firewall
• Measure your security awareness
efforts
– A quiz is an excellent tool to measure
– Security event statistics can indicate weak spots
– Evaluation forms to gain knowledge current
issues and where to improve
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
The Human Factor
Q & A

More Related Content

What's hot

CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
iMIS
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & Manufacturing
Evan Francen
 
A New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingA New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm Approaching
SPI Conference
 
Lesson 2
Lesson 2Lesson 2
The intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protectionThe intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protection
EnclaveSecurity
 
Lesson 2
Lesson 2Lesson 2
Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)
GAURAV. H .TANDON
 
IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)
Rui Miguel Feio
 
Implementation of security standards and procedures
Implementation of security standards and proceduresImplementation of security standards and procedures
Implementation of security standards and procedures
StevenSegaert
 
Lesson 1
Lesson 1Lesson 1
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control Systems
Infonaligy
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014
 
Cybertopic_2security
Cybertopic_2securityCybertopic_2security
Cybertopic_2security
Anne Starr
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security Strategy
Laura Vanassche
 
Insider Threat Experiences
Insider Threat ExperiencesInsider Threat Experiences
Insider Threat Experiences
Napier University
 
Legal Liability for IOT Cybersecurity Vulnerabilities
Legal Liability for IOT Cybersecurity VulnerabilitiesLegal Liability for IOT Cybersecurity Vulnerabilities
Legal Liability for IOT Cybersecurity Vulnerabilities
Priyanka Aash
 
gkkwqdqqndqw2121234Security essentials domain 4
gkkwqdqqndqw2121234Security essentials   domain 4gkkwqdqqndqw2121234Security essentials   domain 4
gkkwqdqqndqw2121234Security essentials domain 4
Anne Starr
 
Lesson 1
Lesson 1Lesson 1
Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"
Sean Bradley
 
How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...
PECB
 

What's hot (20)

CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & Manufacturing
 
A New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingA New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm Approaching
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
The intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protectionThe intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protection
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)
 
IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)
 
Implementation of security standards and procedures
Implementation of security standards and proceduresImplementation of security standards and procedures
Implementation of security standards and procedures
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control Systems
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
 
Cybertopic_2security
Cybertopic_2securityCybertopic_2security
Cybertopic_2security
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security Strategy
 
Insider Threat Experiences
Insider Threat ExperiencesInsider Threat Experiences
Insider Threat Experiences
 
Legal Liability for IOT Cybersecurity Vulnerabilities
Legal Liability for IOT Cybersecurity VulnerabilitiesLegal Liability for IOT Cybersecurity Vulnerabilities
Legal Liability for IOT Cybersecurity Vulnerabilities
 
gkkwqdqqndqw2121234Security essentials domain 4
gkkwqdqqndqw2121234Security essentials   domain 4gkkwqdqqndqw2121234Security essentials   domain 4
gkkwqdqqndqw2121234Security essentials domain 4
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"
 
How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...
 

Viewers also liked

โครงงานไวรัสคอมพิวเตอร์ 5.4
โครงงานไวรัสคอมพิวเตอร์ 5.4โครงงานไวรัสคอมพิวเตอร์ 5.4
โครงงานไวรัสคอมพิวเตอร์ 5.4somjaibio003
 
โครงงานเรื่องไวรัสคอมพิวเตอร์ 5.4
โครงงานเรื่องไวรัสคอมพิวเตอร์ 5.4โครงงานเรื่องไวรัสคอมพิวเตอร์ 5.4
โครงงานเรื่องไวรัสคอมพิวเตอร์ 5.4somjaibio003
 
Sensible defence
Sensible defenceSensible defence
Sensible defence
Koen Maris
 
Rafael Moucka na konferencji PARP
Rafael Moucka na konferencji PARPRafael Moucka na konferencji PARP
Rafael Moucka na konferencji PARP
Positive Power Sp. z o.o
 
ALEJE.IT z Positive Power
ALEJE.IT z Positive PowerALEJE.IT z Positive Power
ALEJE.IT z Positive Power
Positive Power Sp. z o.o
 
The human factor
The human factorThe human factor
The human factor
Koen Maris
 
Direct Red 254, Pigment Dispersions
Direct Red 254, Pigment DispersionsDirect Red 254, Pigment Dispersions
Direct Red 254, Pigment Dispersions
shreem industries
 
Basketball
BasketballBasketball
Basketball
aggelosk13
 
Cánh hoa duyên kiếp
Cánh hoa duyên kiếpCánh hoa duyên kiếp
Cánh hoa duyên kiếpsteppe91
 
