SlideShare uma empresa Scribd logo

Austin Bsides March 2016 Cyber Presentation

Expressworks International
Expressworks International

Dr. Hend Ezzeddinne, Cyber Security Practice Director for Expressworks, gave this talk at Austin Bsides conference in March. Folks there were quick to acknowledge that technology is not enough. Hackers are targeting human brains. Hend's talk provides insights into what can be done to help users and companies be more cyber resilient.

Negócios
1 de 22
Baixar para ler offline
© EXPRESSWORKS It’s not just about the Technology, it’s also about the Psychology Speakers: Hend Ezzeddine, Ph.D Cyber security Practice Director Flora Moon Sustainability Practice Director Bsides Austin March 2016
© EXPRESSWORKS Agenda Why does the psychology of security matter? What are the pitfalls that hackers exploit? How to apply behavioral change to reinforce cyber resilience?
Focusing on Results • Accomplish the original (business) intent • Achieve Return on Investment (ROI) goals • Align behaviors and actions to business results • Deliver value without destroying potential future value • Develop the capacity to adapt more quickly to change • Create higher expectations for future projects • Strengthen the organization’s competitive position Delivering Expertise Our network of 120 change and learning consultants leverage their years of experience on change projects. • Avg. experience: 17 years • Avg. Expressworks tenure: 8 years • 52% with a Master or PhD degrees • 58% with “Big 5” experience Creating Meaningful Sustainable Change within Your Organization Our collaborative approach allows us to leverage our expertise with your keen knowledge of your business and your people. Aligning with Your Unique Culture We’re not afraid to roll up our sleeves. We help you get your arms around the actual work of change, translating high-level strategy into concrete outcomes that make sense in your organization. Average over 200 Projects Each Year Our consultants are working in Chevron, Shell, Phillips 66, Adobe and USAA; and in Australia, the Philippines, Indonesia, Nigeria, Angola, Thailand, the UK and the US. 1984 1990 Today Founded in 1984 with a commitment to sustainable change in diverse environments. Guided by a Change Methodology developed by Expressworks, following a multi-client research project on successful implementation of change 01Change Implementation Expertise 04Results 03 Trusted Collaboration 02 Adaptive About Expressworks
© EXPRESSWORKS Who we are • Hend Ezzeddine, Ph.D Hend is the Cyber security Practice Director at Expressworks, a change management consultancy. She has over 10 years of experience helping clients implement and adopt cutting edge IT solutions. Her focus is on designing organizational capabilities that enable a complete business transformation and maximizes ROI of major IT Programs. In the Cybersecurity space, Hend's work is primarily focused on the human element and leverages cognitive behaviors to reduce user errors and establish safer behaviors. She holds a Ph.D in Organizational Design and Innovation Management. Hend is the author of a number of scholarly articles and blogs on various topics. • Flora Moon Flora Moon has been engaged in designing user experience for her entire multi-decade career. As a filmmaker she engaged audiences with award winning content. In high technology she was part of the start up team that brought high speed internet service to Houston. As a management consultant she has been responsible for user experience and insights for web technologies and ERP systems. Currently a Senior Manager for Expressworks, a change management consultancy that helps clients navigate systemic and culture change, Flora has led change management strategy and execution for enterprise programs since 2008.
© EXPRESSWORKS Why does the psychology of security matter?
© EXPRESSWORKS Human vs. Technology: Who wins? Technology Training and communication Users
© EXPRESSWORKS Human error was behind the Target data breach and the user wasn’t even a Target employee Target suffered 440 million dollars in revenue losses as a result of lowered consumer confidence from the hack.
© EXPRESSWORKS Who is your user? Your tech savvy user who is excellent at taking shortcuts Your not so tech savvy user who is doing his best, yet…
© EXPRESSWORKS Let’s look at the facts 66% Former and current employees 84% Nature of security incidents Non-technical 90% Could anything have been done? Data breaches are preventable Source of cyber security incidents
© EXPRESSWORKS What are the pitfalls that hackers exploit regularly?
© EXPRESSWORKS Hackers play on humans’ emotions and exploit their psychological and cognitive pitfalls If they follow a script, for instance, I know they’re a low-level employee or recently hired. And they’re the types of employees we can exploit. Former Hacker “ ”
© EXPRESSWORKS Deception is more of a science than an art… Cognitive science Psychology Behavioral Economics
© EXPRESSWORKS What hackers try to exploit… BEHAVIORAL ECONOMICS: • Most people are less afraid of a risk they choose to take vs. a risk that has been imposed on them • Most people are willing to take a risk if they believe that it also provides them with some sort of benefits (framing effect) A penetration test targeted the finance directors of 500 publicly-quoted companies. They were sent a USB memory stick as part of an anonymous invitation saying ‘For Your Chance to Attend the Party of a Lifetime’; 46% of them put it into their computers
© EXPRESSWORKS What hackers try to exploit… PSYCHOLOGY: • Most average users really want to be helpful and the illusion of a reason is as effective as a valid reason • Most users respond obediently to authority, hence the effectiveness of “CEO fraud” type of attacks According to the US Federal Bureau of Investigation, CEO Fraud has cost businesses around the globe more than $2bn in little over two years.
© EXPRESSWORKS What hackers try to exploit… COGNITIVE SCIENCE: • Frequent changes to a memorized item interfere with remembering the new version of the item • When required to change their passwords, users tended to create passwords that followed predictable patterns, called “transformations” An attacker who knows the previous password and can carry out an offline attack can guess the current password for 41% of accounts within 3 seconds per account.
© EXPRESSWORKS What does it mean to think like a Hacker? Psychology of security Cognitive Patterns Actions/ Behaviors
© EXPRESSWORKS How to apply Behavioral Change to reinforce cyber resilience?
© EXPRESSWORKS Cyber resilience is often a balancing act Security behaviors Human errors The most successful results are exhibited when we take a system approach where the “human in the loop” is at the heart of the cyber security initiative
© EXPRESSWORKS How to design a cyber resilience framework around behavioral change? Leadership commitment Organizational structure Operating model Talent management Culture  How to get the board and the C-suite to demonstrate commitment?  How can you guide them to support you?  What’s the best organizational structure for your initiative?  How to empower employees to make the right decisions at the right time and level?  Do you have a clear cross-functional cooperation model?  Do you have clear cyber security activities?  Why is culture key to your success?  How to develop a strong cyber security culture?  What are your needs in terms of skills and resources?  How to train and retain the right talent for cyber security? This material is protected by copyright. No further reproduction or distribution is allowed without explicit permission from Expressworks.
© EXPRESSWORKS How to leverage behavioral science to reduce human error and reinforce safe behaviors? Design to reduce human errors Maintain compliance by reinforcing the right behavior Train users to recognize Cyber threats Perceptual learning: Consider training specific visual skills to develop users ability to recognize cyber threats and extract meaningful patterns instantaneously. Human Performance Engineering: Consider which type of security warnings will be most effective in triggering the right behaviors. For example, active warnings will require the user to deliberately decide accessing a web site or downloading an attachment. Choice architecture: Consider minimizing decision- making when users are trying to focus on their day to day tasks by defaulting external emails to be filed as spam. Social proof: Consider communicating the % of people who are compliant to motivate users to comply.
© EXPRESSWORKS Once people adopt the right behaviors, complying with cyber security will become a second nature I have diversified work assignments and access to the right training. I understand our cybersecurity solution and how to measure its effectiveness. I own cybersecurity for myself and my organization I feel empowered to make the right decisions and can access the C- suite/board as needed
© EXPRESSWORKS Contact Information Visit our website: http://www.expressworks.com/ Email us hendezzeddine@expressworks.com floramoon@expressworks.com

