SlideShare una empresa de Scribd logo

Cybersecurity 4 security is sociotechnical issue

Descargar como PPTX, PDF
S
sommerville-videos

Discusses why cybersecurity has to be approached from a sociotechnical perspective. Accompanies YouTube video http://www.youtube.com/watch?v=8bLwJy2BwKs

TecnologíaNoticias y política
1 de 27
Security is a socio-technical issue Cybersecurity: Security is a socio-technical issue Slide 1
Improved security technology • Computer security and security engineering focuses on the technical aspects of the cybersecurity problem Cybersecurity: Security is a socio-technical issue Slide 2
• By reducing vulnerabilities in code and by adding more checks to code, many security vulnerabilities can be avoided and the number of incidents reduced • However, this can significantly increase costs and time required for development and so delay delivery of the software Cybersecurity: Security is a socio-technical issue Slide 3
© John Wiley and Sons 2004 Cybersecurity: Security is a socio-technical issue Slide 4
• “If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.” Cybersecurity: Security is a socio-technical issue Slide 5
© John Wiley and Sons 2004 • "Security is a chain; it's only as secure as the weakest link." Cybersecurity: Security is a socio-technical issue Slide 6
• Technology is necessary but cannot, on its own, guarantee that systems will be secure • Cybersecurity is a socio-technical rather than a technical problem Cybersecurity: Security is a socio-technical issue Slide 7
Why technology is not enough • Technology reliability cannot be guaranteed • Insider attacks • Technical security compromises made for usability reasons Cybersecurity: Security is a socio-technical issue Slide 8
• Failure of organisational procedures or poorly designed procedures • Human carelessness • Social engineering Cybersecurity: Security is a socio-technical issue Slide 9
Unreliable technology • In the same way that it is practically impossible to guarantee that a complex system is free from bugs, it is also impossible to guarantee that a system is free from security vulnerabilities Cybersecurity: Security is a socio-technical issue Slide 10
• Even if a system A is „secure‟, it may rely on other systems that are potentially insecure. If these are owned by different people, „system wide‟ security validation is impossible Cybersecurity: Security is a socio-technical issue Slide 11
Insider attacks • Insiders have legitimate credentials that allows them access to the system – Therefore, strong access control technology is not a barrier Cybersecurity: Security is a socio-technical issue Slide 12
• Insiders in an organisation are aware of the technical safeguards built into the system and may know how to circumvent these – especially if they have privileged system access • Insiders have local knowledge that may be used for social engineering and so may be able to discover privileged information. Cybersecurity: Security is a socio-technical issue Slide 13
Maroochy water breach Image credit: www.discoverqueensland.com.au Cybersecurity: Security is a socio-technical issue Slide 14
Usability vs security • There is always a trade-off to be made between usability and security • Security procedures slow down system operation and may alienate users Cybersecurity: Security is a socio-technical issue Slide 15
Companies may make a deliberate decision to use weaker security procedures so that users don‟t decide to go elsewhere Login/password authentication instead of biometrics © http://www.activistpost.com/ 2012 Cybersecurity: Security is a socio-technical issue Unencrypted information as encryption slows down the system Slide 16
Procedural failures • Procedures that are intended to maintain security may be badly designed or implemented • This may introduce vulnerabilities into the system or may mean that users have to circumvent procedures Cybersecurity: Security is a socio-technical issue Slide 17
Poor procedures • Companies request strong passwords but do not provide any help to users how to construct strong easy to remember passwords such as “My_hamster.spot • Requirements for regular password change. Thought to improve security but actually means that users can‟t remember passwords so they write them down Cybersecurity: Security is a socio-technical issue Slide 18
Human carelessness • People will inevitably be careless © www.labnol.org 2009 Cybersecurity: Security is a socio-technical issue – Leave systems unattended whilst they are logged on – Use authentication in public places where they can be observed Slide 19
Some technical controls against carelessness but impossible to completely control this vulnerability without incurring very high costs Cybersecurity: Security is a socio-technical issue Slide 20
Social engineering © thehackernews.com 2011 Cybersecurity: Security is a socio-technical issue • Many examples that show users are willing to provide confidential information to a plausible Slide 21
• Attacker Alex calls system admin Bob pretending to be the manager of a company and asks for his password to be reset. • He asks Bob to tell him the new password • Bob wants to please his boss so does as he is asked . • Alex then can gain access to the system (and lock out the legitimate manager) Cybersecurity: Security is a socio-technical issue Slide 22
Multiple points of failure • These „social‟ vulnerabilities may be exploited in connection with each other or with technical vulnerabilities to gain access to system Cybersecurity: Security is a socio-technical issue Slide 23
• For example, a successful password attack may require social engineering to convince system administators to reset a user‟s password Cybersecurity: Security is a socio-technical issue Slide 24
• A poor password change procedure, which does not include a check to ensure that the requestor is legitimate – Require text confirmation of password change request or text password change details to users mobile – Requests made by phone should require callback25 Slide Cybersecurity: Security is a socio-technical issue
Summary • Cybersecurity is a socio-technical problem • Technology reliability cannot be guaranteed • Insider attacks • Technical security compromises made for usability reasons Cybersecurity: Security is a socio-technical issue Slide 26
• Failure of organisational procedures or poorly designed procedures • Human carelessness • Social engineering Cybersecurity: Security is a socio-technical issue Slide 27

