Organisational Factors and Australian IT Professionals’ Views of Wireless Network Vulnerability Assessments Keir Dyce Centre for Research in Computer Security.

Slides:

Advertisements

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

Advertisements

4th Module: Information Systems Development and Implementation:

School of Medicine FACULTY OF MEDICINE AND HEALTH Does interprofessional education and working have any impact on perceptions of professional identity.

Develop an Information Strategy Plan

Qualitative and Observational Research

S-1 SUPERVISION. S-2 Instructional Leadership Development Framework for Data-driven Systems QUALITY STUDENT PERFORMANCE ETHICS AND INTEGRITY Curriculum/Instruction/

Building Effective Work Teams and Maintaining Morale

What Is Organizational Culture?

A Teachers’ Overview of Digital Marketing Education in China Guangzhi Chu Professor of Advertising, Communication University of China Chenyu Li Ph.D. Candidate.

Developing management theory One example - Motivation ARBE121 – MANAGEMENT THEORY  Motivation “…internal processes and external forces that direct behaviour.”

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

Perpetuity Research & Consultancy International (PRCI) Ltd Is CCTV working? The effectiveness of CCTV and the British experience.

Decision Making Ch. 7 Management A Practical Introduction

Individual Decision Making

Organizational Influences and Life Cycle

© Pearson Education Limited, Chapter 6 Fact-finding Transparencies.

Diversity & Inclusion: Fringe or Fundamental? Joint CIPD/Bernard Hodes Research 2012 Dianah Worman OBE CIPD Public Policy Adviser, Diversity.

Section 29.2 The Marketing Survey

Introduction Our Topic: Mobile Security Why is mobile security important?

From Conformance to Performance: Using Integrated Risk Management to achieve Organisational Health Ms Stacie Hall Comcover National Manager.

CDU – School of Information Technology HIT241 Professional Practice… - Slide 1 IT Project Management ACS - Core Body of Knowledge In Australia in November.

Improving Corporate Governance in Malaysian Capital Markets – The Role of the Audit Committee Role of the Audit Committee in Assessing Audit Quality.

Building Research Capacity in social care: An untapped potential? Jo Cooke &Linsay Halladay University of Sheffield Others in the research team: Ruth Bacigalupo.

ICDE Librarians' Round Table, Hong Kong, October 1999 Human factors in successful electronic libraries Professor Andrew McDonald Director of Information.

7-2 Decision Making: How Individuals and Groups Arrive at Decisions Copyright © 2008 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

The Business Environment

Agency Health and the State of the Service Report 2006–07.

Copyright © Glencoe/McGraw-Hill Slide 1 of 12 BUSINESS MANAGEMENT Real-World Applications & Connections GLENCOE Section 8.1 What Is Decision Making? In.

Low Vision Services Survey Barbara McLaughlan Survey Project Manager RNIB/AMD Alliance UK.

Inspire Personal Skills Interpersonal & Organisational Awareness Developing People Deliver Creative Thinking & Problem Solving Decision Making, Prioritising,

Measuring the Board’s Performance Presented by Paul Geyer GAICD Thursday 19 June 2014.

CONSUMER BEHAVIOUR.

AASSA Conference 2012 Quito, Ecuador March 16 th 2012 All the rights reserved.Instructor: Francisco Bolaños, Ing. InterAmerican Academy Ethical Hacking.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

© 2001 Change Function Ltd USER ACCEPTANCE TESTING Is user acceptance testing of technology and / or processes a task within the project? If ‘Yes’: Will.

Database Analysis and the DreamHome Case Study

Services For Children & Young People Who Display Challenging Behaviour Well Matched and Skilled Staff A Pamphlet for commissioners Dr Sarah H Bernard Consultant.

© 2005 Prentice-Hall 6-1 Individual Decision Making Chapter 6 Essentials of Organizational Behavior, 8/e Stephen P. Robbins.

Introduction Name the author and the book’s title. In general terms, briefly describe the book’s themes and other critical elements. Suggest what you.

Chapter 8 – Groups Part 1: March 20, Groups and Social Processes Groups are 2 or more people who interact and perceive themselves as a unit/”us”

Slide 1 May 2009 Creating a culture for working better together.

Today’s Agenda What is feedback The benefits of effective feedback Barriers to giving performance feedback Techniques for giving feedback Essential communication.

Queen’s Management & Leadership Framework

1 External influences shaping the evaluation of a tertiary child protection program Andrew Anderson, The Benevolent Society.