Recomendados

Opi cyber talk for executives
Opi cyber talk for executivesOpi cyber talk for executives
Opi cyber talk for executivesExpressworks International
 
Expressworks Perspective on Human Behavior and Cyber Security
Expressworks Perspective on Human Behavior and Cyber SecurityExpressworks Perspective on Human Behavior and Cyber Security
Expressworks Perspective on Human Behavior and Cyber SecurityExpressworks International
 
Human Error in Cyber Security
Human Error in Cyber SecurityHuman Error in Cyber Security
Human Error in Cyber SecurityAntti Ollila
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorSandra (Sandy) Dunn
 
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasBlack Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasTripwire
 
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...Mighty Guides, Inc.
 
How to Catch a Wolf in Sheep's Clothing
How to Catch a Wolf in Sheep's ClothingHow to Catch a Wolf in Sheep's Clothing
How to Catch a Wolf in Sheep's ClothingThinAir
 
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Tripwire
 

Recomendados

Opi cyber talk for executives
Opi cyber talk for executivesOpi cyber talk for executives
Opi cyber talk for executivesExpressworks International
 
Expressworks Perspective on Human Behavior and Cyber Security
Expressworks Perspective on Human Behavior and Cyber SecurityExpressworks Perspective on Human Behavior and Cyber Security
Expressworks Perspective on Human Behavior and Cyber SecurityExpressworks International
 
Human Error in Cyber Security
Human Error in Cyber SecurityHuman Error in Cyber Security
Human Error in Cyber SecurityAntti Ollila
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorSandra (Sandy) Dunn
 
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasBlack Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasTripwire
 
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...Mighty Guides, Inc.
 
