SlideShare ist ein Scribd-Unternehmen logo

The difference between the Reality and Feeling of Security

Als PPTX, PDF herunterladen
Anup Narayanan
Anup Narayanan

A presentation that I took recently for a top management group that focuses on the human factor in information security. The presentation focuses on why people make security mistakes by analyzing various factors involving perception, how people make security decisions and how people are influenced by their feeling of security. Do drop me a note if you wish to discuss this further at "anup at isqworld dot com"

BusinessTechnologieBildung
1 von 30
She looks I’m gonna steal trustworthy your toys The difference between the “Reality” and “Feeling” of Security Anup Narayanan, Founder & CEO, Information Security Quotient (ISQ)
Focus of the talk • The Human Factor in Information Security • From “Security Awareness” to “Security Awareness and Competence” • Solution model • What others are doing? 2
Awareness I know the traffic rules…. 3
Competence? Does it guarantee that I am a good driver? 4
Awareness >> Behaviour >> Culture Awareness Behaviour Culture (Competence) • I know • I do • We know and do An organization must aim for a responsible security culture 5
What organizations need? A system that periodically shows the current Security Awareness and Competence Levels Awareness score is 87% LOW AWARENESS MEDIUM AWARENESS HIGH AWARENESS Competence score is 65% MEDIUM LOW COMPETENCE COMPETENCE HIGH COMPETENCE 6
The power of perception Why do people make security mistakes?
Imagine… Nelson Mandela walks into this room right now and offers you this glass of water…. Will you accept it? 8
Now, imagine this… This man walks into this room right now and offers you this glass of water…. Will you accept it? 9
Question Which water did you accept? Why? 10
Analysis Were you checking the water or the person serving the water? People decide what is good and what is bad based on “trust” Perception is influenced by Trust 11
Why must we address the human factor? (or) Is the human factor worth addressing?
Case Study 1 LinkedIn Password leak 13
The most popular passwords in LinkedIn link jesus 1234 connect work monkey god 123456 job michael 12345 jordan angel dragon the soccer ilove killer sex pepper 14
Analysis You may think you are safe when you are actually not People get more terrified thinking of getting eaten by a shark then dying of heart attack…..but more people die of heart attacks 15
Analysis People exaggerate risks that are abnormal Adrenoleukodistrophy More kids die choking on french fries than due to Adrenoleukodistrophy 16
Reason 1: Security is both a “Reality” and “Feeling” For security practitioners security is a “Reality” based on the mathematical probability of risks For the end user security is a “feeling” Success lies in influencing the “feeling” of security 17
Reason 2: Not every attack(er) is that smart People exaggerate risks that are spectacular or uncommon: So what? RSA was hacked Technology & Processes Awareness & Competence The very smart attacker 4 Human – Recognizing a zero day attack, 3 Phishing mails, Not posting business Risk severity/ Attacker information in social media Smartness/ Attack Efficiency 2 Technology + Human – Firewall configuration, Choosing a secure Wifi 1 Automatic security controls – AV, Updates 18 Control efficiency
Reason 3: Technology…yes, but humans…of course! Aircrafts have become more advanced, but does it mean that pilot training requirements have reduced? Medical technology has become more advanced, but will you choose a hospital for it’s machines or the doctors? 19
The Solution Model Security Awareness and Competence Management
The solution is based on HIMIS • HIMIS – Human Impact Management for Information Security • Released under Creative Commons License • Free for Non-Commercial Use http://www.isqworld.com/himis 21
1. Awareness Vs. Competence Consider both “Awareness” and “Competence” independently Awareness Assess, Security Risk Identify the Improve, Re- analysis human factor assess Behaviour (Competence) ESP – Expected Security Practice 22
2. Visualize, engage ….and influence perception 23
24
3. Remember drip irrigation Which is more effective – Drip irrigation or spraying a lot of water once a day? Small doses, more frequent 25
4. Re-measure frequently Organization’s awareness score was 87% ? LOW AWARENESS MEDIUM AWARENESS HIGH AWARENESS Organization’s competence score was 65% ? MEDIUM LOW COMPETENCE COMPETENCE HIGH COMPETENCE 26
Threat forecast 27
Emerging threats 2013 (report by ISF) • Natural disasters • Economic espionage • Diminishing end user • Introduction of new devices security awareness (smart phones etc.) • Moving to cloud • Online leaks • Social media proliferation • Fast development and & data leaks release of apps without • Corporate frauds testing • Attacks using GPS • Smart outsourcing resulting in tracking less workforce loyalty
Summary Technology (Firewall) Information People Process Technology and processes are only as good as the people that use them 29
Let’s switch ON the Human Layer of Information Security Defence Thank You Anup Narayanan www.isqworld.com