Security Vulnerabilities in A Virtual Environment

Topic System Analyst Skills Role of system analyst Analyst user differences.

Managing Change Key Influences on the Change Process: Culture

ORGANISATIONAL CULTURE ORGANISATION MUST PROVIDE FOR INFORMATION SECURITY FAILING TO PLAN, IS PLANNING TO FAIL ASPECTS THAT SHOULD BE ADRESSED DURING.

Marketing Management 2 March Business Markets and Business Buyer Behaviour.

A Review of Research on Factors that Impact Aspects of Online Discussions Quality Spatariu, A., Quinn, L. F., & Hartley, K. (2007). A review of research.

Leading Effective Meetings By Jessica Kruse. Key Actions For Leading Effective Meetings  Prepare For a Focused Meeting Prepare For a Focused Meeting.

Staff Survey Results Research Excellence Framework All Staff Open Meeting Monday 23 February 2015.

Generic competencesDescription of the Competence Learning Competence The student  possesses the capability to evaluate and develop one’s own competences.

Chapter 8 – Group Influence Part 2: March 4, 2015.

Unit 8 – Project Management Lesson 3 project proposal.

The Ethics of Privacy in the Digital Society Ethical issues of emerging information and communication technologies Professor Bernd Carsten Stahl.

true potential An Introduction to the Middle Manager Programme’s CMI Qualifications.

1 Corruption Prevention Strategies. 2 Specific Objectives: 1. Corruption Loopholes 2. Corruption Prevention Strategies 3. Conclusions.

Equipping the Next Generation for Active Engagement in Science EngagingScience.eu שילוב נושאים סוציו-מדעיים ואתיים בלימודי מדע ד"ר יעל שורץ, אתי דגן ואמיל.

true potential An Introduction to the First Line Manager Programme’s CMI Qualifications.

2017 HN Accounting Network Kim Tree.

Chapter 8 – Group Influence

‘There is somebody wiser than any of us, and that is everybody.’

EVIDENCE-BASED REWARD

WHAT IS ORGANIZATIONAL CULTURE?

Sam Dawson Course Tutor 24/1/2015

Classification and Category of Risk

Chapter 8 – Group Influence

Ethical Hacking.

Ethical Hacking ‘Ethical hacking’ is the branch of computer science that involves cybersecurity and preventing cyberattacks. Ethical hackers are not malicious.

Presentation transcript:

Organisational Factors and Australian IT Professionals’ Views of Wireless Network Vulnerability Assessments Keir Dyce Centre for Research in Computer Security & Professor Mary Barrett School of Management and Marketing

Organisational culture: issues for computer security Professional Identity Sub-groups External and internal influences on culture Attitudes to risk Attitudes to surveillance ALL POTENTIALLY HAVE AN IMPACT ON WLAN SECURITY

Two approaches to wireless network vulnerability assessment Wireless monitoring (WM) Penetration testing (PT) No comprehensive framework for integrating the two approaches in an organisation’s security system

The study mail-out survey to Information Security Interest Group (ISIG), closed-ended and open-ended questions, frequencies only Topics covered: 1. the extent of use of WNVAs, (either or both wireless monitoring and penetration testing), 2. how IT professionals used WNVAs, and 3. their opinions about the two approaches

Results Modest response rate (62), but representative of ISIG (total ~400 members) 1 Use of VAs: Only ten (16 percent) used WM, three (5 percent) used PT. ‘Unnecessary’, ‘lack know-how’. Org’l culture suggests: ‘Wired view’ of security, senior management discomfort with idea of hacking Role of dominant culture and sub-cultures

Results (continued) 2 How IT professionals use WNVAs 10 users; but using either WM or PT or a combination of the two had revealed network vulnerabilities. Lack of a framework for combining the two. Respondents said this could be helpful to increase know-how. ‘Planning’ thought to be helpful, but scarcely anyone does this. (Only 1 of the 10 users has researched a framework.)

Results (continued) 3 Possible reasons for IT professionals’ low use of WNVAs Decision-making style, esp Bounded rationality in response to time constraints Secrecy may be provoked by time needed to get support from people who don’t understand WNVA techniques, and who are suspicious of surveillance measures, and lack of perceived need. Could lead to ethical compromises by IT staff.

Conclusions Organisational culture may help explain why IT professionals typically don’t use either kind of WNVA or even seem to know about them. ‘Within-culture’ solutions: change security measures and communicate. ‘Change culture’ solutions: reward new behaviour, use stories, use professional identity.