Recomendados

Maritime Cyber Security
Maritime Cyber SecurityMaritime Cyber Security
Maritime Cyber SecurityDimitris Chalambalis
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
Capital One Data Breach
Capital One Data BreachCapital One Data Breach
Capital One Data BreachObika Gellineau
 
Cybercrime And Computer Misuse Cases
Cybercrime And Computer Misuse CasesCybercrime And Computer Misuse Cases
Cybercrime And Computer Misuse CasesAshesh R
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)Ali Habeeb
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82majolic
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains Aparajita Banerjee
 
Sample network vulnerability analysis proposal
Sample network vulnerability analysis proposalSample network vulnerability analysis proposal
Sample network vulnerability analysis proposalDavid Sweigert
 

Recomendados

Maritime Cyber Security
Maritime Cyber SecurityMaritime Cyber Security
Maritime Cyber SecurityDimitris Chalambalis
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
Capital One Data Breach
Capital One Data BreachCapital One Data Breach
Capital One Data BreachObika Gellineau
 
Cybercrime And Computer Misuse Cases
Cybercrime And Computer Misuse CasesCybercrime And Computer Misuse Cases
Cybercrime And Computer Misuse CasesAshesh R
 
Information System Security(lecture 1)
Information System Security(lecture 1)Information System Security(lecture 1)
Information System Security(lecture 1)Ali Habeeb
 
Nist 800 82
Nist 800 82Nist 800 82
Nist 800 82majolic
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains Aparajita Banerjee
 
Sample network vulnerability analysis proposal
Sample network vulnerability analysis proposalSample network vulnerability analysis proposal
Sample network vulnerability analysis proposalDavid Sweigert
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Yokogawa1
 
SSAE 16 Transitions Overview
SSAE 16 Transitions OverviewSSAE 16 Transitions Overview
SSAE 16 Transitions OverviewJeffrey Paulette
 
The World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetThe World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetSean Xie
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
Information System Audit and Control
Information System Audit and ControlInformation System Audit and Control
Information System Audit and ControlAsad Raza
 
Building a Security Architecture
Building a Security ArchitectureBuilding a Security Architecture
Building a Security ArchitectureCisco Canada
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Cybersecurity: Public Sector Threats and Responses
Cybersecurity: Public Sector Threats and Responses Cybersecurity: Public Sector Threats and Responses
Cybersecurity: Public Sector Threats and Responses Directorate of Information Security | Ditjen Aptika
 
Scada security
Scada securityScada security
Scada securitysommerville-videos
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 
Cyber-Security-20211013105857.ppt
Cyber-Security-20211013105857.pptCyber-Security-20211013105857.ppt
Cyber-Security-20211013105857.pptvisik2
 
HITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to knowHITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to know➲ Stella Bridges
 
Computer Security - CCNA Security - Lecture 1
Computer Security - CCNA Security - Lecture 1Computer Security - CCNA Security - Lecture 1
Computer Security - CCNA Security - Lecture 1Mohamed Loey
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Information Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsInformation Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsJack Nichelson
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsSarah Cirelli
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causessommerville-videos
 
Maroochy water breach
Maroochy water breachMaroochy water breach
Maroochy water breachsommerville-videos
 

Más contenido relacionado

La actualidad más candente

Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Yokogawa1
 
SSAE 16 Transitions Overview
SSAE 16 Transitions OverviewSSAE 16 Transitions Overview
SSAE 16 Transitions OverviewJeffrey Paulette
 
