Information security incident investigation: The drivers, methods and outcomes Matthew Trump.

Slides:

Advertisements

Similar presentations

Safety Management Systems (SMS) An Introduction for Senior Management

Advertisements

Protection of Sources of Safety- Related Information Doug Churchill EVP Professional IFATCA Protection of Sources of Safety- Related Information Doug Churchill.

Accident and Incident Investigation

Please read this before using presentation This presentation is based on content presented at the Mines Safety Roadshow.

Rob Kella - Chief Risk Officer

Session No. 1 Basic Contemporary Safety Concepts

Strategies and Structures for Research and Policy Networks: Presented to the Canadian Primary Health Care Research Network, 2012 Heather Creech, Director,

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Human Performance and Patient Safety

Aviation Safety, Security & the Environment: The Way Forward Vince Galotti Chief/Air Traffic Management ICAO Safety and Efficiency An ICAO Perspective.

Redefining the Culture for Patient Safety communication collaboration education building THE FOUNDATIONS for patient SAFETY.

Accident/Incident Investigation

© Grant Thornton UK LLP. All rights reserved. Review of Sickness Absence Vale of Glamorgan Council Final Report- November 2009.

Introduction to effective Incident/Accident Analysis

Learning Objectives  Recognize the need for an investigation  Investigate the scene of the accident  Interview victims & witnesses  Distinguish.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.

The Australian/New Zealand Standard on Risk Management

Loughborough Design School Is It Raining Out There? An exploration of culture, climate and safety. Dr Mike Fray.

Workplace Safety and Health Program

What SMS means for an Operator’s relationship with the CAA

Understanding systems and the impact of complexity on patient care

HSE Management System - TRIPOD Presented By: Naman Shah Pakistan Refinery Limited Incident Investigation and Analysis.

 Students will be able to:  List items in a AI plan  List items to include in an AI kit  Explain why human error could be a cause or a symptom of.

OH&S Management System

Internal Auditing and Outsourcing

Just Culture Assessing Readiness – Focus on Process Jill Hanson Certified Just Culture™ Champion WHA 1.

Health and Safety Executive Health and Safety Executive Discretion and Judgement: HSE’s approach Mike Cross 3 June 2014.

JCAHO UPDATE June The Bureau of Primary Health Care is continuing to encourage Community Health Centers to be JCAHO accredited. JCAHO’s new focus.

The Field Guide to Human Error Investigations- The Old View (Chapters 1 – 6) By Dekker AST 425.

ELEMENTS OF EFFECTIVE SAFETY AND HEALTH PROGRAMS IN ACADEMIC AND REGIONAL THEATERS Health & Safety 260 Bill Reynolds Scott Hansen Greg Petruska.

Integrating Safety Management Systems – Opportunities for Improvement

Standardization and Test Development Nisrin Alqatarneh MSc. Occupational therapy.

How Would You Know You’re Not As Good As You Think You Are? Learning To Learn Bill Rigot1.

Evaluation methods and tools (Focus on delivery mechanism) Jela Tvrdonova, 2014.

Patient Safety Workforce Training Susan Carr Editor Patient Safety and Quality Healthcare Primary researcher and writer Train for Patient Safety Quality.

LEGAL LIABILITY Duty of Care – Be Aware… John Handley - October

Field Trips – Legal liability Tom Baker Beachcroft LLP.

Copyright © 2011 Wolters Kluwer Health | Lippincott Williams & Wilkins Chapter 8 Qualitative Inquiry.

Overall Quality Assurance, Selecting and managing external consultants and outsourcing Baku Training Module.

Overview of the New Long Term Care Homes Act (LTCHA)

Hazards Identification and Risk Assessment

9 december 2010Auditing integrity1 Experiences in Auditing Integrity in The Netherlands Ina de Haan Netherlands Court of Audit.

Culture Trumps….. EVERYTHING!!! Building a Core Belief in Justice in Order to Drive Reliability Kathy Harris, MS, RN, CENP, FACHE Vice President, Clinical.

Performance Stories Evaluation - A Monitoring Method to Enhance Evaluation Influence Riad Naji, Catriona King, Richard Habgood.

Session 2.02: Achieving an Adequate Level of Security Without Hindering Patient Care Jody S. Hawkins, ISO Dallas, Texas.

11 NOVEMBER 2006 Occupational Health & Safety: Rights and Responsibilities in Health Care ACHSE Essential Update on Health Support Services Sydney, 30.

Jacques Vanier ICAO EUR/NAT Regional Officer Almaty, 5 to 9 September 2005 SAFETY MANAGEMENT SYSTEMS SAFETY PERFORMANCE.

SafeMARINERTM Helping Companies Get to Zero

Educational Outcomes Service Group: Overview of Year One Lynne Tomasa, PhD May 15, 2003.

SOLGM Wanaka Retreat Health and Safety at Work Act 2015 Ready? 4 February 2016 Samantha Turner Partner DDI: Mob:

Directors’ Safety Alliance Limited © 1 Safety Leadership The role of Senior Management within business success.

OHSAS Occupational health and safety management system.

Safety Leadership Defining a World Class Safety and Health Program – An Industry Perspective* *Special thanks to GE Global Nuclear Fuels – for the use.

Human & Organizational Performance – H.O.P.

LECTURE 7 AVIATION SAFETY & SECURITY

Organisational Issues Helen Jones Human Factors Consultant DNV.

When things go wrong: reducing the risk of FCA enforcement action Birmingham 2016 Insurance and Financial Services Conference Wednesday, 18 June 2016 Jonathan.