How to Catch a Wolf in Sheep's Clothing
How to Catch a Wolf in Sheep's ClothingHow to Catch a Wolf in Sheep's Clothing
How to Catch a Wolf in Sheep's ClothingThinAir
 
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Tripwire
 
IT security
IT securityIT security
IT securitySteven Aiello
 
Cybersecurity in Low-Risk Organizations: Understanding Your Risk and Making P...
Cybersecurity in Low-Risk Organizations: Understanding Your Risk and Making P...Cybersecurity in Low-Risk Organizations: Understanding Your Risk and Making P...
Cybersecurity in Low-Risk Organizations: Understanding Your Risk and Making P...TechSoup
 
Bill Lisse - Communicating Security Across the C-Suite
Bill Lisse - Communicating Security Across the C-SuiteBill Lisse - Communicating Security Across the C-Suite
Bill Lisse - Communicating Security Across the C-Suitecentralohioissa
 
Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...
Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...
Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...centralohioissa
 
google-experts-VS-regular-users
google-experts-VS-regular-usersgoogle-experts-VS-regular-users
google-experts-VS-regular-usersThomas Hughes
 
Tech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapDominic Vogel
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the Warcentralohioissa
 
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadRethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadOpenDNS
 
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?dianadvo
 
Preparing for a New Career in Cyber - Pulsedive
Preparing for a New Career in Cyber - PulsedivePreparing for a New Career in Cyber - Pulsedive
Preparing for a New Career in Cyber - PulsediveGrace Chi
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of securityMatthew Pascucci
 
Cultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurityCultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurityDavid X Martin
 
Forget cyber, it's all about AppSec
Forget cyber, it's all about AppSecForget cyber, it's all about AppSec
Forget cyber, it's all about AppSecAdrien de Beaupre
 
Security Differently - DevSecOps Days Austin 2019
Security Differently - DevSecOps Days Austin 2019Security Differently - DevSecOps Days Austin 2019
Security Differently - DevSecOps Days Austin 2019Aaron Rinehart
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyMighty Guides, Inc.
 
Complete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesComplete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesIJNSA Journal
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Troy Marshall
 
Iid infoshare exec_summary final
Iid infoshare exec_summary finalIid infoshare exec_summary final
Iid infoshare exec_summary finalAndrew_Goss
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook SecurityRogers Communications
 
Vivir's ACFI financial modelling_January 2017
Vivir's ACFI financial modelling_January 2017Vivir's ACFI financial modelling_January 2017
Vivir's ACFI financial modelling_January 2017Jenny Mowatt
 
Project 2_Design Process_Research Analysis.pdf
Project 2_Design Process_Research Analysis.pdfProject 2_Design Process_Research Analysis.pdf
Project 2_Design Process_Research Analysis.pdfFoo Zhi Fung
 

Mais conteúdo relacionado

Mais procurados

Cybersecurity in Low-Risk Organizations: Understanding Your Risk and Making P...
Cybersecurity in Low-Risk Organizations: Understanding Your Risk and Making P...Cybersecurity in Low-Risk Organizations: Understanding Your Risk and Making P...
Cybersecurity in Low-Risk Organizations: Understanding Your Risk and Making P...TechSoup
 
Bill Lisse - Communicating Security Across the C-Suite
Bill Lisse - Communicating Security Across the C-SuiteBill Lisse - Communicating Security Across the C-Suite
Bill Lisse - Communicating Security Across the C-Suitecentralohioissa
 
Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...
Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...
Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...centralohioissa
 
google-experts-VS-regular-users
google-experts-VS-regular-usersgoogle-experts-VS-regular-users
google-experts-VS-regular-usersThomas Hughes
 
Tech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapDominic Vogel
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the Warcentralohioissa
 
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadRethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadOpenDNS
 
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?dianadvo
 
Preparing for a New Career in Cyber - Pulsedive
Preparing for a New Career in Cyber - PulsedivePreparing for a New Career in Cyber - Pulsedive
Preparing for a New Career in Cyber - PulsediveGrace Chi
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of securityMatthew Pascucci
 
Cultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurityCultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurityDavid X Martin
 
Forget cyber, it's all about AppSec
Forget cyber, it's all about AppSecForget cyber, it's all about AppSec
Forget cyber, it's all about AppSecAdrien de Beaupre
 
Security Differently - DevSecOps Days Austin 2019
Security Differently - DevSecOps Days Austin 2019Security Differently - DevSecOps Days Austin 2019
Security Differently - DevSecOps Days Austin 2019Aaron Rinehart
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyMighty Guides, Inc.
 
