Presentation is loading. Please wait.

Presentation is loading. Please wait.

Koen Maris – The Human Factor in Information technology – Copyright 2005 – The Human Factor in Information Technology.

Published byCandice Bareford Modified over 9 years ago

Similar presentations

Presentation on theme: "Koen Maris – The Human Factor in Information technology – Copyright 2005 – The Human Factor in Information Technology."— Presentation transcript:

1 Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be The Human Factor in Information Technology

2 Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Introduction 75% of security incidents caused by human error Technology oriented civilization General ignorance in all layers of the civilization

3 Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Work environment Employees often clueless about security improvements. Incidents often caused by : –Configuration error –Misinterpretation –Intentionally action

4 Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Design issue Techies needs vs business needs Business function vs security User-friendly vs security The strength of the design is often the downfall to it. Regular users do not think as those who designed it Design should identify human and societal need

5 Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Technology Technology rapidly changes resulting in inability to manage Technology often ties us to our work and instead making it easier it gets worse Top notch technology is expensive and does not guarantee security. Implementers often external, could leave insecure traces, purposely or by error

6 Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Social engineering Art of deception or persuasion –The exploits –Human based social engineering –Technology based social engineering

7 Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Social engineering The Exploits Diffusion of responsibility Trust relationships Moral duty Guilt Desire to be helpful Cooperation

8 Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Human based Social engineering Impersonation The VIP approach Shoulder surfing Dumpster diving Piggy backing Third party approach

9 Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Technology Social engineering Popup windows Mail attachments Spam, Spim, chain emails, hoaxes Websites

10 Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Countermeasures Building a human firewall Convince top management –Top down approach –Prove security is business enabler not a cost enabler only. –According to Gartner the executive board has 3 mayor questions when confronted with security issues: Is our security policy enforced fairly and consistently? Would employees, contractors and partners know if a security violation occurred? Would the company know how to handle and react if they recognize a security violation?

11 Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Countermeasures Building a human firewall Assign and clarify roles/responsibilities –Separation of duties, do people have the authority –Careful with overlapping duties –Clear statements from management

12 Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Countermeasures Building a human firewall Define an action plan linked to a budget –Assessment of relative value of information assets –Use a risk assessment approach –Prioritize asset values to simplify budgetting –Involve all units

13 Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Countermeasures Building a human firewall Develop/update the policy framework –Policies evolve just as the law in real life –Written in language everyone can understand –Align with business goals, constraining or contradictory policies end up in the forgotten list

14 Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Countermeasures Building a human firewall Develop incident response program –Reduce damage –Recover quick and efficient –Keep a trace of the security event, learn from it

15 Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Countermeasures Building a human firewall Develop a security awareness program –Conduct a survey to find the weak and strong domains –Repetition is the key to success –Events happening in the world could be the initiator –It should not be limited to a one shot. Use any means possible such as quiz, posters, intranet, mails etc..

16 Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Countermeasures Building a human firewall Develop a security awareness program –Senior management –Mid management –Staff –Technical staff

17 Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Countermeasures Target audience Develop a security awareness program –Senior management Focus on key elements, risk level, loss Numerical or statistical approach Examples of real life

18 Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Countermeasures Target audience Develop a security awareness program –Mid management Granular approach on policies, procedures,… In charge of mapping it to different departments Use business examples

19 Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Countermeasures Target audience Develop a security awareness program –Staff Repetition = key to success Split into job related groups Stress on the importance of his/her job and the security related issues involved

20 Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Countermeasures Target audience Develop a security awareness program –Technical Staff Audit trails often see as work control Often integrate security after everything is running Convince them security protects also their work environment

21 Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be Countermeasures Building a human firewall Measure your security awareness efforts –A quiz is an excellent tool to measure –Security event statistics can indicate weak spots –Evaluation forms to gain knowledge current issues and where to improve

22 Koen Maris – The Human Factor in Information technology – Copyright 2005 – kmar@skynet.be The Human Factor Q & A

Download ppt "Koen Maris – The Human Factor in Information technology – Copyright 2005 – The Human Factor in Information Technology."

Similar presentations

Ways to Improve the Hazard Management Process

Ways to Improve the Hazard Management Process
Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.

Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.
© Peter Readings 2007 1 Data Leakage Pete Readings CISSP.

© Peter Readings Data Leakage Pete Readings CISSP.
Instant Business Improvement “Managing Operational Performance”

Instant Business Improvement “Managing Operational Performance”
FACILITY SAFETY: Creating a Safe and Secure Environment in the Community Health Center Presented by Steve Wilder, BA, CHSP, STS Sorensen, Wilder & Associates.

FACILITY SAFETY: Creating a Safe and Secure Environment in the Community Health Center Presented by Steve Wilder, BA, CHSP, STS Sorensen, Wilder & Associates.
Insider Threat Assessing & Managing ‘People’ Related Risks to Technology John Rostern, CRISC, QSA Northeast Managing Director September 14, 2011.

Insider Threat Assessing & Managing ‘People’ Related Risks to Technology John Rostern, CRISC, QSA Northeast Managing Director September 14, 2011.
Making the Case for Security: An Application of the NIST Security Assessment Framework to GW January 17, 2003 David Swartz Chief Information Officer Guy.

Making the Case for Security: An Application of the NIST Security Assessment Framework to GW January 17, 2003 David Swartz Chief Information Officer Guy.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
The Islamic University of Gaza

The Islamic University of Gaza
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
Information Security Policies and Standards

Information Security Policies and Standards
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
IT Security Requirements

IT Security Requirements
Supplier Ethics: Program Checklist

Supplier Ethics: Program Checklist
© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.

© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.
Nursing management FUNCTION NURSING MANAGEMENT PROCESS

Nursing management FUNCTION NURSING MANAGEMENT PROCESS
Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.

Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.
Network security policy: best practices

Network security policy: best practices
Performance Evaluation

Performance Evaluation

Similar presentations

Ads by Google