Download presentation
Presentation is loading. Please wait.
Published byCandice Bareford Modified over 9 years ago
1
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be The Human Factor in Information Technology
2
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Introduction 75% of security incidents caused by human error Technology oriented civilization General ignorance in all layers of the civilization
3
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Work environment Employees often clueless about security improvements. Incidents often caused by : –Configuration error –Misinterpretation –Intentionally action
4
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Design issue Techies needs vs business needs Business function vs security User-friendly vs security The strength of the design is often the downfall to it. Regular users do not think as those who designed it Design should identify human and societal need
5
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Technology Technology rapidly changes resulting in inability to manage Technology often ties us to our work and instead making it easier it gets worse Top notch technology is expensive and does not guarantee security. Implementers often external, could leave insecure traces, purposely or by error
6
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Social engineering Art of deception or persuasion –The exploits –Human based social engineering –Technology based social engineering
7
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Social engineering The Exploits Diffusion of responsibility Trust relationships Moral duty Guilt Desire to be helpful Cooperation
8
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Human based Social engineering Impersonation The VIP approach Shoulder surfing Dumpster diving Piggy backing Third party approach
9
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Technology Social engineering Popup windows Mail attachments Spam, Spim, chain emails, hoaxes Websites
10
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Countermeasures Building a human firewall Convince top management –Top down approach –Prove security is business enabler not a cost enabler only. –According to Gartner the executive board has 3 mayor questions when confronted with security issues: Is our security policy enforced fairly and consistently? Would employees, contractors and partners know if a security violation occurred? Would the company know how to handle and react if they recognize a security violation?
11
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Countermeasures Building a human firewall Assign and clarify roles/responsibilities –Separation of duties, do people have the authority –Careful with overlapping duties –Clear statements from management
12
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Countermeasures Building a human firewall Define an action plan linked to a budget –Assessment of relative value of information assets –Use a risk assessment approach –Prioritize asset values to simplify budgetting –Involve all units
13
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Countermeasures Building a human firewall Develop/update the policy framework –Policies evolve just as the law in real life –Written in language everyone can understand –Align with business goals, constraining or contradictory policies end up in the forgotten list
14
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Countermeasures Building a human firewall Develop incident response program –Reduce damage –Recover quick and efficient –Keep a trace of the security event, learn from it
15
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Countermeasures Building a human firewall Develop a security awareness program –Conduct a survey to find the weak and strong domains –Repetition is the key to success –Events happening in the world could be the initiator –It should not be limited to a one shot. Use any means possible such as quiz, posters, intranet, mails etc..
16
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Countermeasures Building a human firewall Develop a security awareness program –Senior management –Mid management –Staff –Technical staff
17
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Countermeasures Target audience Develop a security awareness program –Senior management Focus on key elements, risk level, loss Numerical or statistical approach Examples of real life
18
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Countermeasures Target audience Develop a security awareness program –Mid management Granular approach on policies, procedures,… In charge of mapping it to different departments Use business examples
19
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Countermeasures Target audience Develop a security awareness program –Staff Repetition = key to success Split into job related groups Stress on the importance of his/her job and the security related issues involved
20
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Countermeasures Target audience Develop a security awareness program –Technical Staff Audit trails often see as work control Often integrate security after everything is running Convince them security protects also their work environment
21
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Countermeasures Building a human firewall Measure your security awareness efforts –A quiz is an excellent tool to measure –Security event statistics can indicate weak spots –Evaluation forms to gain knowledge current issues and where to improve
22
Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be The Human Factor Q & A
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.