Empfohlen

The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianClubHack
 
Secure Computer Systems (Shrobe)
Secure Computer Systems (Shrobe)Secure Computer Systems (Shrobe)
Secure Computer Systems (Shrobe)Michael Scovetta
 
CRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeCRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeKrisValerio
 
Usable security it isn't secure if people can't use it mwux 2 jun2012
Usable security it isn't secure if people can't use it mwux 2 jun2012Usable security it isn't secure if people can't use it mwux 2 jun2012
Usable security it isn't secure if people can't use it mwux 2 jun2012Darren Kall
 
Human Impact on Information Security - Computer Society of India Conference, ...
Human Impact on Information Security - Computer Society of India Conference, ...Human Impact on Information Security - Computer Society of India Conference, ...
Human Impact on Information Security - Computer Society of India Conference, ...Anup Narayanan
 
Defense Intelligence & The Information Challenge
Defense Intelligence & The Information ChallengeDefense Intelligence & The Information Challenge
Defense Intelligence & The Information ChallengeIBMGovernmentCA
 
Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?Trend Micro (EMEA) Limited
 
Vol13 no2
Vol13 no2Vol13 no2
Vol13 no2fphart
 

Empfohlen

The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianClubHack
 
Secure Computer Systems (Shrobe)
Secure Computer Systems (Shrobe)Secure Computer Systems (Shrobe)
Secure Computer Systems (Shrobe)Michael Scovetta
 
CRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeCRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeKrisValerio
 
Usable security it isn't secure if people can't use it mwux 2 jun2012
Usable security it isn't secure if people can't use it mwux 2 jun2012Usable security it isn't secure if people can't use it mwux 2 jun2012
Usable security it isn't secure if people can't use it mwux 2 jun2012Darren Kall
 
Human Impact on Information Security - Computer Society of India Conference, ...
Human Impact on Information Security - Computer Society of India Conference, ...Human Impact on Information Security - Computer Society of India Conference, ...
Human Impact on Information Security - Computer Society of India Conference, ...Anup Narayanan
 
Defense Intelligence & The Information Challenge
Defense Intelligence & The Information ChallengeDefense Intelligence & The Information Challenge
Defense Intelligence & The Information ChallengeIBMGovernmentCA
 
Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?Trend Micro (EMEA) Limited
 
Vol13 no2
Vol13 no2Vol13 no2
Vol13 no2fphart
 
Knowledge Management and Knowledge Sharing at DISA
Knowledge Management and Knowledge Sharing at DISAKnowledge Management and Knowledge Sharing at DISA
Knowledge Management and Knowledge Sharing at DISADee Moone
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsZsolt Nemeth
 
Usable security- It isn't secure if people can't use it. O-ISC conference 14m...
Usable security- It isn't secure if people can't use it. O-ISC conference 14m...Usable security- It isn't secure if people can't use it. O-ISC conference 14m...
Usable security- It isn't secure if people can't use it. O-ISC conference 14m...Darren Kall
 
Reflections on Resilience and Communitation
Reflections on Resilience and CommunitationReflections on Resilience and Communitation
Reflections on Resilience and CommunitationProf. David E. Alexander (UCL)
 
