Beyond Awareness
-
Upload
conferencias-fist -
Category
Technology
-
view
197 -
download
0
Transcript of Beyond Awareness
23 de febrero 2006 Infosecurity Iberia 2006 1
Beyond Awareness
22 de Marzo de 2006
Infosecurity Iberia 2006 2
Awareness
22 de Marzo de 2006
Infosecurity Iberia 2006 3
•Best Practices.
•Compliance with Policies.
•Risks.
•Teach to
•Know and Understand.
Awareness
22 de Marzo de 2006
Infosecurity Iberia 2006 4
•Teach
•Convince.
•Motivate.
Awareness
22 de Marzo de 2006
Infosecurity Iberia 2006 5
Threats
22 de Marzo de 2006
Infosecurity Iberia 2006 6
•Fraud.
•Scams.
•Corruption.
•Blakmail.
Human Threats
22 de Marzo de 2006
Infosecurity Iberia 2006 7
•Tailgating.
•Uncontrolled visitors.
•Mail or phone information requests.
•Forgotten doc in Printers, Fax, etc.
•Trust in uniforms.
Human Threats
22 de Marzo de 2006
Infosecurity Iberia 2006 8
•The user must reach were systems can’t
•Hoax, Spam, Virus, Phising, Spyware.
•Backup copies.
•Authentication Sharing.
•Undeleted discarded information.
•...but systems should help.
Amenazas Técnicas
22 de Marzo de 2006
Infosecurity Iberia 2006 9
Errors
22 de Marzo de 2006
Infosecurity Iberia 2006 10
Errors
22 de Marzo de 2006
Infosecurity Iberia 2006 11
Errores
180
22 de Marzo de 2006
Infosecurity Iberia 2006 12
•A automatic signal for doors open was requested, but not granted.
•The person who had to close the doors was sleeping.
•The official who had to check the doors couldn’t do it, they were short of personnel and was busy doing something else.
•The boat was designed for a different route, so the ramp was too high. For this reason it was ballasted, and the ballast wasn’t drained because they were short of time.
•As they were short of time, the captain started full throttel, which caused the wave the sink the boat.
Errores
22 de Marzo de 2006
Infosecurity Iberia 2006 13
•Who was guilty for the sinking?
•NONE OF THE ABOVE.
•THE MANAGERS who put the crew in a position were human error was possible and likely,.
Errores
22 de Marzo de 2006
Infosecurity Iberia 2006 14
Irrationality
22 de Marzo de 2006
Infosecurity Iberia 2006 15
•Honesty.
•Loyalty.
•Professional attitude.
•Healthy skepticism.
Actitud
22 de Marzo de 2006
Infosecurity Iberia 2006 16
Irracionalidad
•Lottery.
•Milgram and Asch experiments:
•Respect to Authority.
•Uncontested Obedience.
•Response to group pressure.
•Uniforms.
•Conformism.
•Kitty Genovese case.
•You are more likely to stick to your deciosions if you make them public.
22 de Marzo de 2006
Infosecurity Iberia 2006 17
Information
22 de Marzo de 2006
Infosecurity Iberia 2006 18
• “When I hear, I forget, when I see, I remember, when I do, I learn” Confucius (551-479 BC)
•Positive messages are remembered better than negative ones.
•Two frequent errors :
•Too much information.
•Information too technical.
Inform
22 de Marzo de 2006
Infosecurity Iberia 2006 19
•Communication Media.
•Posters.
•Mails.
•Meetings.
•Etc.
Informa
22 de Marzo de 2006
Infosecurity Iberia 2006 20
Tuition
22 de Marzo de 2006
Infosecurity Iberia 2006 21
Tuition
22 de Marzo de 2006
Infosecurity Iberia 2006 22
Tuition
22 de Marzo de 2006
Infosecurity Iberia 2006 23
•Check the message reached the other end.
•Exams.
•Surveys.
•Results.
Tuition
22 de Marzo de 2006
Infosecurity Iberia 2006 24
Motivation
22 de Marzo de 2006
Infosecurity Iberia 2006 25
•Unpleasant actions: They are better performed without a reward or with a small one.
•Pleasan actions: Motivation is lost if they are rewarded.
•Rewards:
•Material ones.
•Acknowledgement for your peers.
Motivation - Rewards
22 de Marzo de 2006
Infosecurity Iberia 2006 26
•They are more effective the more likely they are, not the more severe they are.
•Punishments:
•Material.
•Losing face.
Motivación - Pusnihment
22 de Marzo de 2006
Infosecurity Iberia 2006 27
•It is far more likely someone will do something if it is felt as his or her own will.
•It is more likely an action will be taken if we believe in it.
•To persuade is more difficult than reward or punish, but far for difficult.
Motivación - Persuasion
22 de Marzo de 2006
Infosecurity Iberia 2006 28
Responsibility
22 de Marzo de 2006
Infosecurity Iberia 2006 29
Responsibility
22 de Marzo de 2006
Infosecurity Iberia 2006 30
•Understand responsibilities distribution.
•Assum your own responsibility.
•Stablish barriers for information gathering and collusion.
Responsibility
22 de Marzo de 2006
Infosecurity Iberia 2006 31
•Transparency.
•Partitioning.
•Separation.
•Rotation.
•Supervision.
Responsibility
22 de Marzo de 2006
Infosecurity Iberia 2006 32
Measurement
22 de Marzo de 2006
Infosecurity Iberia 2006 33
•Information – Activity.
•Tuition – Surveys.
•Trust – (No se puede)
•Behaviour – Trials, practice.
Medición
22 de Marzo de 2006
Infosecurity Iberia 2006 34
•Inform.
•Teach.
•Motivate.
•Manage.
•TPSRSR.
Summary
22 de Marzo de 2006
Infosecurity Iberia 2006 35
THANKS