SlideShare a Scribd company logo

The human factor

Download as PPT, PDF
Koen Maris
Koen Maris

The document discusses the human factor in information technology security. It states that 75% of security incidents are caused by human error due to lack of security awareness among employees. It emphasizes building a "human firewall" through developing a comprehensive security awareness program tailored to different audiences, including senior management, mid-management, staff, and technical staff. The program should aim to educate employees on security policies and procedures, the risks of security violations, and their role in protecting company assets. Regular testing can measure the effectiveness of the security awareness efforts.

1 of 22
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be The Human Factor in Information Technology
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Introduction • 75% of security incidents caused by human error • Technology oriented civilization • General ignorance in all layers of the civilization
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Work environment • Employees often clueless about security improvements. • Incidents often caused by : – Configuration error – Misinterpretation – Intentionally action
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Design issue • Techies needs vs business needs • Business function vs security • User-friendly vs security • The strength of the design is often the downfall to it. Regular users do not think as those who designed it • Design should identify human and societal need
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Technology • Technology rapidly changes resulting in inability to manage • Technology often ties us to our work and instead making it easier it gets worse • Top notch technology is expensive and does not guarantee security. • Implementers often external, could leave insecure traces, purposely or by error
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Social engineering • Art of deception or persuasion – The exploits – Human based social engineering – Technology based social engineering
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Social engineering The Exploits • Diffusion of responsibility • Trust relationships • Moral duty • Guilt • Desire to be helpful • Cooperation
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Human based Social engineering • Impersonation • The VIP approach • Shoulder surfing • Dumpster diving • Piggy backing • Third party approach
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Technology Social engineering • Popup windows • Mail attachments • Spam, Spim, chain emails, hoaxes • Websites
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Convince top management – Top down approach – Prove security is business enabler not a cost enabler only. – According to Gartner the executive board has 3 mayor questions when confronted with security issues: • Is our security policy enforced fairly and consistently? • Would employees, contractors and partners know if a security violation occurred? • Would the company know how to handle and react if they recognize a security violation?
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Assign and clarify roles/responsibilities – Separation of duties, do people have the authority – Careful with overlapping duties – Clear statements from management
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Define an action plan linked to a budget – Assessment of relative value of information assets – Use a risk assessment approach – Prioritize asset values to simplify budgetting – Involve all units
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Develop/update the policy framework – Policies evolve just as the law in real life – Written in language everyone can understand – Align with business goals, constraining or contradictory policies end up in the forgotten list
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Develop incident response program – Reduce damage – Recover quick and efficient – Keep a trace of the security event, learn from it
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Develop a security awareness program – Conduct a survey to find the weak and strong domains – Repetition is the key to success – Events happening in the world could be the initiator – It should not be limited to a one shot. Use any means possible such as quiz, posters, intranet, mails etc..
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Develop a security awareness program – Senior management – Mid management – Staff – Technical staff
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Target audience • Develop a security awareness program – Senior management • Focus on key elements, risk level, loss • Numerical or statistical approach • Examples of real life
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Target audience • Develop a security awareness program – Mid management • Granular approach on policies, procedures,… • In charge of mapping it to different departments • Use business examples
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Target audience • Develop a security awareness program – Staff • Repetition = key to success • Split into job related groups • Stress on the importance of his/her job and the security related issues involved
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Target audience • Develop a security awareness program – Technical Staff • Audit trails often see as work control • Often integrate security after everything is running • Convince them security protects also their work environment
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Measure your security awareness efforts – A quiz is an excellent tool to measure – Security event statistics can indicate weak spots – Evaluation forms to gain knowledge current issues and where to improve
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be The Human Factor Q & A

Recommended

Infosec russia cnemeth_v1.2.ppt
Infosec russia cnemeth_v1.2.pptInfosec russia cnemeth_v1.2.ppt
Infosec russia cnemeth_v1.2.ppt
Christophe Németh (CISSP / CISM)
 
IBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn SeriesIBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn Series
Jeff Miller
 
Smarter cyber security v8
Smarter cyber security v8Smarter cyber security v8
Smarter cyber security v8
John Palfreyman
 
