Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×

Human Element In Security

Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Nächste SlideShare
Safety Gamification
Safety Gamification
Wird geladen in …3
×

Hier ansehen

1 von 25 Anzeige
Anzeige

Weitere Verwandte Inhalte

Diashows für Sie (18)

Anzeige

Ähnlich wie Human Element In Security (20)

Anzeige

Aktuellste (20)

Human Element In Security

  1. 1. THE HUMAN ELEMENT IN SECURITY
  2. 2. • To err is human, but to really foul things up requires a computer. • Computers are unreliable, but humans are even more unreliable. Any system which depends on human reliability is unreliable.
  3. 3. In this world ……
  4. 4. In this world …. Where
  5. 5. You have No Perimeter In this world ……
  6. 6. In this world …
  7. 7. In this world …… When hackers are becoming increasingly sophisticated
  8. 8. Whom Can You Trust?
  9. 9. Information Security processtechnology people ARE YOU REVEALING TOO MUCH ?
  10. 10. SECURITY IS A PEOPLE PROBLEM
  11. 11. The Human Nature • Careless • Lazy • Inquisitive • Resists Change • Gullible – Can be deceived • Social Animal
  12. 12. Human Factor – The other side • Committed when motivated • Result oriented • Intelligent animal • Sometimes unsocial
  13. 13. Building the Human Firewall
  14. 14. End User is the Key to Security Sec U R iT y
  15. 15. Awareness + Accountability = Information Security Readiness Problem: Human factors represent the greatest challenge. Solution: A Security Awareness Program •Enables every employee to become •Brings Accountability Awareness Training is no longer Optional
  16. 16. SECURITY AWARENESS LADDER Climbing the AWARENESS ladder from • Blissful ignorance • Growing Recognition • Understanding • Positive Actions -- Responsive • “Thinking Security” - Reduced Losses
  17. 17. Audience • Everyone: All Employees, Partners and Contractors • Separate Messages crafted for general users, management and technical staff • Groups of New or Existing Employee - Time Frame
  18. 18. Supporting Communication Tools Screen Savers Reminder Cards Posters
  19. 19. Social Campaign •POSTERS •NEWSLETTERS •ARTWORK •YEAR AROUND PROGRAM
  20. 20. Social Campaign
  21. 21. ARTWORK
  22. 22. Hard Facts • Physical Security is no longer sufficient • Over reliance on technology cannot protect you • Awareness and training is a must. • Security breach on your system affects YOU !!

Hinweis der Redaktion

  • IT people are remembered all the time when things go wrong
    AND
    Murphys law applies to all IT people.
  • "The world isn’t run by weapons anymore, or energy, or money. It’s run by little ones and zeros, little bits of data... There’s a war out there... and it’s not about who’s got the most bullets. It’s about who controls the information.“
    Where
    GothsVandals
    Talibans
    were earlier reqd to bring down the infrastructure
    Today a lean geek can cause the similar damage with few strokes of zeros and ones.
  • CISOs have spent the past few years
    perfecting digging moats around the corporate castle.
    Now, as they lift their heads out of the trenches,
    they find themselves living in the age
    of bomber planes and guided missiles
  • A single worm can cause a chaos and cost lot of money
  • By bringing in blended threats
    reducing the exploit time and
    Use of new technology….targeted attacks, ….modular threat vectors.
  • Who ? Who ? ………….. Your consultant, or your vendor or your IT staff ……………….it is you yourself……….each one of you.
    The answer is your employees:
    Employees are the ones who use the information assets – they are the one who are the closest to these assets – they are the one who gets most affected by security incident -- hence the onus of protection falls on them first.
    They can be the human firewall -- your organization needs for protection against the numerous threats out in the open.
  • <number>
    It’s all about People, Process and Technology – Technology is the smallest part and the easiest to control!!
    Neither process nor technology will do any good if the people are not adequately trained. People need to be aware of what the current threats are, and what to do about them. They need to know what protection mechanisms are in place, be they a technical solution or a process.
  • Tell a man there are 300 billion stars in the universe and he'll believe you. Tell him a bench has wet paint on it and he'll have to touch to be sure.
    PEOPLE PROBLEM
    All technical people view computer security as a technology problem. They use sophisticated hardware and software solutions to control access and prevent fraud. The reality
    is that computer security is a people problem.
  • Human Firewall -- Most vulnerable – they are prone accidents and can make mistakes/errors and may even have malicious intents sometimes.
    Employees are greatest threats to information security.
    Caused by:
    Inexperience
    Improper training
    Incorrect assumptions
    Other circumstances
    HOW CAN WE CLOSE GAPS IN THIS HUMAN FIREWALL -- ?
  • Security awareness must be delivered through an ongoing, continuous program, as opposed to a finite set of activities.
    Despite significant investment in technology and infrastructure, Human factors represent the greatest challenge. in achieving information security readiness
  • <number>
  • Campaign
    Raising awareness is similar to commercial advertising or social marketing, such as the campaigns to reduce smoking or decrease the use of alcohol.
    Behavioral change is what we are aiming at.

×