SlideShare a Scribd company logo
1 of 22
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
The Human Factor
in
Information Technology
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Introduction
• 75% of security incidents caused by
human error
• Technology oriented civilization
• General ignorance in all layers of the
civilization
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Work environment
• Employees often clueless about
security improvements.
• Incidents often caused by :
– Configuration error
– Misinterpretation
– Intentionally action
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Design issue
• Techies needs vs business needs
• Business function vs security
• User-friendly vs security
• The strength of the design is often the
downfall to it. Regular users do not
think as those who designed it
• Design should identify human and
societal need
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Technology
• Technology rapidly changes resulting
in inability to manage
• Technology often ties us to our work
and instead making it easier it gets
worse
• Top notch technology is expensive and
does not guarantee security.
• Implementers often external, could
leave insecure traces, purposely or by
error
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Social engineering
• Art of deception or persuasion
– The exploits
– Human based social engineering
– Technology based social engineering
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Social engineering
The Exploits
• Diffusion of responsibility
• Trust relationships
• Moral duty
• Guilt
• Desire to be helpful
• Cooperation
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Human based
Social engineering
• Impersonation
• The VIP approach
• Shoulder surfing
• Dumpster diving
• Piggy backing
• Third party approach
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Technology
Social engineering
• Popup windows
• Mail attachments
• Spam, Spim, chain emails, hoaxes
• Websites
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Countermeasures
Building a human firewall
• Convince top management
– Top down approach
– Prove security is business enabler not a cost
enabler only.
– According to Gartner the executive board has 3
mayor questions when confronted with security
issues:
• Is our security policy enforced fairly and consistently?
• Would employees, contractors and partners know if a
security violation occurred?
• Would the company know how to handle and react if
they recognize a security violation?
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Countermeasures
Building a human firewall
• Assign and clarify roles/responsibilities
– Separation of duties, do people have the authority
– Careful with overlapping duties
– Clear statements from management
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Countermeasures
Building a human firewall
• Define an action plan linked to a budget
– Assessment of relative value of information
assets
– Use a risk assessment approach
– Prioritize asset values to simplify budgetting
– Involve all units
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Countermeasures
Building a human firewall
• Develop/update the policy framework
– Policies evolve just as the law in real life
– Written in language everyone can understand
– Align with business goals, constraining or
contradictory policies end up in the forgotten list
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Countermeasures
Building a human firewall
• Develop incident response program
– Reduce damage
– Recover quick and efficient
– Keep a trace of the security event, learn from it
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Countermeasures
Building a human firewall
• Develop a security awareness program
– Conduct a survey to find the weak and strong
domains
– Repetition is the key to success
– Events happening in the world could be the
initiator
– It should not be limited to a one shot. Use any
means possible such as quiz, posters, intranet,
mails etc..
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Countermeasures
Building a human firewall
• Develop a security awareness program
– Senior management
– Mid management
– Staff
– Technical staff
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Countermeasures
Target audience
• Develop a security awareness program
– Senior management
• Focus on key elements, risk level, loss
• Numerical or statistical approach
• Examples of real life
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Countermeasures
Target audience
• Develop a security awareness program
– Mid management
• Granular approach on policies, procedures,…
• In charge of mapping it to different departments
• Use business examples
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Countermeasures
Target audience
• Develop a security awareness program
– Staff
• Repetition = key to success
• Split into job related groups
• Stress on the importance of his/her job and the security
related issues involved
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Countermeasures
Target audience
• Develop a security awareness program
– Technical Staff
• Audit trails often see as work control
• Often integrate security after everything is running
• Convince them security protects also their work
environment
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
Countermeasures
Building a human firewall
• Measure your security awareness
efforts
– A quiz is an excellent tool to measure
– Security event statistics can indicate weak spots
– Evaluation forms to gain knowledge current
issues and where to improve
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be
The Human Factor
Q & A

More Related Content

What's hot

CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldiMIS
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & ManufacturingEvan Francen
 
A New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingA New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingSPI Conference
 
The intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protectionThe intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protectionEnclaveSecurity
 
Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)GAURAV. H .TANDON
 
IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)Rui Miguel Feio
 
Implementation of security standards and procedures
Implementation of security standards and proceduresImplementation of security standards and procedures
Implementation of security standards and proceduresStevenSegaert
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsInfonaligy
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014
 
Cybertopic_2security
Cybertopic_2securityCybertopic_2security
Cybertopic_2securityAnne Starr
 
Legal Liability for IOT Cybersecurity Vulnerabilities
Legal Liability for IOT Cybersecurity VulnerabilitiesLegal Liability for IOT Cybersecurity Vulnerabilities
Legal Liability for IOT Cybersecurity VulnerabilitiesPriyanka Aash
 
gkkwqdqqndqw2121234Security essentials domain 4
gkkwqdqqndqw2121234Security essentials   domain 4gkkwqdqqndqw2121234Security essentials   domain 4
gkkwqdqqndqw2121234Security essentials domain 4Anne Starr
 
Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"Sean Bradley
 
How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...PECB
 

What's hot (20)

CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & Manufacturing
 
A New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingA New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm Approaching
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
The intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protectionThe intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protection
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)
 
IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)
 
Implementation of security standards and procedures
Implementation of security standards and proceduresImplementation of security standards and procedures
Implementation of security standards and procedures
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control Systems
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
 
Cybertopic_2security
Cybertopic_2securityCybertopic_2security
Cybertopic_2security
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security Strategy
 
Insider Threat Experiences
Insider Threat ExperiencesInsider Threat Experiences
Insider Threat Experiences
 
Legal Liability for IOT Cybersecurity Vulnerabilities
Legal Liability for IOT Cybersecurity VulnerabilitiesLegal Liability for IOT Cybersecurity Vulnerabilities
Legal Liability for IOT Cybersecurity Vulnerabilities
 
gkkwqdqqndqw2121234Security essentials domain 4
gkkwqdqqndqw2121234Security essentials   domain 4gkkwqdqqndqw2121234Security essentials   domain 4
gkkwqdqqndqw2121234Security essentials domain 4
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"
 
How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...
 

Viewers also liked

โครงงานไวรัสคอมพิวเตอร์ 5.4
โครงงานไวรัสคอมพิวเตอร์ 5.4โครงงานไวรัสคอมพิวเตอร์ 5.4
โครงงานไวรัสคอมพิวเตอร์ 5.4somjaibio003
 
โครงงานเรื่องไวรัสคอมพิวเตอร์ 5.4
โครงงานเรื่องไวรัสคอมพิวเตอร์ 5.4โครงงานเรื่องไวรัสคอมพิวเตอร์ 5.4
โครงงานเรื่องไวรัสคอมพิวเตอร์ 5.4somjaibio003
 
Sensible defence
Sensible defenceSensible defence
Sensible defenceKoen Maris
 
The human factor
The human factorThe human factor
The human factorKoen Maris
 
Direct Red 254, Pigment Dispersions
Direct Red 254, Pigment DispersionsDirect Red 254, Pigment Dispersions
Direct Red 254, Pigment Dispersionsshreem industries
 
Cánh hoa duyên kiếp
Cánh hoa duyên kiếpCánh hoa duyên kiếp
Cánh hoa duyên kiếpsteppe91
 
Honeymoon in nainital | Honeymoon in Nainital From Mumbai-Delhi
Honeymoon in nainital | Honeymoon in Nainital From Mumbai-DelhiHoneymoon in nainital | Honeymoon in Nainital From Mumbai-Delhi
Honeymoon in nainital | Honeymoon in Nainital From Mumbai-DelhiJusteat India
 

Viewers also liked (20)

โครงงานไวรัสคอมพิวเตอร์ 5.4
โครงงานไวรัสคอมพิวเตอร์ 5.4โครงงานไวรัสคอมพิวเตอร์ 5.4
โครงงานไวรัสคอมพิวเตอร์ 5.4
 
About schroeder
About schroederAbout schroeder
About schroeder
 
Rafael Moucka wśród Mentorów E-biznesu
Rafael Moucka wśród Mentorów E-biznesuRafael Moucka wśród Mentorów E-biznesu
Rafael Moucka wśród Mentorów E-biznesu
 