Secuntialesse
SecuntialesseSecuntialesse
Secuntialesse
Anne Starr
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
Edward Wendling
 
ARC Facilities - 5 FM Tech Tips Webinar
ARC Facilities - 5 FM Tech Tips WebinarARC Facilities - 5 FM Tech Tips Webinar
ARC Facilities - 5 FM Tech Tips Webinar
ARC Facilities
 
)k
)k)k
)k
Anne Starr
 
Sec4
Sec4Sec4
Sec4
Anne Starr
 

Recommended

Infosec russia cnemeth_v1.2.ppt
Infosec russia cnemeth_v1.2.pptInfosec russia cnemeth_v1.2.ppt
Infosec russia cnemeth_v1.2.ppt
Christophe Németh (CISSP / CISM)
 
IBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn SeriesIBM Security 2017 Lunch and Learn Series
IBM Security 2017 Lunch and Learn Series
Jeff Miller
 
Smarter cyber security v8
Smarter cyber security v8Smarter cyber security v8
Smarter cyber security v8
John Palfreyman
 
Secuntialesse
SecuntialesseSecuntialesse
Secuntialesse
Anne Starr
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
Edward Wendling
 
ARC Facilities - 5 FM Tech Tips Webinar
ARC Facilities - 5 FM Tech Tips WebinarARC Facilities - 5 FM Tech Tips Webinar
ARC Facilities - 5 FM Tech Tips Webinar
ARC Facilities
 
)k
)k)k
)k
Anne Starr
 
Sec4
Sec4Sec4
Sec4
Anne Starr
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
iMIS
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & Manufacturing
Evan Francen
 
A New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingA New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm Approaching
SPI Conference
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
The intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protectionThe intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protection
EnclaveSecurity
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)
GAURAV. H .TANDON
 
IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)
Rui Miguel Feio
 
Implementation of security standards and procedures
Implementation of security standards and proceduresImplementation of security standards and procedures
Implementation of security standards and proceduresStevenSegaert
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control Systems
Infonaligy
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014
 
Cybertopic_2security
Cybertopic_2securityCybertopic_2security
Cybertopic_2security
Anne Starr
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security Strategy
Laura Vanassche
 
Insider Threat Experiences
Insider Threat ExperiencesInsider Threat Experiences
Insider Threat Experiences
Napier University
 
Legal Liability for IOT Cybersecurity Vulnerabilities
Legal Liability for IOT Cybersecurity VulnerabilitiesLegal Liability for IOT Cybersecurity Vulnerabilities
Legal Liability for IOT Cybersecurity Vulnerabilities
Priyanka Aash
 
gkkwqdqqndqw2121234Security essentials domain 4
gkkwqdqqndqw2121234Security essentials domain 4gkkwqdqqndqw2121234Security essentials domain 4
gkkwqdqqndqw2121234Security essentials domain 4
Anne Starr
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"
Sean Bradley
 
How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...
PECB
 
โครงงานไวรัสคอมพิวเตอร์ 5.4
โครงงานไวรัสคอมพิวเตอร์ 5.4โครงงานไวรัสคอมพิวเตอร์ 5.4
โครงงานไวรัสคอมพิวเตอร์ 5.4somjaibio003
 
About schroeder
About schroederAbout schroeder
About schroederLuana Bittencourt
 

More Related Content

What's hot

CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
iMIS
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & Manufacturing
Evan Francen
 
A New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingA New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm Approaching
SPI Conference
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
The intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protectionThe intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protection
EnclaveSecurity
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)
GAURAV. H .TANDON
 
IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)
Rui Miguel Feio
 
Implementation of security standards and procedures
Implementation of security standards and proceduresImplementation of security standards and procedures
Implementation of security standards and proceduresStevenSegaert
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control Systems
Infonaligy
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014
 
Cybertopic_2security
Cybertopic_2securityCybertopic_2security
Cybertopic_2security
Anne Starr
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security Strategy
Laura Vanassche
 
Insider Threat Experiences
Insider Threat ExperiencesInsider Threat Experiences
Insider Threat Experiences
Napier University
 