Complete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesComplete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesIJNSA Journal
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Troy Marshall
 
Iid infoshare exec_summary final
Iid infoshare exec_summary finalIid infoshare exec_summary final
Iid infoshare exec_summary finalAndrew_Goss
 

Mais procurados (20)

IT security
IT securityIT security
IT security
 
Cybersecurity in Low-Risk Organizations: Understanding Your Risk and Making P...
Cybersecurity in Low-Risk Organizations: Understanding Your Risk and Making P...Cybersecurity in Low-Risk Organizations: Understanding Your Risk and Making P...
Cybersecurity in Low-Risk Organizations: Understanding Your Risk and Making P...
 
Bill Lisse - Communicating Security Across the C-Suite
Bill Lisse - Communicating Security Across the C-SuiteBill Lisse - Communicating Security Across the C-Suite
Bill Lisse - Communicating Security Across the C-Suite
 
Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...
Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...
Chris Clymer & Jack Nichelson - How to Secure Things & Influence People: 10 C...
 
google-experts-VS-regular-users
google-experts-VS-regular-usersgoogle-experts-VS-regular-users
google-experts-VS-regular-users
 
Tech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event Recap
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
 
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadRethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
 
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
 
Preparing for a New Career in Cyber - Pulsedive
Preparing for a New Career in Cyber - PulsedivePreparing for a New Career in Cyber - Pulsedive
Preparing for a New Career in Cyber - Pulsedive
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 
Cultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurityCultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurity
 
Forget cyber, it's all about AppSec
Forget cyber, it's all about AppSecForget cyber, it's all about AppSec
Forget cyber, it's all about AppSec
 
Security Differently - DevSecOps Days Austin 2019
Security Differently - DevSecOps Days Austin 2019Security Differently - DevSecOps Days Austin 2019
Security Differently - DevSecOps Days Austin 2019
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
 
Complete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesComplete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resources
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
 
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
 
Iid infoshare exec_summary final
Iid infoshare exec_summary finalIid infoshare exec_summary final
Iid infoshare exec_summary final
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook Security
 

Destaque

Vivir's ACFI financial modelling_January 2017
Vivir's ACFI financial modelling_January 2017Vivir's ACFI financial modelling_January 2017
Vivir's ACFI financial modelling_January 2017Jenny Mowatt
 
Project 2_Design Process_Research Analysis.pdf
Project 2_Design Process_Research Analysis.pdfProject 2_Design Process_Research Analysis.pdf
Project 2_Design Process_Research Analysis.pdfFoo Zhi Fung
 
Complaints Handling within Regulated Financial Services Firms- Consumer Research
Complaints Handling within Regulated Financial Services Firms- Consumer ResearchComplaints Handling within Regulated Financial Services Firms- Consumer Research
Complaints Handling within Regulated Financial Services Firms- Consumer ResearchOrla Deasy
 
enbefinalprojectproposal-141130045858-conversion-gate01.pdf
enbefinalprojectproposal-141130045858-conversion-gate01.pdfenbefinalprojectproposal-141130045858-conversion-gate01.pdf
enbefinalprojectproposal-141130045858-conversion-gate01.pdfFoo Zhi Fung
 
ICI project 2 (1).pdf
ICI project 2 (1).pdfICI project 2 (1).pdf
ICI project 2 (1).pdfFoo Zhi Fung
 
Jake Horaist resume
Jake Horaist resumeJake Horaist resume
Jake Horaist resumeJake Horaist
 
ICI project 2 (1).pdf
ICI project 2 (1).pdfICI project 2 (1).pdf
ICI project 2 (1).pdfFoo Zhi Fung
 
ICI Final Project.docx
ICI Final Project.docxICI Final Project.docx
ICI Final Project.docxFoo Zhi Fung
 
WHAT DID JOHN SEE IN REVELATION
WHAT DID JOHN SEE IN REVELATIONWHAT DID JOHN SEE IN REVELATION
WHAT DID JOHN SEE IN REVELATIONLavera Wright
 
structuralengeeniring63-141128233958-conversion-gate02.ppt
structuralengeeniring63-141128233958-conversion-gate02.pptstructuralengeeniring63-141128233958-conversion-gate02.ppt
structuralengeeniring63-141128233958-conversion-gate02.pptFoo Zhi Fung
 
Music magazine plan
Music magazine plan Music magazine plan
Music magazine plan lydiaharding
 
tj3brief-140618055558-phpapp02-141208075913-conversion-gate02 (1).pdf
tj3brief-140618055558-phpapp02-141208075913-conversion-gate02 (1).pdftj3brief-140618055558-phpapp02-141208075913-conversion-gate02 (1).pdf
tj3brief-140618055558-phpapp02-141208075913-conversion-gate02 (1).pdfFoo Zhi Fung
 
Matthew Brazwell's Refuel Outage 20 Logo
Matthew Brazwell's Refuel Outage 20 Logo Matthew Brazwell's Refuel Outage 20 Logo
Matthew Brazwell's Refuel Outage 20 Logo Matthew Brazwell
 