The World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetThe World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetSean Xie
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
Information System Audit and Control
Information System Audit and ControlInformation System Audit and Control
Information System Audit and ControlAsad Raza
 
Building a Security Architecture
Building a Security ArchitectureBuilding a Security Architecture
Building a Security ArchitectureCisco Canada
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 
Cyber-Security-20211013105857.ppt
Cyber-Security-20211013105857.pptCyber-Security-20211013105857.ppt
Cyber-Security-20211013105857.pptvisik2
 
HITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to knowHITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to know➲ Stella Bridges
 
Computer Security - CCNA Security - Lecture 1
Computer Security - CCNA Security - Lecture 1Computer Security - CCNA Security - Lecture 1
Computer Security - CCNA Security - Lecture 1Mohamed Loey
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Information Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsInformation Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsJack Nichelson
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsSarah Cirelli
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident ResponsePECB
 

La actualidad más candente (20)

ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
 
Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443Secure Systems Security and ISA99- IEC62443
Secure Systems Security and ISA99- IEC62443
 
SSAE 16 Transitions Overview
SSAE 16 Transitions OverviewSSAE 16 Transitions Overview
SSAE 16 Transitions Overview
 
The World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - StuxnetThe World's First Cyber Weapon - Stuxnet
The World's First Cyber Weapon - Stuxnet
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
 
Information System Audit and Control
Information System Audit and ControlInformation System Audit and Control
Information System Audit and Control
 
Building a Security Architecture
Building a Security ArchitectureBuilding a Security Architecture
Building a Security Architecture
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network security
 
Cybersecurity: Public Sector Threats and Responses
Cybersecurity: Public Sector Threats and Responses Cybersecurity: Public Sector Threats and Responses
Cybersecurity: Public Sector Threats and Responses
 
Scada security
Scada securityScada security
Scada security
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
 
Cyber-Security-20211013105857.ppt
Cyber-Security-20211013105857.pptCyber-Security-20211013105857.ppt
Cyber-Security-20211013105857.ppt
 
HITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to knowHITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to know
 
Computer Security - CCNA Security - Lecture 1
Computer Security - CCNA Security - Lecture 1Computer Security - CCNA Security - Lecture 1
Computer Security - CCNA Security - Lecture 1
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Information Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsInformation Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security Metrics
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial Institutions
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
 

Destacado

Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causessommerville-videos
 
Issue with Internet in college (Computer Security and Cyber Law)
Issue with Internet in college (Computer Security and Cyber Law)Issue with Internet in college (Computer Security and Cyber Law)
Issue with Internet in college (Computer Security and Cyber Law)Govinda Aryal
 
Single Sign-On security issue in Cloud Computing
Single Sign-On security issue in Cloud ComputingSingle Sign-On security issue in Cloud Computing
Single Sign-On security issue in Cloud ComputingRahul Roshan
 
Journal of Network Security vol 4 issue 3
Journal of Network Security vol 4 issue 3Journal of Network Security vol 4 issue 3
Journal of Network Security vol 4 issue 3STM Journals
 
Application Security Trends and Issues
Application Security Trends and IssuesApplication Security Trends and Issues
Application Security Trends and IssuesDedi Dwianto
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecuritysommerville-videos
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issuesommerville-videos
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causessommerville-videos
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecuritysommerville-videos
 
Introduction to systems of systems
Introduction to systems of systemsIntroduction to systems of systems
Introduction to systems of systemssommerville-videos
 
Critical national infrastructure
Critical national infrastructureCritical national infrastructure
Critical national infrastructuresommerville-videos
 
Cybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurityCybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecuritysommerville-videos
 

Destacado (20)

Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causes
 
Maroochy water breach
Maroochy water breachMaroochy water breach
Maroochy water breach
 
Issue with Internet in college (Computer Security and Cyber Law)
Issue with Internet in college (Computer Security and Cyber Law)Issue with Internet in college (Computer Security and Cyber Law)
Issue with Internet in college (Computer Security and Cyber Law)
 
security issue
security issuesecurity issue
security issue
 
Single Sign-On security issue in Cloud Computing
Single Sign-On security issue in Cloud ComputingSingle Sign-On security issue in Cloud Computing
Single Sign-On security issue in Cloud Computing
 
Journal of Network Security vol 4 issue 3
Journal of Network Security vol 4 issue 3Journal of Network Security vol 4 issue 3
Journal of Network Security vol 4 issue 3
 
