beyond awareness

35
23 de febrero 2006 Infosecurity Iberia 2006 1 Beyond Awareness

Upload: conferencias-fist

Post on 07-Jul-2015

197 views

Category:

Technology


0 download

TRANSCRIPT

Page 1: Beyond Awareness

23 de febrero 2006 Infosecurity Iberia 2006 1

Beyond Awareness

Page 2: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 2

Awareness

Page 3: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 3

•Best Practices.

•Compliance with Policies.

•Risks.

•Teach to

•Know and Understand.

Awareness

Page 4: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 4

•Teach

•Convince.

•Motivate.

Awareness

Page 5: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 5

Threats

Page 6: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 6

•Fraud.

•Scams.

•Corruption.

•Blakmail.

Human Threats

Page 7: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 7

•Tailgating.

•Uncontrolled visitors.

•Mail or phone information requests.

•Forgotten doc in Printers, Fax, etc.

•Trust in uniforms.

Human Threats

Page 8: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 8

•The user must reach were systems can’t

•Hoax, Spam, Virus, Phising, Spyware.

•Backup copies.

•Authentication Sharing.

•Undeleted discarded information.

•...but systems should help.

Amenazas Técnicas

Page 9: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 9

Errors

Page 10: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 10

Errors

Page 11: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 11

Errores

180

Page 12: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 12

•A automatic signal for doors open was requested, but not granted.

•The person who had to close the doors was sleeping.

•The official who had to check the doors couldn’t do it, they were short of personnel and was busy doing something else.

•The boat was designed for a different route, so the ramp was too high. For this reason it was ballasted, and the ballast wasn’t drained because they were short of time.

•As they were short of time, the captain started full throttel, which caused the wave the sink the boat.

Errores

Page 13: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 13

•Who was guilty for the sinking?

•NONE OF THE ABOVE.

•THE MANAGERS who put the crew in a position were human error was possible and likely,.

Errores

Page 14: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 14

Irrationality

Page 15: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 15

•Honesty.

•Loyalty.

•Professional attitude.

•Healthy skepticism.

Actitud

Page 16: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 16

Irracionalidad

•Lottery.

•Milgram and Asch experiments:

•Respect to Authority.

•Uncontested Obedience.

•Response to group pressure.

•Uniforms.

•Conformism.

•Kitty Genovese case.

•You are more likely to stick to your deciosions if you make them public.

Page 17: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 17

Information

Page 18: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 18

• “When I hear, I forget, when I see, I remember, when I do, I learn” Confucius (551-479 BC)

•Positive messages are remembered better than negative ones.

•Two frequent errors :

•Too much information.

•Information too technical.

Inform

Page 19: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 19

•Communication Media.

•Posters.

•Mails.

•Meetings.

•Etc.

Informa

Page 20: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 20

Tuition

Page 21: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 21

Tuition

Page 22: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 22

Tuition

Page 23: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 23

•Check the message reached the other end.

•Exams.

•Surveys.

•Results.

Tuition

Page 24: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 24

Motivation

Page 25: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 25

•Unpleasant actions: They are better performed without a reward or with a small one.

•Pleasan actions: Motivation is lost if they are rewarded.

•Rewards:

•Material ones.

•Acknowledgement for your peers.

Motivation - Rewards

Page 26: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 26

•They are more effective the more likely they are, not the more severe they are.

•Punishments:

•Material.

•Losing face.

Motivación - Pusnihment

Page 27: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 27

•It is far more likely someone will do something if it is felt as his or her own will.

•It is more likely an action will be taken if we believe in it.

•To persuade is more difficult than reward or punish, but far for difficult.

Motivación - Persuasion

Page 28: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 28

Responsibility

Page 29: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 29

Responsibility

Page 30: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 30

•Understand responsibilities distribution.

•Assum your own responsibility.

•Stablish barriers for information gathering and collusion.

Responsibility

Page 31: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 31

•Transparency.

•Partitioning.

•Separation.

•Rotation.

•Supervision.

Responsibility

Page 32: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 32

Measurement

Page 33: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 33

•Information – Activity.

•Tuition – Surveys.

•Trust – (No se puede)

•Behaviour – Trials, practice.

Medición

Page 34: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 34

•Inform.

•Teach.

•Motivate.

•Manage.

•TPSRSR.

Summary

Page 35: Beyond Awareness

22 de Marzo de 2006

Infosecurity Iberia 2006 35

THANKS