Grammar book by Alejandra Green
Grammar book by Alejandra Green Grammar book by Alejandra Green
Grammar book by Alejandra Green alexandra2green
 
CL Project02_Briefing.pdf
CL Project02_Briefing.pdfCL Project02_Briefing.pdf
CL Project02_Briefing.pdfFoo Zhi Fung
 
Project03 (Final Project)_Briefing.pdf
Project03 (Final Project)_Briefing.pdfProject03 (Final Project)_Briefing.pdf
Project03 (Final Project)_Briefing.pdfFoo Zhi Fung
 
commercialreport2014
commercialreport2014commercialreport2014
commercialreport2014Orla Deasy
 

Destaque (20)

Vivir's ACFI financial modelling_January 2017
Vivir's ACFI financial modelling_January 2017Vivir's ACFI financial modelling_January 2017
Vivir's ACFI financial modelling_January 2017
 
Project 2_Design Process_Research Analysis.pdf
Project 2_Design Process_Research Analysis.pdfProject 2_Design Process_Research Analysis.pdf
Project 2_Design Process_Research Analysis.pdf
 
Complaints Handling within Regulated Financial Services Firms- Consumer Research
Complaints Handling within Regulated Financial Services Firms- Consumer ResearchComplaints Handling within Regulated Financial Services Firms- Consumer Research
Complaints Handling within Regulated Financial Services Firms- Consumer Research
 
enbefinalprojectproposal-141130045858-conversion-gate01.pdf
enbefinalprojectproposal-141130045858-conversion-gate01.pdfenbefinalprojectproposal-141130045858-conversion-gate01.pdf
enbefinalprojectproposal-141130045858-conversion-gate01.pdf
 
ICI project 2 (1).pdf
ICI project 2 (1).pdfICI project 2 (1).pdf
ICI project 2 (1).pdf
 
Jake Horaist resume
Jake Horaist resumeJake Horaist resume
Jake Horaist resume
 
Music magazine
Music magazineMusic magazine
Music magazine
 
ICI project 2 (1).pdf
ICI project 2 (1).pdfICI project 2 (1).pdf
ICI project 2 (1).pdf
 
ICI Final Project.docx
ICI Final Project.docxICI Final Project.docx
ICI Final Project.docx
 
WHAT DID JOHN SEE IN REVELATION
WHAT DID JOHN SEE IN REVELATIONWHAT DID JOHN SEE IN REVELATION
WHAT DID JOHN SEE IN REVELATION
 
structuralengeeniring63-141128233958-conversion-gate02.ppt
structuralengeeniring63-141128233958-conversion-gate02.pptstructuralengeeniring63-141128233958-conversion-gate02.ppt
structuralengeeniring63-141128233958-conversion-gate02.ppt
 
Music magazine plan
Music magazine plan Music magazine plan
Music magazine plan
 
Da
DaDa
Da
 
Accountability
AccountabilityAccountability
Accountability
 
tj3brief-140618055558-phpapp02-141208075913-conversion-gate02 (1).pdf
tj3brief-140618055558-phpapp02-141208075913-conversion-gate02 (1).pdftj3brief-140618055558-phpapp02-141208075913-conversion-gate02 (1).pdf
tj3brief-140618055558-phpapp02-141208075913-conversion-gate02 (1).pdf
 
Matthew Brazwell's Refuel Outage 20 Logo
Matthew Brazwell's Refuel Outage 20 Logo Matthew Brazwell's Refuel Outage 20 Logo
Matthew Brazwell's Refuel Outage 20 Logo
 
Grammar book by Alejandra Green
Grammar book by Alejandra Green Grammar book by Alejandra Green
Grammar book by Alejandra Green
 
CL Project02_Briefing.pdf
CL Project02_Briefing.pdfCL Project02_Briefing.pdf
CL Project02_Briefing.pdf
 
Project03 (Final Project)_Briefing.pdf
Project03 (Final Project)_Briefing.pdfProject03 (Final Project)_Briefing.pdf
Project03 (Final Project)_Briefing.pdf
 
commercialreport2014
commercialreport2014commercialreport2014
commercialreport2014
 

Semelhante a Austin Bsides March 2016 Cyber Presentation

Capabilities we need now in change management
Capabilities we need now in change managementCapabilities we need now in change management
Capabilities we need now in change managementLena Ross
 
Alliances, Data and Startup Mentality - How we Led Three Banks through DevOps...
Alliances, Data and Startup Mentality - How we Led Three Banks through DevOps...Alliances, Data and Startup Mentality - How we Led Three Banks through DevOps...
Alliances, Data and Startup Mentality - How we Led Three Banks through DevOps...Chris Nowak
 