Honeymoon in nainital | Honeymoon in Nainital From Mumbai-Delhi
Honeymoon in nainital | Honeymoon in Nainital From Mumbai-DelhiHoneymoon in nainital | Honeymoon in Nainital From Mumbai-Delhi
Honeymoon in nainital | Honeymoon in Nainital From Mumbai-Delhi
Justeat India
 
Lks pengukuran
Lks pengukuranLks pengukuran
Lks pengukuran
antoninovela
 

Viewers also liked (20)

โครงงานไวรัสคอมพิวเตอร์ 5.4
โครงงานไวรัสคอมพิวเตอร์ 5.4โครงงานไวรัสคอมพิวเตอร์ 5.4
โครงงานไวรัสคอมพิวเตอร์ 5.4
 
About schroeder
About schroederAbout schroeder
About schroeder
 
Rafael Moucka wśród Mentorów E-biznesu
Rafael Moucka wśród Mentorów E-biznesuRafael Moucka wśród Mentorów E-biznesu
Rafael Moucka wśród Mentorów E-biznesu
 
โครงงานเรื่องไวรัสคอมพิวเตอร์ 5.4
โครงงานเรื่องไวรัสคอมพิวเตอร์ 5.4โครงงานเรื่องไวรัสคอมพิวเตอร์ 5.4
โครงงานเรื่องไวรัสคอมพิวเตอร์ 5.4
 
บทที่ 1
บทที่ 1บทที่ 1
บทที่ 1
 
Sensible defence
Sensible defenceSensible defence
Sensible defence
 
Rafael Moucka na konferencji PARP
Rafael Moucka na konferencji PARPRafael Moucka na konferencji PARP
Rafael Moucka na konferencji PARP
 
R.moucka ecommerce standard
R.moucka   ecommerce standardR.moucka   ecommerce standard
R.moucka ecommerce standard
 
ปก
ปกปก
ปก
 
ALEJE.IT z Positive Power
ALEJE.IT z Positive PowerALEJE.IT z Positive Power
ALEJE.IT z Positive Power
 
ปก
ปกปก
ปก
 
Rafael Moucka na Freelance Camp o RWD
Rafael Moucka na Freelance Camp o RWDRafael Moucka na Freelance Camp o RWD
Rafael Moucka na Freelance Camp o RWD
 
Css
CssCss
Css
 
The human factor
The human factorThe human factor
The human factor
 
Direct Red 254, Pigment Dispersions
Direct Red 254, Pigment DispersionsDirect Red 254, Pigment Dispersions
Direct Red 254, Pigment Dispersions
 
Basketball
BasketballBasketball
Basketball
 
Cánh hoa duyên kiếp
Cánh hoa duyên kiếpCánh hoa duyên kiếp
Cánh hoa duyên kiếp
 
บทที่ 2
บทที่ 2บทที่ 2
บทที่ 2
 
Honeymoon in nainital | Honeymoon in Nainital From Mumbai-Delhi
Honeymoon in nainital | Honeymoon in Nainital From Mumbai-DelhiHoneymoon in nainital | Honeymoon in Nainital From Mumbai-Delhi
Honeymoon in nainital | Honeymoon in Nainital From Mumbai-Delhi
 
Lks pengukuran
Lks pengukuranLks pengukuran
Lks pengukuran
 

Similar to The human factor

CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
iMIS
 
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial Services
John Rapa
 
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
herminaprocter
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
Claus Cramon Houmann
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptx
SandeepK707540
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
elmuhammadmuhammad
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
IBM Security
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
FERMA
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security Threats
NCC Group
 
Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Cert adli wahid_iisf2011
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016
Prime Infoserv
 
Security challenges in 2017
Security challenges in 2017Security challenges in 2017
Security challenges in 2017
Etienne Liebetrau
 
Small%20Business%20Presentation.pptx
Small%20Business%20Presentation.pptxSmall%20Business%20Presentation.pptx
Small%20Business%20Presentation.pptx
KENNEDY GITHAIGA
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
Tudor Damian
 
Marketing Program Overview_Sal A _2012 v2.1
Marketing Program Overview_Sal A _2012 v2.1Marketing Program Overview_Sal A _2012 v2.1
Marketing Program Overview_Sal A _2012 v2.1
Sal Abramo
 
Symantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global Findings
Symantec
 
Management Information System 5
Management Information System 5Management Information System 5
Management Information System 5
Jitendra Tomar
 
Management Information System 5
Management Information System 5Management Information System 5
Management Information System 5
Jitendra Tomar
 
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfWhat Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
SecureCurve
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
PECB
 

