Human Element In Security
2 likes722 views
Human factors present the greatest challenge to information security. While computers are unreliable, humans are even more unreliable. Any system that depends on human reliability will itself be unreliable. The solution is a security awareness program that enables every employee to become aware and accountable, bringing accountability. Such a program climbs the awareness ladder from ignorance to understanding and positive, security-thinking actions through continuous communication tools like screen savers, reminders, and posters as part of a year-round social campaign.
Human Element In Security
- 1. THE HUMAN ELEMENT IN SECURITY
- 2. • To err is human, but to really foul things up requires a computer. • Computers are unreliable, but humans are even more unreliable. Any system which depends on human reliability is unreliable.
- 4. In this world …. Where
- 5. You have No Perimeter In this world ……
- 6. In this world …
- 7. In this world …… When hackers are becoming increasingly sophisticated
- 8. Whom Can You Trust?
- 9. Information Security processtechnology people ARE YOU REVEALING TOO MUCH ?
- 10. SECURITY IS A PEOPLE PROBLEM
- 11. The Human Nature • Careless • Lazy • Inquisitive • Resists Change • Gullible – Can be deceived • Social Animal
- 12. Human Factor – The other side • Committed when motivated • Result oriented • Intelligent animal • Sometimes unsocial
- 14. Building the Human Firewall
- 15. End User is the Key to Security Sec U R iT y
- 16. Awareness + Accountability = Information Security Readiness Problem: Human factors represent the greatest challenge. Solution: A Security Awareness Program •Enables every employee to become •Brings Accountability Awareness Training is no longer Optional
- 17. SECURITY AWARENESS LADDER Climbing the AWARENESS ladder from • Blissful ignorance • Growing Recognition • Understanding • Positive Actions -- Responsive • “Thinking Security” - Reduced Losses
- 18. Audience • Everyone: All Employees, Partners and Contractors • Separate Messages crafted for general users, management and technical staff • Groups of New or Existing Employee - Time Frame
- 19. Supporting Communication Tools Screen Savers Reminder Cards Posters
- 21. Social Campaign
- 24. ARTWORK
- 25. Hard Facts • Physical Security is no longer sufficient • Over reliance on technology cannot protect you • Awareness and training is a must. • Security breach on your system affects YOU !!
Editor's Notes
- #3: IT people are remembered all the time when things go wrong AND Murphys law applies to all IT people.
- #5: "The world isn’t run by weapons anymore, or energy, or money. It’s run by little ones and zeros, little bits of data... There’s a war out there... and it’s not about who’s got the most bullets. It’s about who controls the information.“ Where GothsVandals Talibans were earlier reqd to bring down the infrastructure Today a lean geek can cause the similar damage with few strokes of zeros and ones.
- #6: CISOs have spent the past few years perfecting digging moats around the corporate castle. Now, as they lift their heads out of the trenches, they find themselves living in the age of bomber planes and guided missiles
- #7: A single worm can cause a chaos and cost lot of money
- #8: By bringing in blended threats reducing the exploit time and Use of new technology….targeted attacks, ….modular threat vectors.
- #9: Who ? Who ? ………….. Your consultant, or your vendor or your IT staff ……………….it is you yourself……….each one of you. The answer is your employees: Employees are the ones who use the information assets – they are the one who are the closest to these assets – they are the one who gets most affected by security incident -- hence the onus of protection falls on them first. They can be the human firewall -- your organization needs for protection against the numerous threats out in the open.
- #10: <number> It’s all about People, Process and Technology – Technology is the smallest part and the easiest to control!! Neither process nor technology will do any good if the people are not adequately trained. People need to be aware of what the current threats are, and what to do about them. They need to know what protection mechanisms are in place, be they a technical solution or a process.
- #11: Tell a man there are 300 billion stars in the universe and he'll believe you. Tell him a bench has wet paint on it and he'll have to touch to be sure. PEOPLE PROBLEM All technical people view computer security as a technology problem. They use sophisticated hardware and software solutions to control access and prevent fraud. The reality is that computer security is a people problem.
- #15: Human Firewall -- Most vulnerable – they are prone accidents and can make mistakes/errors and may even have malicious intents sometimes. Employees are greatest threats to information security. Caused by: Inexperience Improper training Incorrect assumptions Other circumstances HOW CAN WE CLOSE GAPS IN THIS HUMAN FIREWALL -- ?
- #17: Security awareness must be delivered through an ongoing, continuous program, as opposed to a finite set of activities. Despite significant investment in technology and infrastructure, Human factors represent the greatest challenge. in achieving information security readiness
- #20: <number>
- #21: Campaign Raising awareness is similar to commercial advertising or social marketing, such as the campaigns to reduce smoking or decrease the use of alcohol. Behavioral change is what we are aiming at.