Upload File

modelling conflicts

25
Modelling Conflicts Between Security Compliance and Behaviour Leron Zinatullin http://www.zinatullin.com

Upload: neicher

Post on 07-Jul-2015

853 views

Category:

Technology


3 download

Report

Tags:

TRANSCRIPT

Page 1: Modelling conflicts

Modelling Conflicts Between

Security Compliance and

BehaviourLeron Zinatullin

http://www.zinatullin.com

Page 2: Modelling conflicts

Overview

• Motivation and Goal

• Method

• Contribution

• Conclusion

• Limitations and Future Work

Page 3: Modelling conflicts

Motivation and Goal

• Effectiveness of security programme

• Security behavior issues

• Develop a model to support security

managers’ decision-making process

Page 4: Modelling conflicts

Literature review

• Security policy and ISO 27001 Standard

• Human behaviour

• Business processes

Page 5: Modelling conflicts

Example scenario

Page 6: Modelling conflicts
Page 7: Modelling conflicts
Page 8: Modelling conflicts
Page 9: Modelling conflicts

Adjust security controls

Distinguish cases of non-compliance

due to obstruction of core business

process

Look for clashesMerge two

diagrams together

Visualise business process of a

particular role

Visualise security tasks

Page 10: Modelling conflicts
Page 11: Modelling conflicts
Page 12: Modelling conflicts
Page 13: Modelling conflicts
Page 14: Modelling conflicts
Page 15: Modelling conflicts
Page 16: Modelling conflicts
Page 17: Modelling conflicts

To compare views on the security compliance

behaviour in a organisation

Page 18: Modelling conflicts

Never, that I can recall

Once or twice a year

Once every 3 months

Once a month

Weekly

Daily

0 5 10 15 20 25 30

53% of participants

experience problems with

security policy

Page 19: Modelling conflicts

less than 30

minutes per week

30-60 minutes

per week

more than 1 hour per

week

20% of participants spend more than

30 minutes per week on various security tasks

Page 20: Modelling conflicts

“We work through the user’s role … so we

become familiar with particular department’s

user activities.”Security Manager

Energy

“At a high level we are aware. At the detailed

process level really only when we are doing a

project in that department. When we need to

understand the process within the project.”

Security Manager

Investment Bank

Page 21: Modelling conflicts

To validate the model

Page 22: Modelling conflicts

“This model will be relevant to any business.

I don’t think many have considered practically

addressing this dimension of security in their

organisations.”

Security Manager

Professional Services

“As a result you can make a decision to

implement a technology solution .... The cost of

such implementation would be justified by you

model. It will save user’s time and you can get

security benefit as well.”

Security Manager

Investment Bank

Page 23: Modelling conflicts

Conclusion

• ISO 27001 Standard is not enough

• Better understanding of the users

• Support decision-making process

Page 24: Modelling conflicts

Limitations and Future Work

• Other frameworks and regulations

• Drawbacks of the sample

• Information comes from different contexts

Page 25: Modelling conflicts

Conflicts Types6

Fueling Conflicts: Oil and Geopolitical Conflicts · 20.09.2010  · 3-Fueling Conflicts: Oil and Geopolitical Conflicts Introductory Remarks Oil is at the core of global geopolitical

Conflicts & Negotiations

CONFLICTS AMONG COUNTRIES CAUSES OF NATIONAL CONFLICTS

World's Conflicts

Org Conflicts

Conflicts - Torts

WATER CONFLICTS

Conflicts 2030

Eight Conflicts Cyber Conflicts

Conflicts Cans

Welcome to Disasters and Conflicts | Disasters and Conflicts

Define the Values Conflicts and Seek to Correct the Conflicts

Conflicts 2

Conflicts Frontiers

Conflicts Finals

Conflicts 00107

Armed Conflicts and Natural Resources - Europapublications.jrc.ec.europa.eu/repository/bitstream/JRC64271/reqno_j… · conflict modelling and the creation of a data repository accessible

474 Conflicts between Fundamental Rights - Engenderengender.org.za/publications/conflicts Between Fundamental Rights... · distribution for the uk: ... conflicts between fundamental

Confronting Conflicts : The Indian Tradition new new/Confronting Conflicts... · Confronting Conflicts : The Indian ... which is the culminating phase in resolving conflicts and remove

Cultural Conflicts

Organaisational Conflicts

CONFLICTS OF INTEREST - CFA UK · CONFLICTS OF INTEREST - CFA UK

Smsvn conflicts

Conflicts Outline

Resolving Client Conflicts by Hiring “Conflicts Counsel”

CHILD CONFLICTS

Moving from Understanding Conflicts to Resolving Conflicts · 2/26/2010  · Forum for Policy Dialogue on Water Conflicts in India Moving from Understanding Conflicts to Resolving

CONFLICTS cases.pdf

Conflicts 3

Sabin-WARGAME MODELLING OF PAST CONFLICTS · PDF fileWARGAME MODELLING OF PAST CONFLICTS: ITS UTILITY IN PREPARING FOR FUTURE CONTINGENCIES What Are Wargames? What Use Are Historical

Channel Conflicts

Chapter: 14, Conflicts of Interest Conflicts of Interest

INDUSTRIAL CONFLICTS

Conflicts with the American Indians Conflicts with the American Indians