Framework for Security: Security in the Community Context
Framework for Security: Security in the Community ContextFramework for Security: Security in the Community Context
Framework for Security: Security in the Community ContextJere Peltonen
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defenseZsolt Nemeth
 
A model for reducing information security risks due to human error
A model for reducing information security risks due to human errorA model for reducing information security risks due to human error
A model for reducing information security risks due to human errorAnup Narayanan
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligenceguest08b1e6
 
Reducing Security Risks Due to Human Error - Information Security Summit, Kua...
Reducing Security Risks Due to Human Error - Information Security Summit, Kua...Reducing Security Risks Due to Human Error - Information Security Summit, Kua...
Reducing Security Risks Due to Human Error - Information Security Summit, Kua...Anup Narayanan
 
Behavioral Models of Information Security: Industry irrationality & what to d...
Behavioral Models of Information Security: Industry irrationality & what to d...Behavioral Models of Information Security: Industry irrationality & what to d...
Behavioral Models of Information Security: Industry irrationality & what to d...Kelly Shortridge
 
Secure360 on Risk
Secure360 on RiskSecure360 on Risk
Secure360 on RiskAlexander Hutton
 
Preparing for a Security Breach
Preparing for a Security BreachPreparing for a Security Breach
Preparing for a Security BreachAlienVault
 
Integrated Security, Safety and Surveillance Solution i3S
Integrated Security, Safety and Surveillance Solution i3SIntegrated Security, Safety and Surveillance Solution i3S
Integrated Security, Safety and Surveillance Solution i3SEdgevalue
 
Seductive security - Art of seduction
Seductive security - Art of seductionSeductive security - Art of seduction
Seductive security - Art of seductionb coatesworth
 
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target 2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target Raleigh ISSA
 
Insider Threat Mitigation
Insider Threat Mitigation Insider Threat Mitigation
Insider Threat MitigationRoger Johnston
 
A Model for Reducing Security Risks due to Human Error - iSafe 2010, Dubai
A Model for Reducing Security Risks due to Human Error - iSafe 2010, DubaiA Model for Reducing Security Risks due to Human Error - iSafe 2010, Dubai
A Model for Reducing Security Risks due to Human Error - iSafe 2010, DubaiAnup Narayanan
 
4 b. thomas whipp presentation
4 b. thomas whipp presentation4 b. thomas whipp presentation
4 b. thomas whipp presentationCFG
 
EACD Antonio Rodrigues 2017
EACD Antonio Rodrigues 2017EACD Antonio Rodrigues 2017
EACD Antonio Rodrigues 2017Rui Martins PR & Marketing Strategy
 
Human Element In Security
Human Element In SecurityHuman Element In Security
Human Element In SecurityVineet Sood
 
The Thing That Should Not Be
The Thing That Should Not BeThe Thing That Should Not Be
The Thing That Should Not Bemorisson
 
Think like a hacker for better security awareness
Think like a hacker for better security awarenessThink like a hacker for better security awareness
Think like a hacker for better security awarenessCOMSATS
 

Weitere ähnliche Inhalte

Was ist angesagt?

Knowledge Management and Knowledge Sharing at DISA
Knowledge Management and Knowledge Sharing at DISAKnowledge Management and Knowledge Sharing at DISA
Knowledge Management and Knowledge Sharing at DISADee Moone
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsZsolt Nemeth
 
Usable security- It isn't secure if people can't use it. O-ISC conference 14m...
Usable security- It isn't secure if people can't use it. O-ISC conference 14m...Usable security- It isn't secure if people can't use it. O-ISC conference 14m...
Usable security- It isn't secure if people can't use it. O-ISC conference 14m...Darren Kall
 
Framework for Security: Security in the Community Context
Framework for Security: Security in the Community ContextFramework for Security: Security in the Community Context
Framework for Security: Security in the Community ContextJere Peltonen
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defenseZsolt Nemeth
 