Legal Liability for IOT Cybersecurity Vulnerabilities
Legal Liability for IOT Cybersecurity VulnerabilitiesLegal Liability for IOT Cybersecurity Vulnerabilities
Legal Liability for IOT Cybersecurity Vulnerabilities
Priyanka Aash
 
gkkwqdqqndqw2121234Security essentials domain 4
gkkwqdqqndqw2121234Security essentials domain 4gkkwqdqqndqw2121234Security essentials domain 4
gkkwqdqqndqw2121234Security essentials domain 4
Anne Starr
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"
Sean Bradley
 
How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...
PECB
 

What's hot (20)

CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & Manufacturing
 
A New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingA New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm Approaching
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
The intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protectionThe intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protection
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)
 
IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)
 
Implementation of security standards and procedures
Implementation of security standards and proceduresImplementation of security standards and procedures
Implementation of security standards and procedures
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control Systems
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
 
Cybertopic_2security
Cybertopic_2securityCybertopic_2security
Cybertopic_2security
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security Strategy
 
Insider Threat Experiences
Insider Threat ExperiencesInsider Threat Experiences
Insider Threat Experiences
 
Legal Liability for IOT Cybersecurity Vulnerabilities
Legal Liability for IOT Cybersecurity VulnerabilitiesLegal Liability for IOT Cybersecurity Vulnerabilities
Legal Liability for IOT Cybersecurity Vulnerabilities
 
gkkwqdqqndqw2121234Security essentials domain 4
gkkwqdqqndqw2121234Security essentials domain 4gkkwqdqqndqw2121234Security essentials domain 4
gkkwqdqqndqw2121234Security essentials domain 4
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"
 
How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...
 

Viewers also liked

โครงงานไวรัสคอมพิวเตอร์ 5.4
โครงงานไวรัสคอมพิวเตอร์ 5.4โครงงานไวรัสคอมพิวเตอร์ 5.4
โครงงานไวรัสคอมพิวเตอร์ 5.4somjaibio003
 
โครงงานเรื่องไวรัสคอมพิวเตอร์ 5.4
โครงงานเรื่องไวรัสคอมพิวเตอร์ 5.4โครงงานเรื่องไวรัสคอมพิวเตอร์ 5.4
โครงงานเรื่องไวรัสคอมพิวเตอร์ 5.4somjaibio003
 
Sensible defence
Sensible defenceSensible defence
Sensible defence
Koen Maris
 
Rafael Moucka na konferencji PARP
Rafael Moucka na konferencji PARPRafael Moucka na konferencji PARP
Rafael Moucka na konferencji PARP
Positive Power Sp. z o.o
 
ALEJE.IT z Positive Power
ALEJE.IT z Positive PowerALEJE.IT z Positive Power
ALEJE.IT z Positive Power
Positive Power Sp. z o.o
 
The human factor
The human factorThe human factor
The human factor
Koen Maris
 
Direct Red 254, Pigment Dispersions
Direct Red 254, Pigment DispersionsDirect Red 254, Pigment Dispersions
Direct Red 254, Pigment Dispersions
shreem industries
 
Cánh hoa duyên kiếp
Cánh hoa duyên kiếpCánh hoa duyên kiếp
Cánh hoa duyên kiếpsteppe91
 
Honeymoon in nainital | Honeymoon in Nainital From Mumbai-Delhi
Honeymoon in nainital | Honeymoon in Nainital From Mumbai-DelhiHoneymoon in nainital | Honeymoon in Nainital From Mumbai-Delhi
Honeymoon in nainital | Honeymoon in Nainital From Mumbai-Delhi
Justeat India
 

Viewers also liked (20)

โครงงานไวรัสคอมพิวเตอร์ 5.4
โครงงานไวรัสคอมพิวเตอร์ 5.4โครงงานไวรัสคอมพิวเตอร์ 5.4
โครงงานไวรัสคอมพิวเตอร์ 5.4
 
About schroeder
About schroederAbout schroeder
About schroeder
 
Rafael Moucka wśród Mentorów E-biznesu
Rafael Moucka wśród Mentorów E-biznesuRafael Moucka wśród Mentorów E-biznesu
Rafael Moucka wśród Mentorów E-biznesu
 
