design thinking in ict security - business aspect · delivering business value from a fresh...
TRANSCRIPT
Design Thinking in ICT security
Delivering business value
from a fresh approach
Difficulties for security Afterthought
Fixing a problem, not
designing a feature
Overhead, Hindrance,
Inconvenience
Jarring for users
Not part of product
design
Can Design Thinking
help?
What is design thinking?
‘the collaborative process by which the
designer’s sensibilities and methods are
employed to match people’s needs with
what is technically feasible and a
viable business strategy.’ – Tim Brown
Ideo.
Reliability Intuition
Design
Thinking
Science Art
Build rapid prototypes
of ideas, focused on a
particular area.
‘Lo-fidelity’ to show
potential - not
problems.
Design thinking approach
Gain basic knowledge
to ask the right
questions.
Empathy with target
users. Watch what
they do, not what
they say. Ask “why?”
Develop a point of
view statement.
User + need + insight
Based on POV,
generate as many
ideas as possible.
Take findings from
prototypes back to
assumptions and
validate.
http://www.slideshare.net/mikeyk/intro-to-design-thinking
Understand Observe Synthesise Ideate Prototype Iterate
Inspiration Ideation Implementation
Design thinking works
http://ns-design.com/sherwinwilliams.php
Education Insight
http://moraveji.org/projects_med.html
User
+
Need
+
Insight
Can Design
Thinking be
applied to ICT
security?
Hint – the traffic cop
approach is not the
best answer...
Consumer
Choice
Employee
Rule (ouch)
Tactical
security models
hurt users
Benefits are
invisible
Security as
strategy?
Behaviour on unseen risks
http://www.youtube.com/watch?v=h-8PBx7isoM
ANZ Security
http://www.youtube.com/watch?v=Fqr7-9dT17E
Checkin security
User
+
Need
+
Insight
Conditions for design thinking
• Needs different kind of
leadership
– Promote exploitation and
exploration
– Move away from reliability and
onto validity
• If you’re not the CEO
– Become a design champion
– Stance, tools, experiences
How can You become a
design thinker? • Stance
– Step away from reliability model
– Priority on seeking validity and
advances in knowledge
• Tools
– Noticing, analysing, synthesising
• Experiences
– Mastery of local domain
– Continuous improvement
– External models which can help
Flow Stance - who am
I and what am I
trying to achieve?
Tools – what do I use to
organise my thinking
and understand the
world?
Experiences – what
can I use to build
my selection of
sensitivities and
skill?
Guide
Inform
Guide
Inform
Takeaways
• Design thinking promotes
divergent approaches in business
• Involves thinkers from across the
business
• Creates conditions for revolution,
gets out of evolution.
• Security needs to play in the
business to get the benefits
• Security projects become change
projects too!
Some reading