Was ist angesagt? (6)

Knowledge Management and Knowledge Sharing at DISA
Knowledge Management and Knowledge Sharing at DISAKnowledge Management and Knowledge Sharing at DISA
Knowledge Management and Knowledge Sharing at DISA
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systems
 
Usable security- It isn't secure if people can't use it. O-ISC conference 14m...
Usable security- It isn't secure if people can't use it. O-ISC conference 14m...Usable security- It isn't secure if people can't use it. O-ISC conference 14m...
Usable security- It isn't secure if people can't use it. O-ISC conference 14m...
 
Reflections on Resilience and Communitation
Reflections on Resilience and CommunitationReflections on Resilience and Communitation
Reflections on Resilience and Communitation
 
Framework for Security: Security in the Community Context
Framework for Security: Security in the Community ContextFramework for Security: Security in the Community Context
Framework for Security: Security in the Community Context
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defense
 

Ähnlich wie The difference between the Reality and Feeling of Security

A model for reducing information security risks due to human error
A model for reducing information security risks due to human errorA model for reducing information security risks due to human error
A model for reducing information security risks due to human errorAnup Narayanan
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligenceguest08b1e6
 
Reducing Security Risks Due to Human Error - Information Security Summit, Kua...
Reducing Security Risks Due to Human Error - Information Security Summit, Kua...Reducing Security Risks Due to Human Error - Information Security Summit, Kua...
Reducing Security Risks Due to Human Error - Information Security Summit, Kua...Anup Narayanan
 
Behavioral Models of Information Security: Industry irrationality & what to d...
Behavioral Models of Information Security: Industry irrationality & what to d...Behavioral Models of Information Security: Industry irrationality & what to d...
Behavioral Models of Information Security: Industry irrationality & what to d...Kelly Shortridge
 
Preparing for a Security Breach
Preparing for a Security BreachPreparing for a Security Breach
Preparing for a Security BreachAlienVault
 
Integrated Security, Safety and Surveillance Solution i3S
Integrated Security, Safety and Surveillance Solution i3SIntegrated Security, Safety and Surveillance Solution i3S
Integrated Security, Safety and Surveillance Solution i3SEdgevalue
 
Seductive security - Art of seduction
Seductive security - Art of seductionSeductive security - Art of seduction
Seductive security - Art of seductionb coatesworth
 
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target 2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target Raleigh ISSA
 
Insider Threat Mitigation
Insider Threat Mitigation Insider Threat Mitigation
Insider Threat MitigationRoger Johnston
 
A Model for Reducing Security Risks due to Human Error - iSafe 2010, Dubai
A Model for Reducing Security Risks due to Human Error - iSafe 2010, DubaiA Model for Reducing Security Risks due to Human Error - iSafe 2010, Dubai
A Model for Reducing Security Risks due to Human Error - iSafe 2010, DubaiAnup Narayanan
 
4 b. thomas whipp presentation
4 b. thomas whipp presentation4 b. thomas whipp presentation
4 b. thomas whipp presentationCFG
 
Human Element In Security
Human Element In SecurityHuman Element In Security
Human Element In SecurityVineet Sood
 
The Thing That Should Not Be
The Thing That Should Not BeThe Thing That Should Not Be
The Thing That Should Not Bemorisson
 
Think like a hacker for better security awareness
Think like a hacker for better security awarenessThink like a hacker for better security awareness
Think like a hacker for better security awarenessCOMSATS
 
The Perils that PCI brings to Security
The Perils that PCI brings to SecurityThe Perils that PCI brings to Security
The Perils that PCI brings to SecurityTripwire
 
Psychological Security: Introducing the PsySec Field
Psychological Security: Introducing the PsySec FieldPsychological Security: Introducing the PsySec Field
Psychological Security: Introducing the PsySec FieldZach(ary) Eikenberry
 
