Beyond Awareness

425 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
425
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • CABEZON
  • Classic approach
  • El phising es una estafa en dos fases, primero se suplanta al banco, luego se suplanta al cliente.
  • El phising es una estafa en dos fases, primero se suplanta al banco, luego se suplanta al cliente.
  • “ The Herald of Free Enterprise”
  • ¿WHO WAS GUILTY FOR THE SINKING?
  • ¿WHO WAS GUILTY FOR THE SINKING?
  • Empleado, No es medible sólo se puede basar en la experiencia -> Evitar rotación
  • Empleado, No es medible sólo se puede basar en la experiencia -> Evitar rotación
  • Check wikipedia for milgram experiment, asch experiment, kitty genovese case
  • Ejemplo "pon contraseñas que nadie que te conozca adivinaría“
  • Beyond Awareness

    1. 1. Beyond Awareness23 de febrero 2006 Infosecurity Iberia 2006 1
    2. 2. Awareness22 de Marzo de Infosecurity Iberia 2006 2
    3. 3. Awareness •Best Practices. •Compliance with Policies. •Risks. •Teach to •Know and Understand.22 de Marzo de Infosecurity Iberia 2006 3
    4. 4. Awareness •Teach •Convince. •Motivate.22 de Marzo de Infosecurity Iberia 2006 4
    5. 5. Threats22 de Marzo de Infosecurity Iberia 2006 5
    6. 6. Human Threats •Fraud. •Scams. •Corruption. •Blakmail.22 de Marzo de Infosecurity Iberia 2006 6
    7. 7. Human Threats •Tailgating. •Uncontrolled visitors. •Mail or phone information requests. •Forgotten doc in Printers, Fax, etc. •Trust in uniforms.22 de Marzo de Infosecurity Iberia 2006 7
    8. 8. Amenazas Técnicas•The user must reach were systems can’t •Hoax, Spam, Virus, Phising, Spyware. •Backup copies. •Authentication Sharing. •Undeleted discarded information.•...but systems should help.22 de Marzo de Infosecurity Iberia 2006 8
    9. 9. Errors22 de Marzo de Infosecurity Iberia 2006 9
    10. 10. Errors22 de Marzo de Infosecurity Iberia 2006 10
    11. 11. Errores 18022 de Marzo de Infosecurity Iberia 2006 11
    12. 12. Errores•A automatic signal for doors open was requested, but notgranted.•The person who had to close the doors was sleeping.•The official who had to check the doors couldn’t do it, theywere short of personnel and was busy doing somethingelse.•The boat was designed for a different route, so the rampwas too high. For this reason it was ballasted, and theballast wasn’t drained because they were short of time.•As they were short of time, the captain started full throttel,which caused the wave the sink the boat.22 de Marzo de Infosecurity Iberia 2006 12
    13. 13. Errores•Who was guilty for the sinking?•NONE OF THE ABOVE.•THE MANAGERS who put the crew in a position werehuman error was possible and likely,.22 de Marzo de Infosecurity Iberia 2006 13
    14. 14. Irrationality22 de Marzo de Infosecurity Iberia 2006 14
    15. 15. Actitud•Honesty.•Loyalty.•Professional attitude.•Healthy skepticism.22 de Marzo de Infosecurity Iberia 2006 15
    16. 16. Irracionalidad•Lottery.•Milgram and Asch experiments: •Respect to Authority. •Uncontested Obedience. •Response to group pressure.•Uniforms.•Conformism.•Kitty Genovese case.•You are more likely to stick to your deciosions if you makethemMarzo de22 de public. Infosecurity Iberia 2006 16
    17. 17. Information22 de Marzo de Infosecurity Iberia 2006 17
    18. 18. Inform• “When I hear, I forget, when I see, Iremember, when I do, I learn” Confucius (551-479 BC)•Positive messages are remembered betterthan negative ones.•Two frequent errors : •Too much information. •Information too technical.22 de Marzo de Infosecurity Iberia 2006 18
    19. 19. Informa•Communication Media. •Posters. •Mails. •Meetings. •Etc. 22 de Marzo de Infosecurity Iberia 2006 19
    20. 20. Tuition22 de Marzo de Infosecurity Iberia 2006 20
    21. 21. Tuition22 de Marzo de Infosecurity Iberia 2006 21
    22. 22. Tuition22 de Marzo de Infosecurity Iberia 2006 22
    23. 23. Tuition•Check the message reached the other end. •Exams. •Surveys. •Results. 22 de Marzo de Infosecurity Iberia 2006 23
    24. 24. Motivation22 de Marzo de Infosecurity Iberia 2006 24
    25. 25. Motivation - Rewards•Unpleasant actions: They are betterperformed without a reward or with a smallone.•Pleasan actions: Motivation is lost if theyare rewarded.•Rewards: •Material ones. •Acknowledgement for your peers.22 de Marzo de Infosecurity Iberia 2006 25
    26. 26. Motivación - Pusnihment•They are more effective the more likely theyare, not the more severe they are.•Punishments: •Material. •Losing face.22 de Marzo de Infosecurity Iberia 2006 26
    27. 27. Motivación - Persuasion •It is far more likely someone will do something if it is felt as his or her own will. •It is more likely an action will be taken if we believe in it. •To persuade is more difficult than reward or punish, but far for difficult.22 de Marzo de Infosecurity Iberia 2006 27
    28. 28. Responsibility22 de Marzo de Infosecurity Iberia 2006 28
    29. 29. Responsibility22 de Marzo de Infosecurity Iberia 2006 29
    30. 30. Responsibility•Understand responsibilities distribution.•Assum your own responsibility.•Stablish barriers for information gatheringand collusion.22 de Marzo de Infosecurity Iberia 2006 30
    31. 31. Responsibility•Transparency.•Partitioning.•Separation.•Rotation.•Supervision.22 de Marzo de Infosecurity Iberia 2006 31
    32. 32. Measurement22 de Marzo de Infosecurity Iberia 2006 32
    33. 33. Medición•Information – Activity.•Tuition – Surveys.•Trust – (No se puede)•Behaviour – Trials, practice.22 de Marzo de Infosecurity Iberia 2006 33
    34. 34. Summary•Inform.•Teach.•Motivate.•Manage.•TPSRSR.22 de Marzo de Infosecurity Iberia 2006 34
    35. 35. THANKS22 de Marzo de Infosecurity Iberia 2006 35

    ×