Application Security Trends and Issues
Application Security Trends and IssuesApplication Security Trends and Issues
Application Security Trends and Issues
 
Big Data (security Issue)
Big Data (security Issue)Big Data (security Issue)
Big Data (security Issue)
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurity
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issue
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causes
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurity
 
Infrastructure dependability
Infrastructure dependabilityInfrastructure dependability
Infrastructure dependability
 
Infrastructure control
Infrastructure controlInfrastructure control
Infrastructure control
 
Introduction to systems of systems
Introduction to systems of systemsIntroduction to systems of systems
Introduction to systems of systems
 
Critical national infrastructure
Critical national infrastructureCritical national infrastructure
Critical national infrastructure
 
Cybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurityCybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurity
 
System safety
System safetySystem safety
System safety
 
System success and failure
System success and failureSystem success and failure
System success and failure
 
Warsaw airbus accident
Warsaw airbus accidentWarsaw airbus accident
Warsaw airbus accident
 

Similar a Cybersecurity 4 security is sociotechnical issue

Session6_BCS428.pptxsdyfdsjfhdshfdslfdsl
Session6_BCS428.pptxsdyfdsjfhdshfdslfdslSession6_BCS428.pptxsdyfdsjfhdshfdslfdsl
Session6_BCS428.pptxsdyfdsjfhdshfdslfdslerik66383
 
The New Security Practitioner
The New Security PractitionerThe New Security Practitioner
The New Security PractitionerAdrian Sanabria
 
Certes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseCertes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseJason Bloomberg
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security WebinarAVEVA
 
chapitre1-cloud security basics-23 (1).pptx
chapitre1-cloud security basics-23 (1).pptxchapitre1-cloud security basics-23 (1).pptx
chapitre1-cloud security basics-23 (1).pptxGhofraneFerchichi2
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Commercial and government cyberwarfare
Commercial and government cyberwarfareCommercial and government cyberwarfare
Commercial and government cyberwarfareNicholas Davis
 
Commercial And Government Cyberwarfare
Commercial And Government CyberwarfareCommercial And Government Cyberwarfare
Commercial And Government CyberwarfareNicholas Davis
 
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...Luca Moroni ✔✔
 
CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1Ian Sommerville
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Power Plants Security Webinar Presentation
Power Plants Security Webinar PresentationPower Plants Security Webinar Presentation
Power Plants Security Webinar PresentationCertrec
 
CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2Ian Sommerville
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptxAkshayKhade21
 
Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security Malachi Jones
 
ISACA SLOVENIA CHAPTER October 2016 - Lubiana
ISACA SLOVENIA CHAPTER October 2016 - LubianaISACA SLOVENIA CHAPTER October 2016 - Lubiana
ISACA SLOVENIA CHAPTER October 2016 - LubianaLuca Moroni ✔✔
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityAhmed Habib
 

Similar a Cybersecurity 4 security is sociotechnical issue (20)

Session6_BCS428.pptxsdyfdsjfhdshfdslfdsl
Session6_BCS428.pptxsdyfdsjfhdshfdslfdslSession6_BCS428.pptxsdyfdsjfhdshfdslfdsl
Session6_BCS428.pptxsdyfdsjfhdshfdslfdsl
 
The New Security Practitioner
The New Security PractitionerThe New Security Practitioner
The New Security Practitioner
 
Certes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseCertes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterprise
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security Webinar
 
chapitre1-cloud security basics-23 (1).pptx
chapitre1-cloud security basics-23 (1).pptxchapitre1-cloud security basics-23 (1).pptx
chapitre1-cloud security basics-23 (1).pptx
 
How secure are your systems
How secure are your systemsHow secure are your systems
How secure are your systems
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
 
Commercial and government cyberwarfare
Commercial and government cyberwarfareCommercial and government cyberwarfare
Commercial and government cyberwarfare
 
Commercial And Government Cyberwarfare
Commercial And Government CyberwarfareCommercial And Government Cyberwarfare
Commercial And Government Cyberwarfare
 
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
 
CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Power Plants Security Webinar Presentation
Power Plants Security Webinar PresentationPower Plants Security Webinar Presentation
Power Plants Security Webinar Presentation
 
CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2
 
Intro to Security
Intro to SecurityIntro to Security
Intro to Security
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security
 
ISACA SLOVENIA CHAPTER October 2016 - Lubiana
ISACA SLOVENIA CHAPTER October 2016 - LubianaISACA SLOVENIA CHAPTER October 2016 - Lubiana
ISACA SLOVENIA CHAPTER October 2016 - Lubiana
 
