Beyond Awareness

Beyond
Awareness

23 de febrero 2006 Infosecurity Iberia 2006 1

Awareness

22 de Marzo de Infosecurity Iberia 2006 2

Awareness

•Best Practices.
•Compliance with Policies.
•Risks.
•Teach to
•Know and Understand.


Awareness

•Teach
•Convince.
•Motivate.


Threats


Human Threats

•Fraud.
•Scams.
•Corruption.
•Blakmail.


Human Threats

•Tailgating.
•Uncontrolled visitors.
•Mail or phone information requests.
•Forgotten doc in Printers, Fax, etc.
•Trust in uniforms.


Amenazas Técnicas

•The user must reach were systems can’t
•Hoax, Spam, Virus, Phising, Spyware.
•Backup copies.
•Authentication Sharing.
•Undeleted discarded information.
•...but systems should help.


Errors


Errores

180


Errores

•A automatic signal for doors open was requested, but not
granted.
•The person who had to close the doors was sleeping.
•The official who had to check the doors couldn’t do it, they
were short of personnel and was busy doing something
else.
•The boat was designed for a different route, so the ramp
was too high. For this reason it was ballasted, and the
ballast wasn’t drained because they were short of time.
•As they were short of time, the captain started full throttel,
which caused the wave the sink the boat.

Errores

•Who was guilty for the sinking?
•NONE OF THE ABOVE.

•THE MANAGERS who put the crew in a position were
human error was possible and likely,.


Irrationality


Actitud

•Honesty.
•Loyalty.
•Professional attitude.
•Healthy skepticism.


Irracionalidad

•Lottery.
•Milgram and Asch experiments:
•Respect to Authority.
•Uncontested Obedience.
•Response to group pressure.
•Uniforms.
•Conformism.
•Kitty Genovese case.
•You are more likely to stick to your deciosions if you make
themMarzo de
22 de
public. Infosecurity Iberia 2006 16

Information


Inform

• “When I hear, I forget, when I see, I
remember, when I do, I learn” Confucius (551-479 BC)
•Positive messages are remembered better
than negative ones.
•Two frequent errors :
•Too much information.
•Information too technical.


Informa

•Communication Media.
•Posters.
•Mails.
•Meetings.
•Etc.


Tuition


Tuition

•Check the message reached the other end.
•Exams.
•Surveys.
•Results.


Motivation


Motivation - Rewards

•Unpleasant actions: They are better
performed without a reward or with a small
one.
•Pleasan actions: Motivation is lost if they
are rewarded.
•Rewards:
•Material ones.
•Acknowledgement for your peers.

Motivación - Pusnihment

•They are more effective the more likely they
are, not the more severe they are.
•Punishments:
•Material.
•Losing face.


Motivación - Persuasion

•It is far more likely someone will do
something if it is felt as his or her own will.
•It is more likely an action will be taken if
we believe in it.
•To persuade is more difficult than reward
or punish, but far for difficult.


Responsibility


Responsibility

•Understand responsibilities distribution.
•Assum your own responsibility.
•Stablish barriers for information gathering
and collusion.


Responsibility

•Transparency.
•Partitioning.
•Separation.
•Rotation.
•Supervision.


Measurement


Medición

•Information – Activity.
•Tuition – Surveys.
•Trust – (No se puede)
•Behaviour – Trials, practice.


Summary

•Inform.
•Teach.
•Motivate.

•Manage.
•TPSRSR.


THANKS


Beyond Awareness

Recomendados

Recomendados

Más contenido relacionado

Destacado

Destacado (8)

Más de Conferencias FIST

Más de Conferencias FIST (20)

Último

Último (20)

Beyond Awareness

Notas del editor