โครงงานเรื่องไวรัสคอมพิวเตอร์ 5.4
โครงงานเรื่องไวรัสคอมพิวเตอร์ 5.4โครงงานเรื่องไวรัสคอมพิวเตอร์ 5.4
โครงงานเรื่องไวรัสคอมพิวเตอร์ 5.4
 
บทที่ 1
บทที่ 1บทที่ 1
บทที่ 1
 
Sensible defence
Sensible defenceSensible defence
Sensible defence
 
Rafael Moucka na konferencji PARP
Rafael Moucka na konferencji PARPRafael Moucka na konferencji PARP
Rafael Moucka na konferencji PARP
 
R.moucka ecommerce standard
R.moucka ecommerce standardR.moucka ecommerce standard
R.moucka ecommerce standard
 
ปก
ปกปก
ปก
 
ALEJE.IT z Positive Power
ALEJE.IT z Positive PowerALEJE.IT z Positive Power
ALEJE.IT z Positive Power
 
ปก
ปกปก
ปก
 
Rafael Moucka na Freelance Camp o RWD
Rafael Moucka na Freelance Camp o RWDRafael Moucka na Freelance Camp o RWD
Rafael Moucka na Freelance Camp o RWD
 
Css
CssCss
Css
 
The human factor
The human factorThe human factor
The human factor
 
Direct Red 254, Pigment Dispersions
Direct Red 254, Pigment DispersionsDirect Red 254, Pigment Dispersions
Direct Red 254, Pigment Dispersions
 
Basketball
BasketballBasketball
Basketball
 
Cánh hoa duyên kiếp
Cánh hoa duyên kiếpCánh hoa duyên kiếp
Cánh hoa duyên kiếp
 
บทที่ 2
บทที่ 2บทที่ 2
บทที่ 2
 
Honeymoon in nainital | Honeymoon in Nainital From Mumbai-Delhi
Honeymoon in nainital | Honeymoon in Nainital From Mumbai-DelhiHoneymoon in nainital | Honeymoon in Nainital From Mumbai-Delhi
Honeymoon in nainital | Honeymoon in Nainital From Mumbai-Delhi
 
Lks pengukuran
Lks pengukuranLks pengukuran
Lks pengukuran
 

Similar to The human factor

CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
iMIS
 
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial Services
John Rapa
 
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
herminaprocter
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
Claus Cramon Houmann
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptx
SandeepK707540
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
elmuhammadmuhammad
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
IBM Security
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
FERMA
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsNCC Group
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016
Prime Infoserv
 
Security challenges in 2017
Security challenges in 2017Security challenges in 2017
Security challenges in 2017
Etienne Liebetrau
 
Small%20Business%20Presentation.pptx
Small%20Business%20Presentation.pptxSmall%20Business%20Presentation.pptx
Small%20Business%20Presentation.pptx
KENNEDY GITHAIGA
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
Tudor Damian
 
Marketing Program Overview_Sal A _2012 v2.1
Marketing Program Overview_Sal A _2012 v2.1Marketing Program Overview_Sal A _2012 v2.1
Marketing Program Overview_Sal A _2012 v2.1Sal Abramo
 
Symantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global Findings
Symantec
 
Management Information System 5
Management Information System 5Management Information System 5
Management Information System 5Jitendra Tomar
 
Management Information System 5
Management Information System 5Management Information System 5
Management Information System 5Jitendra Tomar
 
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfWhat Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
SecureCurve
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
PECB
 

Similar to The human factor (20)

CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial Services
 
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
1Copyright © 2012, Elsevier Inc. All Rights Reserved.docx
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
 
Cyber Security roadmap.pptx
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptx
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security Threats
 
Cert adli wahid_iisf2011
Cert adli wahid_iisf2011Cert adli wahid_iisf2011
Cert adli wahid_iisf2011
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016
 
Security challenges in 2017
Security challenges in 2017Security challenges in 2017
Security challenges in 2017
 