Information Security Concepts.pdf
Information Security Concepts.pdfInformation Security Concepts.pdf
Information Security Concepts.pdf
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network security
 

Más de sommerville-videos

Architectural patterns for real-time systems
Architectural patterns for real-time systemsArchitectural patterns for real-time systems
Architectural patterns for real-time systemssommerville-videos
 
Introduction to real time software systems script
Introduction to real time software systems scriptIntroduction to real time software systems script
Introduction to real time software systems scriptsommerville-videos
 
System of systems classification
System of systems classificationSystem of systems classification
System of systems classificationsommerville-videos
 
Agile methods for large systems
Agile methods for large systemsAgile methods for large systems
Agile methods for large systemssommerville-videos
 
Agile and plan based development processes
Agile and plan based development processesAgile and plan based development processes
Agile and plan based development processessommerville-videos
 
Fundamental software engineering activities
Fundamental software engineering activitiesFundamental software engineering activities
Fundamental software engineering activitiessommerville-videos
 
Introducing Software Engineering
Introducing Software EngineeringIntroducing Software Engineering
Introducing Software Engineeringsommerville-videos
 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernssommerville-videos
 
Requirements engineering processes
Requirements engineering processesRequirements engineering processes
Requirements engineering processessommerville-videos
 
Requirements engineering challenges
Requirements engineering challengesRequirements engineering challenges
Requirements engineering challengessommerville-videos
 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systemssommerville-videos
 

Más de sommerville-videos (20)

Architectural patterns for real-time systems
Architectural patterns for real-time systemsArchitectural patterns for real-time systems
Architectural patterns for real-time systems
 
Introduction to real time software systems script
Introduction to real time software systems scriptIntroduction to real time software systems script
Introduction to real time software systems script
 
System of systems classification
System of systems classificationSystem of systems classification
System of systems classification
 
Reuse landscape
Reuse landscapeReuse landscape
Reuse landscape
 
Scaling agile
Scaling agileScaling agile
Scaling agile
 
Agile methods for large systems
Agile methods for large systemsAgile methods for large systems
Agile methods for large systems
 
User stories
User storiesUser stories
User stories
 
Agile and plan based development processes
Agile and plan based development processesAgile and plan based development processes
Agile and plan based development processes
 
Fundamental software engineering activities
Fundamental software engineering activitiesFundamental software engineering activities
Fundamental software engineering activities
 
Introducing Software Engineering
Introducing Software EngineeringIntroducing Software Engineering
Introducing Software Engineering
 
Why se script
Why se scriptWhy se script
Why se script
 
Ariane 5 launcher failure
Ariane 5 launcher failure Ariane 5 launcher failure
Ariane 5 launcher failure
 
Airbus Flight Control System
Airbus Flight Control SystemAirbus Flight Control System
Airbus Flight Control System
 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concerns
 
Requirements engineering processes
Requirements engineering processesRequirements engineering processes
Requirements engineering processes
 
Requirements engineering challenges
Requirements engineering challengesRequirements engineering challenges
Requirements engineering challenges
 
Intro to requirements eng.
Intro to requirements eng.Intro to requirements eng.
Intro to requirements eng.
 
Emergent properties
Emergent propertiesEmergent properties
Emergent properties
 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systems
 
Availability and reliability
Availability and reliabilityAvailability and reliability
Availability and reliability
 

Último

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 

Último (20)

