Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information security incident investigation: The drivers, methods and outcomes Matthew Trump.

Published byCamron Tyler Gray Modified over 9 years ago

Similar presentations

Presentation on theme: "Information security incident investigation: The drivers, methods and outcomes Matthew Trump."— Presentation transcript:

1 Information security incident investigation: The drivers, methods and outcomes Matthew Trump

2 1 1 2 2 3 3 4 4 Overview IS picture Parallels with OHS Resilience Engineering

3 NB

4 Research Questions To establish the primary reported cause of Information Security incidents and in particular to understand why human error is often utilised as the default explanation. To investigate parallels between contemporary research in Occupational Health and Safety and Information Security in order to see whether the standard of information security incident investigation can be improved. To produce model guidelines for security incident investigation.

5 Research Methods Review Information Security incident reports from both the public and private sector. – Freedom of Information Act / ISACA Survey investigation leaders – Based on HSE report Conduct interviews with investigators

6 So what?

7 Pragmatism An opportunity to “improve the rigour and relevance of IS research” Goles (2000) “The societal value of IS research lies within its possibilities to improve IS practices” Goldkuhl (2004) … this puts “the research question above such considerations as methodology or the underlying world view.”

8 HROsOHSIS Conceptual model

9 Academic literature review Very little

10 Academic literature review Very little

11 Comptia (2010) “IT professionals attribute slightly more of the blame for security breaches to human error or shortcomings than technology shortcomings (59% vs. 41%).” Additionally, the data suggests the human error factor is on the rise as a cause of security breaches. 8th Annual Global Information Security Trends

12 “Additionally, the data suggests the human error factor is on the rise as a cause of security breaches.”

13 The data was encrypted but the password was attached

14

15

16 “human error is an attribution.... not an objective fact that can be found by anybody with the right method.” Woods et al. (2010)

17 Parallels between OHS and IS Statement, policy, procedures Risk analysis OHSMS Plan -> Do -> Check -> Act Driven by Europe Maturity in waves - Borys et al (2009) Policies, procedures, guidelines Risk analysis ISMS Plan -> Do -> Check -> Act Driven by Europe Maturity in waves – von Solms (2000, 2006)

18 Parallels between OHS and IS Limitations of OHSMS Limits of safety culture Increasing complexity More rules Limitations of ISMS Limits of security culture Increasing complexity More rules

19 Limits of parallels between OHS and IS 200 years experience Social pressure Powerful regulator Serious sanctions Severe outcome 30? Years experience Do people care? ICO… Laughable sanctions Less severe outcome

20

21 Accident causation models Sequential view Latent pathogens Systemic view

22 Resilience Engineering “Resilience Engineering looks for ways to enhance the ability of organisations to create processes that are robust yet flexible, to monitor and revise risk models, and to use resources proactively in the face of disruptions or ongoing production and economic pressures.”

23 Erik Hollnagel (1983) Why "Human Error" is a meaningless concept

24 Organisational utility Defence against entanglement (simplicity) The illusion of control A means for distancing A marker for failed investigations Cook, R. I. & Nemeth, C. P. (2010)

25 Human error Old view – complex systems fine vs erratic behaviour of people – human errors cause accidents – failure comes as an unpleasant surprise Old response – more procedures – more technology – remove bad apples

26 Human error New view – Human error as symptom of deeper trouble – Not random: connected to tools, tasks and environment – Not and end point for investigations New response – Humans not perfect – Find out why their actions made sense to them

27 Moving beyond human error Human error is an just an attribution Pursue second stories Escape hindsight bias Understand work at the sharp end Search for systemic vulnerabilities Woods et al (2010)

28 Human error and hindsight bias Attribute error to nearest operator – Available Work backwards until human input is found Humans normally do a good job Quality of process judged by quality of outcome – “Should have been obvious”

29 Accountability and learning Take a systems perspective Move beyond blame Create a just culture

30 How to answer research questions ReportsSurvey Investigations

31 Research Questions To establish the primary reported cause of Information Security incidents and in particular to understand why human error is often utilised as the default explanation. To investigate parallels between contemporary research in Occupational Health and Safety and Information Security in order to see whether the standard of information security incident investigation can be improved. To produce model guidelines for security incident investigation.

