Design Thinking in ICT security

Delivering business value

from a fresh approach

Difficulties for security Afterthought

Fixing a problem, not

designing a feature

Overhead, Hindrance,

Inconvenience

Jarring for users

Not part of product

design

Can Design Thinking

help?

What is design thinking?

‘the collaborative process by which the

designer’s sensibilities and methods are

employed to match people’s needs with

what is technically feasible and a

viable business strategy.’ – Tim Brown

Ideo.

Reliability Intuition

Design

Thinking

Science Art

Build rapid prototypes

of ideas, focused on a

particular area.

‘Lo-fidelity’ to show

potential - not

problems.

Design thinking approach

Gain basic knowledge

to ask the right

questions.

Empathy with target

users. Watch what

they do, not what

they say. Ask “why?”

Develop a point of

view statement.

User + need + insight

Based on POV,

generate as many

ideas as possible.

Take findings from

prototypes back to

assumptions and

validate.

http://www.slideshare.net/mikeyk/intro-to-design-thinking

Understand Observe Synthesise Ideate Prototype Iterate

Inspiration Ideation Implementation

Design thinking works

http://ns-design.com/sherwinwilliams.php

Education Insight

http://moraveji.org/projects_med.html

User

+

Need

+

Insight

Can Design

Thinking be

applied to ICT

security?

Hint – the traffic cop

approach is not the

best answer...

Consumer

Choice

Employee

Rule (ouch)

Tactical

security models

hurt users

Benefits are

invisible

Security as

strategy?

Behaviour on unseen risks

http://www.youtube.com/watch?v=h-8PBx7isoM

ANZ Security

http://www.youtube.com/watch?v=Fqr7-9dT17E

Checkin security

User

+

Need

+

Insight

Conditions for design thinking

• Needs different kind of

leadership

– Promote exploitation and

exploration

– Move away from reliability and

onto validity

• If you’re not the CEO

– Become a design champion

– Stance, tools, experiences

How can You become a

design thinker? • Stance

– Step away from reliability model

– Priority on seeking validity and

advances in knowledge

• Tools

– Noticing, analysing, synthesising

• Experiences

– Mastery of local domain

– Continuous improvement

– External models which can help

Flow Stance - who am

I and what am I

trying to achieve?

Tools – what do I use to

organise my thinking

and understand the

world?

Experiences – what

can I use to build

my selection of

sensitivities and

skill?

Guide

Inform

Guide

Inform

Takeaways

• Design thinking promotes

divergent approaches in business

• Involves thinkers from across the

business

• Creates conditions for revolution,

gets out of evolution.

• Security needs to play in the

business to get the benefits

• Security projects become change

projects too!

Some reading

Thank You

Gil Carter

gcarter@businessaspect.com.au