Similar to The human factor (20)

CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial Services
 
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptx
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security Threats
 
Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Cert adli wahid_iisf2011
Cert adli wahid_iisf2011
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016
 
Security challenges in 2017
Security challenges in 2017Security challenges in 2017
Security challenges in 2017
 
Small%20Business%20Presentation.pptx
Small%20Business%20Presentation.pptxSmall%20Business%20Presentation.pptx
Small%20Business%20Presentation.pptx
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
 
Marketing Program Overview_Sal A _2012 v2.1
Marketing Program Overview_Sal A _2012 v2.1Marketing Program Overview_Sal A _2012 v2.1
Marketing Program Overview_Sal A _2012 v2.1
 
Symantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global Findings
 
Management Information System 5
Management Information System 5Management Information System 5
Management Information System 5
 
Management Information System 5
Management Information System 5Management Information System 5
Management Information System 5
 
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfWhat Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
 

Recently uploaded

GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
marufrahmanstratejm
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE?  Session 1 – CoE VisionWhat is an RPA CoE?  Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 

Recently uploaded (20)

GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE?  Session 1 – CoE VisionWhat is an RPA CoE?  Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 

The human factor

  • 1. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be The Human Factor in Information Technology
  • 2. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Introduction • 75% of security incidents caused by human error • Technology oriented civilization • General ignorance in all layers of the civilization
  • 3. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Work environment • Employees often clueless about security improvements. • Incidents often caused by : – Configuration error – Misinterpretation – Intentionally action
  • 4. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Design issue • Techies needs vs business needs • Business function vs security • User-friendly vs security • The strength of the design is often the downfall to it. Regular users do not think as those who designed it • Design should identify human and societal need
  • 5. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Technology • Technology rapidly changes resulting in inability to manage • Technology often ties us to our work and instead making it easier it gets worse • Top notch technology is expensive and does not guarantee security. • Implementers often external, could leave insecure traces, purposely or by error
  • 6. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Social engineering • Art of deception or persuasion – The exploits – Human based social engineering – Technology based social engineering
  • 7. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Social engineering The Exploits • Diffusion of responsibility • Trust relationships • Moral duty • Guilt • Desire to be helpful • Cooperation
  • 8. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Human based Social engineering • Impersonation • The VIP approach • Shoulder surfing • Dumpster diving • Piggy backing • Third party approach
  • 9. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Technology Social engineering • Popup windows • Mail attachments • Spam, Spim, chain emails, hoaxes • Websites
  • 10. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Convince top management – Top down approach – Prove security is business enabler not a cost enabler only. – According to Gartner the executive board has 3 mayor questions when confronted with security issues: • Is our security policy enforced fairly and consistently? • Would employees, contractors and partners know if a security violation occurred? • Would the company know how to handle and react if they recognize a security violation?
  • 11. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Assign and clarify roles/responsibilities – Separation of duties, do people have the authority – Careful with overlapping duties – Clear statements from management
  • 12. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Define an action plan linked to a budget – Assessment of relative value of information assets – Use a risk assessment approach – Prioritize asset values to simplify budgetting – Involve all units
  • 13. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Develop/update the policy framework – Policies evolve just as the law in real life – Written in language everyone can understand – Align with business goals, constraining or contradictory policies end up in the forgotten list
  • 14. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Develop incident response program – Reduce damage – Recover quick and efficient – Keep a trace of the security event, learn from it
  • 15. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Develop a security awareness program – Conduct a survey to find the weak and strong domains – Repetition is the key to success – Events happening in the world could be the initiator – It should not be limited to a one shot. Use any means possible such as quiz, posters, intranet, mails etc..
  • 16. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Develop a security awareness program – Senior management – Mid management – Staff – Technical staff
  • 17. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Target audience • Develop a security awareness program – Senior management • Focus on key elements, risk level, loss • Numerical or statistical approach • Examples of real life
  • 18. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Target audience • Develop a security awareness program – Mid management • Granular approach on policies, procedures,… • In charge of mapping it to different departments • Use business examples
  • 19. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Target audience • Develop a security awareness program – Staff • Repetition = key to success • Split into job related groups • Stress on the importance of his/her job and the security related issues involved
  • 20. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Target audience • Develop a security awareness program – Technical Staff • Audit trails often see as work control • Often integrate security after everything is running • Convince them security protects also their work environment
  • 21. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Measure your security awareness efforts – A quiz is an excellent tool to measure – Security event statistics can indicate weak spots – Evaluation forms to gain knowledge current issues and where to improve
  • 22. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be The Human Factor Q & A