Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Insights: User Security. Users – the Achilles heel Users interaction Security technology protects: Machine <> Machine User > Machine Machine.

Published byKristin Morton Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Insights: User Security. Users – the Achilles heel Users interaction Security technology protects: Machine <> Machine User > Machine Machine."— Presentation transcript:

1 Security Insights: User Security

2 Users – the Achilles heel Users interaction Security technology protects: Machine <> Machine User > Machine Machine > user

3 Why are people so dangerous? Very vulnerable to mistakes and manipulation Not good at estimating risk Often too willing to extend trust Duped by pleas for help—it’s our natural desire to want to be helpful And can undermine all technical countermeasures Often the weakest part  should be accorded more scrutiny!

4 Policy: Determine its impact Security is inconvenient Recognize and respect security’s disruption Build “user impact” into design; invite discussion Avoid excessive complexity Use tools that are already tested and proven Controls costs; lessens chances of attack To prosecute or not? Decide in advance how far to go If yes: know what evidence to collect and train staff Make the punishment fit the crime Often reprimands are sufficient But what about the person who hacks the payroll?

5 Enforcement: Be visible Make security overt Badges even in small firms—has huge psychological effects and increases sensitivity Remind constantly Regular briefings and logon notices Include reminders of information value Emergency service Coordinate with physical security people Drill the troops Know where legitimate users are so you can more easily find attackers Perform drills to test procedures

6 Enforcement: Be visible Walk in your users’ shoes Use the same systems and software they do Operate with the same privileges they do Helps to spot areas where they might try to circumvent the security Keeps you from making disastrous mistakes

7 User education Security management campaign Periodic refreshers Newsletters Group meetings Screensavers Signatures on acceptable use policies Regular audits

8 Security awareness Know what has value What to do if you suddenly lost all access? Friends aren’t always friends Don’t allow trust to be exploited Over-the-phone friendships lack trust Passwords are personal And always undervalued Uniforms are cheap Mutually authenticate when your bank calls you!

9

10 Ongoing reminders Regular reminders to keep people aware One training session won’t last forever Police departments do this continually Be creative Don’t become yet another source of noise to be ignore Make the policy itself available easily Post on a web server Provide simple searching and navigation Keep it current!

11 Demo on the stand Free eval. from the stand Expert assistance on the stand Resources on-line www.microsoft.com/uk/security Resources

12 Security Insights – Coming Up 11:15Secure Messaging 11:45Identity Theft 12:15How Microsoft Secures IT 12:45User Security 13:15Secure Messaging 13:45Spyware 14:15Identity Theft 14:45How Microsoft Secures IT 15:15User Security 15:45Spyware

13 © 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. www.microsoft.com/uk/security www.microsoft.com/uk/technet

Download ppt "Security Insights: User Security. Users – the Achilles heel Users interaction Security technology protects: Machine <> Machine User > Machine Machine."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Part I: Making Good Online Choices

Part I: Making Good Online Choices
Trust, Security and Privacy in Learning Networks Daniel Olmedilla L3S Research Center / Hannover University Learning Networks in Practice 10 th May, 2007.

Trust, Security and Privacy in Learning Networks Daniel Olmedilla L3S Research Center / Hannover University Learning Networks in Practice 10 th May, 2007.
Security Policies? Ugh, just give me a firewall! Steve Riley Enterprise Security Architect Security Business and Technology Unit

Security Policies? Ugh, just give me a firewall! Steve Riley Enterprise Security Architect Security Business and Technology Unit
SECURITY CHECK Protecting Your System and Yourself Source:

SECURITY CHECK Protecting Your System and Yourself Source:
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Information Security Jim Cusson, CISSP. Largest Breaches 110,000 2009-11-27 NorthgateArinso, Verity Trustees 6,400 2009-11-25 Aurora St. Luke's Medical.

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
INTERNET SAFETY FOR EVERYONE A QUICK AND EASY CRASH COURSE.

INTERNET SAFETY FOR EVERYONE A QUICK AND EASY CRASH COURSE.
What is identity theft, and how can you protect yourself from it?

What is identity theft, and how can you protect yourself from it?
SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.

SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Users Are Not The Enemy A. Adams and M. A. Sasse Presenter: Jonathan McCune Security Reading Group February 6, 2004.

Users Are Not The Enemy A. Adams and M. A. Sasse Presenter: Jonathan McCune Security Reading Group February 6, 2004.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
© 2008. Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.

© Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
INTERNET SAFETY FOR EVERYONE

INTERNET SAFETY FOR EVERYONE
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Similar presentations

Ads by Google