Habit 2 actively manage knowledge; from the 7 habits of effective decision ma...
Habit 2 actively manage knowledge; from the 7 habits of effective decision ma...Habit 2 actively manage knowledge; from the 7 habits of effective decision ma...
Habit 2 actively manage knowledge; from the 7 habits of effective decision ma...Mashauri Limited
 
Amateur Hour: Why APTs Are The Least Of Your Worries
Amateur Hour: Why APTs Are The Least Of Your WorriesAmateur Hour: Why APTs Are The Least Of Your Worries
Amateur Hour: Why APTs Are The Least Of Your WorriesEd Bellis
 

Ähnlich wie The difference between the Reality and Feeling of Security (20)

A model for reducing information security risks due to human error
A model for reducing information security risks due to human errorA model for reducing information security risks due to human error
A model for reducing information security risks due to human error
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligence
 
Reducing Security Risks Due to Human Error - Information Security Summit, Kua...
Reducing Security Risks Due to Human Error - Information Security Summit, Kua...Reducing Security Risks Due to Human Error - Information Security Summit, Kua...
Reducing Security Risks Due to Human Error - Information Security Summit, Kua...
 
Behavioral Models of Information Security: Industry irrationality & what to d...
Behavioral Models of Information Security: Industry irrationality & what to d...Behavioral Models of Information Security: Industry irrationality & what to d...
Behavioral Models of Information Security: Industry irrationality & what to d...
 
Secure360 on Risk
Secure360 on RiskSecure360 on Risk
Secure360 on Risk
 
Preparing for a Security Breach
Preparing for a Security BreachPreparing for a Security Breach
Preparing for a Security Breach
 
Integrated Security, Safety and Surveillance Solution i3S
Integrated Security, Safety and Surveillance Solution i3SIntegrated Security, Safety and Surveillance Solution i3S
Integrated Security, Safety and Surveillance Solution i3S
 
Seductive security - Art of seduction
Seductive security - Art of seductionSeductive security - Art of seduction
Seductive security - Art of seduction
 
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target 2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
2010-05 Real Business, Real Threats! Don't be an Unsuspecting Target
 
Insider Threat Mitigation
Insider Threat Mitigation Insider Threat Mitigation
Insider Threat Mitigation
 
A Model for Reducing Security Risks due to Human Error - iSafe 2010, Dubai
A Model for Reducing Security Risks due to Human Error - iSafe 2010, DubaiA Model for Reducing Security Risks due to Human Error - iSafe 2010, Dubai
A Model for Reducing Security Risks due to Human Error - iSafe 2010, Dubai
 
4 b. thomas whipp presentation
4 b. thomas whipp presentation4 b. thomas whipp presentation
4 b. thomas whipp presentation
 
EACD Antonio Rodrigues 2017
EACD Antonio Rodrigues 2017EACD Antonio Rodrigues 2017
EACD Antonio Rodrigues 2017
 
Human Element In Security
Human Element In SecurityHuman Element In Security
Human Element In Security
 
The Thing That Should Not Be
The Thing That Should Not BeThe Thing That Should Not Be
The Thing That Should Not Be
 
Think like a hacker for better security awareness
Think like a hacker for better security awarenessThink like a hacker for better security awareness
Think like a hacker for better security awareness
 
The Perils that PCI brings to Security
The Perils that PCI brings to SecurityThe Perils that PCI brings to Security
The Perils that PCI brings to Security
 
Psychological Security: Introducing the PsySec Field
Psychological Security: Introducing the PsySec FieldPsychological Security: Introducing the PsySec Field
Psychological Security: Introducing the PsySec Field
 
Habit 2 actively manage knowledge; from the 7 habits of effective decision ma...
Habit 2 actively manage knowledge; from the 7 habits of effective decision ma...Habit 2 actively manage knowledge; from the 7 habits of effective decision ma...
Habit 2 actively manage knowledge; from the 7 habits of effective decision ma...
 