โครงงานเรื่องไวรัสคอมพิวเตอร์ 5.4
โครงงานเรื่องไวรัสคอมพิวเตอร์ 5.4โครงงานเรื่องไวรัสคอมพิวเตอร์ 5.4
โครงงานเรื่องไวรัสคอมพิวเตอร์ 5.4
 
บทที่ 1
บทที่ 1บทที่ 1
บทที่ 1
 
Sensible defence
Sensible defenceSensible defence
Sensible defence
 
Rafael Moucka na konferencji PARP
Rafael Moucka na konferencji PARPRafael Moucka na konferencji PARP
Rafael Moucka na konferencji PARP
 
R.moucka ecommerce standard
R.moucka   ecommerce standardR.moucka   ecommerce standard
R.moucka ecommerce standard
 
ปก
ปกปก
ปก
 
ALEJE.IT z Positive Power
ALEJE.IT z Positive PowerALEJE.IT z Positive Power
ALEJE.IT z Positive Power
 
ปก
ปกปก
ปก
 
Rafael Moucka na Freelance Camp o RWD
Rafael Moucka na Freelance Camp o RWDRafael Moucka na Freelance Camp o RWD
Rafael Moucka na Freelance Camp o RWD
 
Css
CssCss
Css
 
The human factor
The human factorThe human factor
The human factor
 
Direct Red 254, Pigment Dispersions
Direct Red 254, Pigment DispersionsDirect Red 254, Pigment Dispersions
Direct Red 254, Pigment Dispersions
 
Basketball
BasketballBasketball
Basketball
 
Cánh hoa duyên kiếp
Cánh hoa duyên kiếpCánh hoa duyên kiếp
Cánh hoa duyên kiếp
 
บทที่ 2
บทที่ 2บทที่ 2
บทที่ 2
 
Honeymoon in nainital | Honeymoon in Nainital From Mumbai-Delhi
Honeymoon in nainital | Honeymoon in Nainital From Mumbai-DelhiHoneymoon in nainital | Honeymoon in Nainital From Mumbai-Delhi
Honeymoon in nainital | Honeymoon in Nainital From Mumbai-Delhi
 
Lks pengukuran
Lks pengukuranLks pengukuran
Lks pengukuran
 

Similar to The human factor

CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldiMIS
 
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesJohn Rapa
 
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docxherminaprocter
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptxSandeepK707540
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should KnowIBM Security
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016FERMA
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsNCC Group
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016Prime Infoserv
 
Small%20Business%20Presentation.pptx
Small%20Business%20Presentation.pptxSmall%20Business%20Presentation.pptx
Small%20Business%20Presentation.pptxKENNEDY GITHAIGA
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk ManagementTudor Damian
 
Marketing Program Overview_Sal A _2012 v2.1
Marketing Program Overview_Sal A _2012 v2.1Marketing Program Overview_Sal A _2012 v2.1
Marketing Program Overview_Sal A _2012 v2.1Sal Abramo
 
Symantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec
 
Management Information System 5
Management Information System 5Management Information System 5
Management Information System 5Jitendra Tomar
 
Management Information System 5
Management Information System 5Management Information System 5
Management Information System 5Jitendra Tomar
 
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfWhat Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfSecureCurve
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider ThreatPECB
 

Similar to The human factor (20)

CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial Services
 
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptx
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security Threats
 
Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Cert adli wahid_iisf2011
Cert adli wahid_iisf2011
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016
 
Security challenges in 2017
Security challenges in 2017Security challenges in 2017
Security challenges in 2017
 
Small%20Business%20Presentation.pptx
Small%20Business%20Presentation.pptxSmall%20Business%20Presentation.pptx
Small%20Business%20Presentation.pptx
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
 
Marketing Program Overview_Sal A _2012 v2.1
Marketing Program Overview_Sal A _2012 v2.1Marketing Program Overview_Sal A _2012 v2.1
Marketing Program Overview_Sal A _2012 v2.1
 
Symantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global Findings
 
Management Information System 5
Management Information System 5Management Information System 5
Management Information System 5
 
Management Information System 5
Management Information System 5Management Information System 5
Management Information System 5
 