McKinsey & Company : Talent Management and Knowledge Management
McKinsey & Company : Talent Management and Knowledge ManagementMcKinsey & Company : Talent Management and Knowledge Management
McKinsey & Company : Talent Management and Knowledge ManagementHarsh Tamakuwala
 
Intranet design strategies2011 (nx power lite)
Intranet design strategies2011 (nx power lite)Intranet design strategies2011 (nx power lite)
Intranet design strategies2011 (nx power lite)Sara Durning, MDes
 
Agile and Generative AI - friends or foe?
Agile and Generative AI - friends or foe?Agile and Generative AI - friends or foe?
Agile and Generative AI - friends or foe?Emiliano Soldi
 
BlueVoyant: 7 Experts Share Key Questions To Ask When Evaluating Providers
BlueVoyant: 7 Experts Share Key Questions To Ask When Evaluating ProvidersBlueVoyant: 7 Experts Share Key Questions To Ask When Evaluating Providers
BlueVoyant: 7 Experts Share Key Questions To Ask When Evaluating ProvidersMighty Guides, Inc.
 
How Do You Create A Successful Information Security Program Hire A Great Iso!!
How Do You Create A Successful Information Security Program Hire A Great Iso!!How Do You Create A Successful Information Security Program Hire A Great Iso!!
How Do You Create A Successful Information Security Program Hire A Great Iso!!Tammy Clark
 
Case Study- CareerWhiz
Case Study- CareerWhizCase Study- CareerWhiz
Case Study- CareerWhizDaniil Shash
 
CISO Interview Question.pdf
CISO Interview Question.pdfCISO Interview Question.pdf
CISO Interview Question.pdfinfosec train
 
Social Media: Infiltrating The Enterprise
Social Media: Infiltrating The EnterpriseSocial Media: Infiltrating The Enterprise
Social Media: Infiltrating The EnterpriseJay McLaughlin
 
Workforce experiences
Workforce experiencesWorkforce experiences
Workforce experiencesPaul Burrin
 
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...Pedro Henriques
 
ADEPT Technology Adoption Deck 2019
ADEPT Technology Adoption Deck 2019ADEPT Technology Adoption Deck 2019
ADEPT Technology Adoption Deck 2019ADEPTCentral
 
ResoNova Company Introduction
ResoNova Company IntroductionResoNova Company Introduction
ResoNova Company IntroductionNatalie James
 
Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementMighty Guides, Inc.
 
'InnovateVirtual' Targeted Communication
'InnovateVirtual' Targeted Communication 'InnovateVirtual' Targeted Communication
'InnovateVirtual' Targeted Communication Eric Bruggeman ET
 
Social Collaboration And Talent - Knowledge Infusion (Feb 2009)
Social Collaboration And Talent - Knowledge Infusion (Feb 2009)Social Collaboration And Talent - Knowledge Infusion (Feb 2009)
Social Collaboration And Talent - Knowledge Infusion (Feb 2009)Jason Corsello
 

Semelhante a Austin Bsides March 2016 Cyber Presentation (20)

Capabilities we need now in change management
Capabilities we need now in change managementCapabilities we need now in change management
Capabilities we need now in change management
 
Alliances, Data and Startup Mentality - How we Led Three Banks through DevOps...
Alliances, Data and Startup Mentality - How we Led Three Banks through DevOps...Alliances, Data and Startup Mentality - How we Led Three Banks through DevOps...
Alliances, Data and Startup Mentality - How we Led Three Banks through DevOps...
 
The 10 Most Influential Leaders in Business 2019
The 10 Most Influential Leaders in Business 2019The 10 Most Influential Leaders in Business 2019
The 10 Most Influential Leaders in Business 2019
 
McKinsey & Company : Talent Management and Knowledge Management
McKinsey & Company : Talent Management and Knowledge ManagementMcKinsey & Company : Talent Management and Knowledge Management
McKinsey & Company : Talent Management and Knowledge Management
 
Intranet design strategies2011 (nx power lite)
Intranet design strategies2011 (nx power lite)Intranet design strategies2011 (nx power lite)
Intranet design strategies2011 (nx power lite)
 
Handsome Overview
Handsome OverviewHandsome Overview
Handsome Overview
 
OSPRO Systems Profile
OSPRO Systems ProfileOSPRO Systems Profile
OSPRO Systems Profile
 
Agile and Generative AI - friends or foe?
Agile and Generative AI - friends or foe?Agile and Generative AI - friends or foe?
Agile and Generative AI - friends or foe?
 