Kate Perkins for the Ithaca Group. Setting the scene  Where has the CSfW come from?  What is it for? Who is it for? The framework  Skill Areas  Developmental.

OH&S Management System

THE risk management in the period of Innovation

Auditor Training Module 1 – Audit Concepts and Definitions

OH&S Management System

Revision of the Internal Control Framework in the European Commission PEMPAL Internal Audit Community of Practice (IACOP) Brussels, 27th February 2017.

Organisational Culture Selection for Safer Helicopter Operations

Peer Review What, Why, When, Where & How?

ORGAnisational resilience analysis introduction

Market surveillance cooperation at European level

ISO 45001:2018 Implementation Ruth Wilkinson, BSc (Hons), MSc, CMIOSH

Presentation transcript:

Information security incident investigation: The drivers, methods and outcomes Matthew Trump

Overview IS picture Parallels with OHS Resilience Engineering

NB

Research Questions To establish the primary reported cause of Information Security incidents and in particular to understand why human error is often utilised as the default explanation. To investigate parallels between contemporary research in Occupational Health and Safety and Information Security in order to see whether the standard of information security incident investigation can be improved. To produce model guidelines for security incident investigation.

Research Methods Review Information Security incident reports from both the public and private sector. – Freedom of Information Act / ISACA Survey investigation leaders – Based on HSE report Conduct interviews with investigators

So what?

Pragmatism An opportunity to “improve the rigour and relevance of IS research” Goles (2000) “The societal value of IS research lies within its possibilities to improve IS practices” Goldkuhl (2004) … this puts “the research question above such considerations as methodology or the underlying world view.”

HROsOHSIS Conceptual model

Academic literature review Very little

Academic literature review Very little

Comptia (2010) “IT professionals attribute slightly more of the blame for security breaches to human error or shortcomings than technology shortcomings (59% vs. 41%).” Additionally, the data suggests the human error factor is on the rise as a cause of security breaches. 8th Annual Global Information Security Trends

“Additionally, the data suggests the human error factor is on the rise as a cause of security breaches.”

The data was encrypted but the password was attached

“human error is an attribution.... not an objective fact that can be found by anybody with the right method.” Woods et al. (2010)

Parallels between OHS and IS Statement, policy, procedures Risk analysis OHSMS Plan -> Do -> Check -> Act Driven by Europe Maturity in waves - Borys et al (2009) Policies, procedures, guidelines Risk analysis ISMS Plan -> Do -> Check -> Act Driven by Europe Maturity in waves – von Solms (2000, 2006)

Parallels between OHS and IS Limitations of OHSMS Limits of safety culture Increasing complexity More rules Limitations of ISMS Limits of security culture Increasing complexity More rules

Limits of parallels between OHS and IS 200 years experience Social pressure Powerful regulator Serious sanctions Severe outcome 30? Years experience Do people care? ICO… Laughable sanctions Less severe outcome

Accident causation models Sequential view Latent pathogens Systemic view

Resilience Engineering “Resilience Engineering looks for ways to enhance the ability of organisations to create processes that are robust yet flexible, to monitor and revise risk models, and to use resources proactively in the face of disruptions or ongoing production and economic pressures.”

Erik Hollnagel (1983) Why "Human Error" is a meaningless concept

Organisational utility Defence against entanglement (simplicity) The illusion of control A means for distancing A marker for failed investigations Cook, R. I. & Nemeth, C. P. (2010)

Human error Old view – complex systems fine vs erratic behaviour of people – human errors cause accidents – failure comes as an unpleasant surprise Old response – more procedures – more technology – remove bad apples

Human error New view – Human error as symptom of deeper trouble – Not random: connected to tools, tasks and environment – Not and end point for investigations New response – Humans not perfect – Find out why their actions made sense to them

Moving beyond human error Human error is an just an attribution Pursue second stories Escape hindsight bias Understand work at the sharp end Search for systemic vulnerabilities Woods et al (2010)

Human error and hindsight bias Attribute error to nearest operator – Available Work backwards until human input is found Humans normally do a good job Quality of process judged by quality of outcome – “Should have been obvious”

Accountability and learning Take a systems perspective Move beyond blame Create a just culture

How to answer research questions ReportsSurvey Investigations

Research Questions To establish the primary reported cause of Information Security incidents and in particular to understand why human error is often utilised as the default explanation. To investigate parallels between contemporary research in Occupational Health and Safety and Information Security in order to see whether the standard of information security incident investigation can be improved. To produce model guidelines for security incident investigation.

Research Questions To establish the primary reported cause of Information Security incidents and in particular to understand why human error is often utilised as the default explanation. To investigate parallels between contemporary research in Occupational Health and Safety and Information Security in order to see whether the standard of information security incident investigation can be improved. To produce model guidelines for security incident investigation.

Research Questions To establish the primary reported cause of Information Security incidents and in particular to understand why human error is often utilised as the default explanation. To investigate parallels between contemporary research in Occupational Health and Safety and Information Security in order to see whether the standard of information security incident investigation can be improved. To produce model guidelines for security incident investigation.

Research Questions To establish the primary reported cause of Information Security incidents and in particular to understand why human error is often utilised as the default explanation. To investigate parallels between contemporary research in Occupational Health and Safety and Information Security in order to see whether the standard of information security incident investigation can be improved. To produce model guidelines for security incident investigation.

How to answer research questions Expert evaluation Model guidelines

Your help ReportsSurvey Interviews Investigations Expert evaluation Model guidelines