32 Research Questions To establish the primary reported cause of Information Security incidents and in particular to understand why human error is often utilised as the default explanation. To investigate parallels between contemporary research in Occupational Health and Safety and Information Security in order to see whether the standard of information security incident investigation can be improved. To produce model guidelines for security incident investigation.

33 Research Questions To establish the primary reported cause of Information Security incidents and in particular to understand why human error is often utilised as the default explanation. To investigate parallels between contemporary research in Occupational Health and Safety and Information Security in order to see whether the standard of information security incident investigation can be improved. To produce model guidelines for security incident investigation.

34 Research Questions To establish the primary reported cause of Information Security incidents and in particular to understand why human error is often utilised as the default explanation. To investigate parallels between contemporary research in Occupational Health and Safety and Information Security in order to see whether the standard of information security incident investigation can be improved. To produce model guidelines for security incident investigation.

35 How to answer research questions Expert evaluation Model guidelines

36 Your help ReportsSurvey Interviews Investigations Expert evaluation Model guidelines

Download ppt "Information security incident investigation: The drivers, methods and outcomes Matthew Trump."

Similar presentations

Safety Management Systems (SMS) An Introduction for Senior Management

Safety Management Systems (SMS) An Introduction for Senior Management
Protection of Sources of Safety- Related Information Doug Churchill EVP Professional IFATCA Protection of Sources of Safety- Related Information Doug Churchill.

Protection of Sources of Safety- Related Information Doug Churchill EVP Professional IFATCA Protection of Sources of Safety- Related Information Doug Churchill.
Accident and Incident Investigation

Accident and Incident Investigation
Www.dmp.wa.gov.au/ResourcesSafety Please read this before using presentation This presentation is based on content presented at the Mines Safety Roadshow.

Please read this before using presentation This presentation is based on content presented at the Mines Safety Roadshow.
Rob Kella - Chief Risk Officer

Rob Kella - Chief Risk Officer
Session No. 1 Basic Contemporary Safety Concepts

Session No. 1 Basic Contemporary Safety Concepts
Strategies and Structures for Research and Policy Networks: Presented to the Canadian Primary Health Care Research Network, 2012 Heather Creech, Director,

Strategies and Structures for Research and Policy Networks: Presented to the Canadian Primary Health Care Research Network, 2012 Heather Creech, Director,
Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.
Human Performance and Patient Safety

Human Performance and Patient Safety
Aviation Safety, Security & the Environment: The Way Forward Vince Galotti Chief/Air Traffic Management ICAO Safety and Efficiency An ICAO Perspective.

Aviation Safety, Security & the Environment: The Way Forward Vince Galotti Chief/Air Traffic Management ICAO Safety and Efficiency An ICAO Perspective.
Redefining the Culture for Patient Safety communication collaboration education building THE FOUNDATIONS for patient SAFETY.

Redefining the Culture for Patient Safety communication collaboration education building THE FOUNDATIONS for patient SAFETY.
Accident/Incident Investigation

Accident/Incident Investigation
© Grant Thornton UK LLP. All rights reserved. Review of Sickness Absence Vale of Glamorgan Council Final Report- November 2009.

© Grant Thornton UK LLP. All rights reserved. Review of Sickness Absence Vale of Glamorgan Council Final Report- November 2009.
Introduction to effective Incident/Accident Analysis

Introduction to effective Incident/Accident Analysis
Learning Objectives  Recognize the need for an investigation  Investigate the scene of the accident  Interview victims & witnesses  Distinguish.

Learning Objectives  Recognize the need for an investigation  Investigate the scene of the accident  Interview victims & witnesses  Distinguish.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
The Australian/New Zealand Standard on Risk Management

The Australian/New Zealand Standard on Risk Management
Loughborough Design School Is It Raining Out There? An exploration of culture, climate and safety. Dr Mike Fray.

Loughborough Design School Is It Raining Out There? An exploration of culture, climate and safety. Dr Mike Fray.
Workplace Safety and Health Program

Workplace Safety and Health Program
What SMS means for an Operator’s relationship with the CAA

What SMS means for an Operator’s relationship with the CAA

Similar presentations

Ads by Google