BlueVoyant: 7 Experts Share Key Questions To Ask When Evaluating Providers
BlueVoyant: 7 Experts Share Key Questions To Ask When Evaluating ProvidersBlueVoyant: 7 Experts Share Key Questions To Ask When Evaluating Providers
BlueVoyant: 7 Experts Share Key Questions To Ask When Evaluating Providers
 
How Do You Create A Successful Information Security Program Hire A Great Iso!!
How Do You Create A Successful Information Security Program Hire A Great Iso!!How Do You Create A Successful Information Security Program Hire A Great Iso!!
How Do You Create A Successful Information Security Program Hire A Great Iso!!
 
Case Study- CareerWhiz
Case Study- CareerWhizCase Study- CareerWhiz
Case Study- CareerWhiz
 
CISO Interview Question.pdf
CISO Interview Question.pdfCISO Interview Question.pdf
CISO Interview Question.pdf
 
Social Media: Infiltrating The Enterprise
Social Media: Infiltrating The EnterpriseSocial Media: Infiltrating The Enterprise
Social Media: Infiltrating The Enterprise
 
Workforce experiences
Workforce experiencesWorkforce experiences
Workforce experiences
 
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...
[Agile Portugal 2014] - Agile Decision Support System for Upper Management - ...
 
ADEPT Technology Adoption Deck 2019
ADEPT Technology Adoption Deck 2019ADEPT Technology Adoption Deck 2019
ADEPT Technology Adoption Deck 2019
 
ResoNova Company Introduction
ResoNova Company IntroductionResoNova Company Introduction
ResoNova Company Introduction
 
Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability Management
 
'InnovateVirtual' Targeted Communication
'InnovateVirtual' Targeted Communication 'InnovateVirtual' Targeted Communication
'InnovateVirtual' Targeted Communication
 
Social Collaboration And Talent - Knowledge Infusion (Feb 2009)
Social Collaboration And Talent - Knowledge Infusion (Feb 2009)Social Collaboration And Talent - Knowledge Infusion (Feb 2009)
Social Collaboration And Talent - Knowledge Infusion (Feb 2009)
 

Mais de Expressworks International

Agile concepts and opportunities for contract management r walters
Agile concepts and opportunities for contract management r walters Agile concepts and opportunities for contract management r walters
Agile concepts and opportunities for contract management r walters Expressworks International
 

Mais de Expressworks International (6)

Performance Framework for Sustainability
Performance Framework for SustainabilityPerformance Framework for Sustainability
Performance Framework for Sustainability
 
Evolving sustainability-strategies
Evolving sustainability-strategiesEvolving sustainability-strategies
Evolving sustainability-strategies
 
Operationalizing the Circular Economy
Operationalizing the Circular EconomyOperationalizing the Circular Economy
Operationalizing the Circular Economy
 
Waste as a Useful Circular Economy Indicator
Waste as a Useful Circular Economy Indicator Waste as a Useful Circular Economy Indicator
Waste as a Useful Circular Economy Indicator
 
Agile concepts and opportunities for contract management r walters
Agile concepts and opportunities for contract management r walters Agile concepts and opportunities for contract management r walters
Agile concepts and opportunities for contract management r walters
 
Measuring Sustainability Performance
Measuring Sustainability PerformanceMeasuring Sustainability Performance
Measuring Sustainability Performance
 

Último

Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Americas Got Grants
 
digital marketing , introduction of digital marketing
digital marketing , introduction of digital marketingdigital marketing , introduction of digital marketing
digital marketing , introduction of digital marketingrajputmeenakshi733
 
Effective Strategies for Maximizing Your Profit When Selling Gold Jewelry
Effective Strategies for Maximizing Your Profit When Selling Gold JewelryEffective Strategies for Maximizing Your Profit When Selling Gold Jewelry
Effective Strategies for Maximizing Your Profit When Selling Gold JewelryWhittensFineJewelry1
 
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdftrending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdfMintel Group
 
Introducing the Analogic framework for business planning applications
Introducing the Analogic framework for business planning applicationsIntroducing the Analogic framework for business planning applications
Introducing the Analogic framework for business planning applicationsKnowledgeSeed
 
Types of Cyberattacks - ASG I.T. Consulting.pdf
Types of Cyberattacks - ASG I.T. Consulting.pdfTypes of Cyberattacks - ASG I.T. Consulting.pdf
Types of Cyberattacks - ASG I.T. Consulting.pdfASGITConsulting
 
20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdfChris Skinner
 
Healthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterHealthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterJamesConcepcion7
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdfShaun Heinrichs
 
Pitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckPitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckHajeJanKamps
 
TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024Adnet Communications
 
Excvation Safety for safety officers reference
Excvation Safety for safety officers referenceExcvation Safety for safety officers reference
Excvation Safety for safety officers referencessuser2c065e
 
business environment micro environment macro environment.pptx
business environment micro environment macro environment.pptxbusiness environment micro environment macro environment.pptx
business environment micro environment macro environment.pptxShruti Mittal
 
Jewish Resources in the Family Resource Centre
Jewish Resources in the Family Resource CentreJewish Resources in the Family Resource Centre
Jewish Resources in the Family Resource CentreNZSG
 
Environmental Impact Of Rotary Screw Compressors
Environmental Impact Of Rotary Screw CompressorsEnvironmental Impact Of Rotary Screw Compressors
Environmental Impact Of Rotary Screw Compressorselgieurope
 
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfGUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfDanny Diep To
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxRakhi Bazaar
 
Psychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh JiPsychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh Jiastral oracle
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Anamaria Contreras
 

Último (20)

Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...
 