Amateur Hour: Why APTs Are The Least Of Your Worries
Amateur Hour: Why APTs Are The Least Of Your WorriesAmateur Hour: Why APTs Are The Least Of Your Worries
Amateur Hour: Why APTs Are The Least Of Your Worries
 

Kürzlich hochgeladen

Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon investment
 
CROSS CULTURAL NEGOTIATION BY PANMISEM NS
CROSS CULTURAL NEGOTIATION BY PANMISEM NSCROSS CULTURAL NEGOTIATION BY PANMISEM NS
CROSS CULTURAL NEGOTIATION BY PANMISEM NSpanmisemningshen123
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...daisycvs
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperityhemanthkumar470700
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwaitdaisycvs
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentationuneakwhite
 
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...ssuserf63bd7
 
Falcon Invoice Discounting: Tailored Financial Wings
Falcon Invoice Discounting: Tailored Financial WingsFalcon Invoice Discounting: Tailored Financial Wings
Falcon Invoice Discounting: Tailored Financial WingsFalcon Invoice Discounting
 
New 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateNew 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateCannaBusinessPlans
 
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in OmanMifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Omaninstagramfab782445
 
Falcon Invoice Discounting: Aviate Your Cash Flow Challenges
Falcon Invoice Discounting: Aviate Your Cash Flow ChallengesFalcon Invoice Discounting: Aviate Your Cash Flow Challenges
Falcon Invoice Discounting: Aviate Your Cash Flow Challengeshemanthkumar470700
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPanhandleOilandGas
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165meghakumariji156
 
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsIndeedSEO
 
Cannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 UpdatedCannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 UpdatedCannaBusinessPlans
 
Power point presentation on enterprise performance management
Power point presentation on enterprise performance managementPower point presentation on enterprise performance management
Power point presentation on enterprise performance managementVaishnaviGunji
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon investment
 
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...NadhimTaha
 

Kürzlich hochgeladen (20)

Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
CROSS CULTURAL NEGOTIATION BY PANMISEM NS
CROSS CULTURAL NEGOTIATION BY PANMISEM NSCROSS CULTURAL NEGOTIATION BY PANMISEM NS
CROSS CULTURAL NEGOTIATION BY PANMISEM NS
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pillsMifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
 
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
 
Falcon Invoice Discounting: Tailored Financial Wings
Falcon Invoice Discounting: Tailored Financial WingsFalcon Invoice Discounting: Tailored Financial Wings
Falcon Invoice Discounting: Tailored Financial Wings
 
New 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateNew 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck Template
 
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in OmanMifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
 
Falcon Invoice Discounting: Aviate Your Cash Flow Challenges
Falcon Invoice Discounting: Aviate Your Cash Flow ChallengesFalcon Invoice Discounting: Aviate Your Cash Flow Challenges
Falcon Invoice Discounting: Aviate Your Cash Flow Challenges
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation Final
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
 
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
 
Cannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 UpdatedCannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 Updated
 
Power point presentation on enterprise performance management
Power point presentation on enterprise performance managementPower point presentation on enterprise performance management
Power point presentation on enterprise performance management
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business Potential
 