Small%20Business%20Presentation.pptx
Small%20Business%20Presentation.pptxSmall%20Business%20Presentation.pptx
Small%20Business%20Presentation.pptx
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
 
Marketing Program Overview_Sal A _2012 v2.1
Marketing Program Overview_Sal A _2012 v2.1Marketing Program Overview_Sal A _2012 v2.1
Marketing Program Overview_Sal A _2012 v2.1
 
Symantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global Findings
 
Management Information System 5
Management Information System 5Management Information System 5
Management Information System 5
 
Management Information System 5
Management Information System 5Management Information System 5
Management Information System 5
 
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfWhat Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
 

Recently uploaded

GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
UiPathCommunity
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 

Recently uploaded (20)

GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 

The human factor

  • 1. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be The Human Factor in Information Technology
  • 2. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Introduction • 75% of security incidents caused by human error • Technology oriented civilization • General ignorance in all layers of the civilization
  • 3. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Work environment • Employees often clueless about security improvements. • Incidents often caused by : – Configuration error – Misinterpretation – Intentionally action
  • 4. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Design issue • Techies needs vs business needs • Business function vs security • User-friendly vs security • The strength of the design is often the downfall to it. Regular users do not think as those who designed it • Design should identify human and societal need
  • 5. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Technology • Technology rapidly changes resulting in inability to manage • Technology often ties us to our work and instead making it easier it gets worse • Top notch technology is expensive and does not guarantee security. • Implementers often external, could leave insecure traces, purposely or by error
  • 6. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Social engineering • Art of deception or persuasion – The exploits – Human based social engineering – Technology based social engineering
  • 7. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Social engineering The Exploits • Diffusion of responsibility • Trust relationships • Moral duty • Guilt • Desire to be helpful • Cooperation
  • 8. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Human based Social engineering • Impersonation • The VIP approach • Shoulder surfing • Dumpster diving • Piggy backing • Third party approach
  • 9. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Technology Social engineering • Popup windows • Mail attachments • Spam, Spim, chain emails, hoaxes • Websites
  • 10. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Convince top management – Top down approach – Prove security is business enabler not a cost enabler only. – According to Gartner the executive board has 3 mayor questions when confronted with security issues: • Is our security policy enforced fairly and consistently? • Would employees, contractors and partners know if a security violation occurred? • Would the company know how to handle and react if they recognize a security violation?
  • 11. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Assign and clarify roles/responsibilities – Separation of duties, do people have the authority – Careful with overlapping duties – Clear statements from management
  • 12. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Define an action plan linked to a budget – Assessment of relative value of information assets – Use a risk assessment approach – Prioritize asset values to simplify budgetting – Involve all units
  • 13. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Develop/update the policy framework – Policies evolve just as the law in real life – Written in language everyone can understand – Align with business goals, constraining or contradictory policies end up in the forgotten list
  • 14. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Develop incident response program – Reduce damage – Recover quick and efficient – Keep a trace of the security event, learn from it
  • 15. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Develop a security awareness program – Conduct a survey to find the weak and strong domains – Repetition is the key to success – Events happening in the world could be the initiator – It should not be limited to a one shot. Use any means possible such as quiz, posters, intranet, mails etc..
  • 16. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Develop a security awareness program – Senior management – Mid management – Staff – Technical staff
  • 17. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Target audience • Develop a security awareness program – Senior management • Focus on key elements, risk level, loss • Numerical or statistical approach • Examples of real life
  • 18. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Target audience • Develop a security awareness program – Mid management • Granular approach on policies, procedures,… • In charge of mapping it to different departments • Use business examples
  • 19. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Target audience • Develop a security awareness program – Staff • Repetition = key to success • Split into job related groups • Stress on the importance of his/her job and the security related issues involved
  • 20. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Target audience • Develop a security awareness program – Technical Staff • Audit trails often see as work control • Often integrate security after everything is running • Convince them security protects also their work environment
  • 21. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be Countermeasures Building a human firewall • Measure your security awareness efforts – A quiz is an excellent tool to measure – Security event statistics can indicate weak spots – Evaluation forms to gain knowledge current issues and where to improve
  • 22. Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@baleo.be The Human Factor Q & A