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 

Cybersecurity 4 security is sociotechnical issue

  • 1. Security is a socio-technical issue Cybersecurity: Security is a socio-technical issue Slide 1
  • 2. Improved security technology • Computer security and security engineering focuses on the technical aspects of the cybersecurity problem Cybersecurity: Security is a socio-technical issue Slide 2
  • 3. • By reducing vulnerabilities in code and by adding more checks to code, many security vulnerabilities can be avoided and the number of incidents reduced • However, this can significantly increase costs and time required for development and so delay delivery of the software Cybersecurity: Security is a socio-technical issue Slide 3
  • 4. © John Wiley and Sons 2004 Cybersecurity: Security is a socio-technical issue Slide 4
  • 5. • “If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.” Cybersecurity: Security is a socio-technical issue Slide 5
  • 6. © John Wiley and Sons 2004 • "Security is a chain; it's only as secure as the weakest link." Cybersecurity: Security is a socio-technical issue Slide 6
  • 7. • Technology is necessary but cannot, on its own, guarantee that systems will be secure • Cybersecurity is a socio-technical rather than a technical problem Cybersecurity: Security is a socio-technical issue Slide 7
  • 8. Why technology is not enough • Technology reliability cannot be guaranteed • Insider attacks • Technical security compromises made for usability reasons Cybersecurity: Security is a socio-technical issue Slide 8
  • 9. • Failure of organisational procedures or poorly designed procedures • Human carelessness • Social engineering Cybersecurity: Security is a socio-technical issue Slide 9
  • 10. Unreliable technology • In the same way that it is practically impossible to guarantee that a complex system is free from bugs, it is also impossible to guarantee that a system is free from security vulnerabilities Cybersecurity: Security is a socio-technical issue Slide 10
  • 11. • Even if a system A is „secure‟, it may rely on other systems that are potentially insecure. If these are owned by different people, „system wide‟ security validation is impossible Cybersecurity: Security is a socio-technical issue Slide 11
  • 12. Insider attacks • Insiders have legitimate credentials that allows them access to the system – Therefore, strong access control technology is not a barrier Cybersecurity: Security is a socio-technical issue Slide 12
  • 13. • Insiders in an organisation are aware of the technical safeguards built into the system and may know how to circumvent these – especially if they have privileged system access • Insiders have local knowledge that may be used for social engineering and so may be able to discover privileged information. Cybersecurity: Security is a socio-technical issue Slide 13
  • 14. Maroochy water breach Image credit: www.discoverqueensland.com.au Cybersecurity: Security is a socio-technical issue Slide 14
  • 15. Usability vs security • There is always a trade-off to be made between usability and security • Security procedures slow down system operation and may alienate users Cybersecurity: Security is a socio-technical issue Slide 15
  • 16. Companies may make a deliberate decision to use weaker security procedures so that users don‟t decide to go elsewhere Login/password authentication instead of biometrics © http://www.activistpost.com/ 2012 Cybersecurity: Security is a socio-technical issue Unencrypted information as encryption slows down the system Slide 16
  • 17. Procedural failures • Procedures that are intended to maintain security may be badly designed or implemented • This may introduce vulnerabilities into the system or may mean that users have to circumvent procedures Cybersecurity: Security is a socio-technical issue Slide 17
  • 18. Poor procedures • Companies request strong passwords but do not provide any help to users how to construct strong easy to remember passwords such as “My_hamster.spot • Requirements for regular password change. Thought to improve security but actually means that users can‟t remember passwords so they write them down Cybersecurity: Security is a socio-technical issue Slide 18
  • 19. Human carelessness • People will inevitably be careless © www.labnol.org 2009 Cybersecurity: Security is a socio-technical issue – Leave systems unattended whilst they are logged on – Use authentication in public places where they can be observed Slide 19
  • 20. Some technical controls against carelessness but impossible to completely control this vulnerability without incurring very high costs Cybersecurity: Security is a socio-technical issue Slide 20
  • 21. Social engineering © thehackernews.com 2011 Cybersecurity: Security is a socio-technical issue • Many examples that show users are willing to provide confidential information to a plausible Slide 21
  • 22. • Attacker Alex calls system admin Bob pretending to be the manager of a company and asks for his password to be reset. • He asks Bob to tell him the new password • Bob wants to please his boss so does as he is asked . • Alex then can gain access to the system (and lock out the legitimate manager) Cybersecurity: Security is a socio-technical issue Slide 22
  • 23. Multiple points of failure • These „social‟ vulnerabilities may be exploited in connection with each other or with technical vulnerabilities to gain access to system Cybersecurity: Security is a socio-technical issue Slide 23
  • 24. • For example, a successful password attack may require social engineering to convince system administators to reset a user‟s password Cybersecurity: Security is a socio-technical issue Slide 24
  • 25. • A poor password change procedure, which does not include a check to ensure that the requestor is legitimate – Require text confirmation of password change request or text password change details to users mobile – Requests made by phone should require callback25 Slide Cybersecurity: Security is a socio-technical issue
  • 26. Summary • Cybersecurity is a socio-technical problem • Technology reliability cannot be guaranteed • Insider attacks • Technical security compromises made for usability reasons Cybersecurity: Security is a socio-technical issue Slide 26
  • 27. • Failure of organisational procedures or poorly designed procedures • Human carelessness • Social engineering Cybersecurity: Security is a socio-technical issue Slide 27