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
 

The difference between the Reality and Feeling of Security

  • 1. She looks I’m gonna steal trustworthy your toys The difference between the “Reality” and “Feeling” of Security Anup Narayanan, Founder & CEO, Information Security Quotient (ISQ)
  • 2. Focus of the talk • The Human Factor in Information Security • From “Security Awareness” to “Security Awareness and Competence” • Solution model • What others are doing? 2
  • 3. Awareness I know the traffic rules…. 3
  • 4. Competence? Does it guarantee that I am a good driver? 4
  • 5. Awareness >> Behaviour >> Culture Awareness Behaviour Culture (Competence) • I know • I do • We know and do An organization must aim for a responsible security culture 5
  • 6. What organizations need? A system that periodically shows the current Security Awareness and Competence Levels Awareness score is 87% LOW AWARENESS MEDIUM AWARENESS HIGH AWARENESS Competence score is 65% MEDIUM LOW COMPETENCE COMPETENCE HIGH COMPETENCE 6
  • 7. The power of perception Why do people make security mistakes?
  • 8. Imagine… Nelson Mandela walks into this room right now and offers you this glass of water…. Will you accept it? 8
  • 9. Now, imagine this… This man walks into this room right now and offers you this glass of water…. Will you accept it? 9
  • 10. Question Which water did you accept? Why? 10
  • 11. Analysis Were you checking the water or the person serving the water? People decide what is good and what is bad based on “trust” Perception is influenced by Trust 11
  • 12. Why must we address the human factor? (or) Is the human factor worth addressing?
  • 13. Case Study 1 LinkedIn Password leak 13
  • 14. The most popular passwords in LinkedIn link jesus 1234 connect work monkey god 123456 job michael 12345 jordan angel dragon the soccer ilove killer sex pepper 14
  • 15. Analysis You may think you are safe when you are actually not People get more terrified thinking of getting eaten by a shark then dying of heart attack…..but more people die of heart attacks 15
  • 16. Analysis People exaggerate risks that are abnormal Adrenoleukodistrophy More kids die choking on french fries than due to Adrenoleukodistrophy 16
  • 17. Reason 1: Security is both a “Reality” and “Feeling” For security practitioners security is a “Reality” based on the mathematical probability of risks For the end user security is a “feeling” Success lies in influencing the “feeling” of security 17
  • 18. Reason 2: Not every attack(er) is that smart People exaggerate risks that are spectacular or uncommon: So what? RSA was hacked Technology & Processes Awareness & Competence The very smart attacker 4 Human – Recognizing a zero day attack, 3 Phishing mails, Not posting business Risk severity/ Attacker information in social media Smartness/ Attack Efficiency 2 Technology + Human – Firewall configuration, Choosing a secure Wifi 1 Automatic security controls – AV, Updates 18 Control efficiency
  • 19. Reason 3: Technology…yes, but humans…of course! Aircrafts have become more advanced, but does it mean that pilot training requirements have reduced? Medical technology has become more advanced, but will you choose a hospital for it’s machines or the doctors? 19
  • 20. The Solution Model Security Awareness and Competence Management
  • 21. The solution is based on HIMIS • HIMIS – Human Impact Management for Information Security • Released under Creative Commons License • Free for Non-Commercial Use http://www.isqworld.com/himis 21
  • 22. 1. Awareness Vs. Competence Consider both “Awareness” and “Competence” independently Awareness Assess, Security Risk Identify the Improve, Re- analysis human factor assess Behaviour (Competence) ESP – Expected Security Practice 22
  • 23. 2. Visualize, engage ….and influence perception 23
  • 24. 24
  • 25. 3. Remember drip irrigation Which is more effective – Drip irrigation or spraying a lot of water once a day? Small doses, more frequent 25
  • 26. 4. Re-measure frequently Organization’s awareness score was 87% ? LOW AWARENESS MEDIUM AWARENESS HIGH AWARENESS Organization’s competence score was 65% ? MEDIUM LOW COMPETENCE COMPETENCE HIGH COMPETENCE 26
  • 28. Emerging threats 2013 (report by ISF) • Natural disasters • Economic espionage • Diminishing end user • Introduction of new devices security awareness (smart phones etc.) • Moving to cloud • Online leaks • Social media proliferation • Fast development and & data leaks release of apps without • Corporate frauds testing • Attacks using GPS • Smart outsourcing resulting in tracking less workforce loyalty
  • 29. Summary Technology (Firewall) Information People Process Technology and processes are only as good as the people that use them 29
  • 30. Let’s switch ON the Human Layer of Information Security Defence Thank You Anup Narayanan www.isqworld.com