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfWhat Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
 

Recently uploaded

Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsLeah Henrickson
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Paige Cruz
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxFIDO Alliance
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe中 央社
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxFIDO Alliance
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization -  The evolution of API governanceAPI Governance and Monetization -  The evolution of API governance
API Governance and Monetization - The evolution of API governanceWSO2
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxFIDO Alliance
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxFIDO Alliance
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....rightmanforbloodline
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaWSO2
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxFIDO Alliance
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewDianaGray10
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingScyllaDB
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctBrainSell Technologies
 

Recently uploaded (20)

Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization -  The evolution of API governanceAPI Governance and Monetization -  The evolution of API governance
API Governance and Monetization - The evolution of API governance
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 

The human factor

  • 1. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be The Human Factor in Information Technology
  • 2. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Introduction • 75% of security incidents caused by human error • Technology oriented civilization • General ignorance in all layers of the civilization
  • 3. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Work environment • Employees often clueless about security improvements. • Incidents often caused by : – Configuration error – Misinterpretation – Intentionally action
  • 4. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Design issue • Techies needs vs business needs • Business function vs security • User-friendly vs security • The strength of the design is often the downfall to it. Regular users do not think as those who designed it • Design should identify human and societal need
  • 5. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Technology • Technology rapidly changes resulting in inability to manage • Technology often ties us to our work and instead making it easier it gets worse • Top notch technology is expensive and does not guarantee security. • Implementers often external, could leave insecure traces, purposely or by error
  • 6. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Social engineering • Art of deception or persuasion – The exploits – Human based social engineering – Technology based social engineering
  • 7. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Social engineering The Exploits • Diffusion of responsibility • Trust relationships • Moral duty • Guilt • Desire to be helpful • Cooperation
  • 8. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Human based Social engineering • Impersonation • The VIP approach • Shoulder surfing • Dumpster diving • Piggy backing • Third party approach
  • 9. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Technology Social engineering • Popup windows • Mail attachments • Spam, Spim, chain emails, hoaxes • Websites
  • 10. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Convince top management – Top down approach – Prove security is business enabler not a cost enabler only. – According to Gartner the executive board has 3 mayor questions when confronted with security issues: • Is our security policy enforced fairly and consistently? • Would employees, contractors and partners know if a security violation occurred? • Would the company know how to handle and react if they recognize a security violation?
  • 11. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Assign and clarify roles/responsibilities – Separation of duties, do people have the authority – Careful with overlapping duties – Clear statements from management
  • 12. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Define an action plan linked to a budget – Assessment of relative value of information assets – Use a risk assessment approach – Prioritize asset values to simplify budgetting – Involve all units
  • 13. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Develop/update the policy framework – Policies evolve just as the law in real life – Written in language everyone can understand – Align with business goals, constraining or contradictory policies end up in the forgotten list
  • 14. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Develop incident response program – Reduce damage – Recover quick and efficient – Keep a trace of the security event, learn from it
  • 15. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Develop a security awareness program – Conduct a survey to find the weak and strong domains – Repetition is the key to success – Events happening in the world could be the initiator – It should not be limited to a one shot. Use any means possible such as quiz, posters, intranet, mails etc..
  • 16. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Develop a security awareness program – Senior management – Mid management – Staff – Technical staff
  • 17. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Target audience • Develop a security awareness program – Senior management • Focus on key elements, risk level, loss • Numerical or statistical approach • Examples of real life
  • 18. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Target audience • Develop a security awareness program – Mid management • Granular approach on policies, procedures,… • In charge of mapping it to different departments • Use business examples
  • 19. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Target audience • Develop a security awareness program – Staff • Repetition = key to success • Split into job related groups • Stress on the importance of his/her job and the security related issues involved
  • 20. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Target audience • Develop a security awareness program – Technical Staff • Audit trails often see as work control • Often integrate security after everything is running • Convince them security protects also their work environment
  • 21. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Measure your security awareness efforts – A quiz is an excellent tool to measure – Security event statistics can indicate weak spots – Evaluation forms to gain knowledge current issues and where to improve
  • 22. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be The Human Factor Q & A