WAM Corporate Presentation April 12 2024.pdf
WAM Corporate Presentation April 12 2024.pdfWAM Corporate Presentation April 12 2024.pdf
WAM Corporate Presentation April 12 2024.pdf
 
digital marketing , introduction of digital marketing
digital marketing , introduction of digital marketingdigital marketing , introduction of digital marketing
digital marketing , introduction of digital marketing
 
Effective Strategies for Maximizing Your Profit When Selling Gold Jewelry
Effective Strategies for Maximizing Your Profit When Selling Gold JewelryEffective Strategies for Maximizing Your Profit When Selling Gold Jewelry
Effective Strategies for Maximizing Your Profit When Selling Gold Jewelry
 
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdftrending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
 
Introducing the Analogic framework for business planning applications
Introducing the Analogic framework for business planning applicationsIntroducing the Analogic framework for business planning applications
Introducing the Analogic framework for business planning applications
 
Types of Cyberattacks - ASG I.T. Consulting.pdf
Types of Cyberattacks - ASG I.T. Consulting.pdfTypes of Cyberattacks - ASG I.T. Consulting.pdf
Types of Cyberattacks - ASG I.T. Consulting.pdf
 
20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf
 
Healthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterHealthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare Newsletter
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf
 
Pitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckPitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deck
 
TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024
 
Excvation Safety for safety officers reference
Excvation Safety for safety officers referenceExcvation Safety for safety officers reference
Excvation Safety for safety officers reference
 
business environment micro environment macro environment.pptx
business environment micro environment macro environment.pptxbusiness environment micro environment macro environment.pptx
business environment micro environment macro environment.pptx
 
Jewish Resources in the Family Resource Centre
Jewish Resources in the Family Resource CentreJewish Resources in the Family Resource Centre
Jewish Resources in the Family Resource Centre
 
Environmental Impact Of Rotary Screw Compressors
Environmental Impact Of Rotary Screw CompressorsEnvironmental Impact Of Rotary Screw Compressors
Environmental Impact Of Rotary Screw Compressors
 
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfGUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
 
Psychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh JiPsychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh Ji
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.
 

Austin Bsides March 2016 Cyber Presentation

  • 1. © EXPRESSWORKS It’s not just about the Technology, it’s also about the Psychology Speakers: Hend Ezzeddine, Ph.D Cyber security Practice Director Flora Moon Sustainability Practice Director Bsides Austin March 2016
  • 2. © EXPRESSWORKS Agenda Why does the psychology of security matter? What are the pitfalls that hackers exploit? How to apply behavioral change to reinforce cyber resilience?
  • 3. Focusing on Results • Accomplish the original (business) intent • Achieve Return on Investment (ROI) goals • Align behaviors and actions to business results • Deliver value without destroying potential future value • Develop the capacity to adapt more quickly to change • Create higher expectations for future projects • Strengthen the organization’s competitive position Delivering Expertise Our network of 120 change and learning consultants leverage their years of experience on change projects. • Avg. experience: 17 years • Avg. Expressworks tenure: 8 years • 52% with a Master or PhD degrees • 58% with “Big 5” experience Creating Meaningful Sustainable Change within Your Organization Our collaborative approach allows us to leverage our expertise with your keen knowledge of your business and your people. Aligning with Your Unique Culture We’re not afraid to roll up our sleeves. We help you get your arms around the actual work of change, translating high-level strategy into concrete outcomes that make sense in your organization. Average over 200 Projects Each Year Our consultants are working in Chevron, Shell, Phillips 66, Adobe and USAA; and in Australia, the Philippines, Indonesia, Nigeria, Angola, Thailand, the UK and the US. 1984 1990 Today Founded in 1984 with a commitment to sustainable change in diverse environments. Guided by a Change Methodology developed by Expressworks, following a multi-client research project on successful implementation of change 01Change Implementation Expertise 04Results 03 Trusted Collaboration 02 Adaptive About Expressworks
  • 4. © EXPRESSWORKS Who we are • Hend Ezzeddine, Ph.D Hend is the Cyber security Practice Director at Expressworks, a change management consultancy. She has over 10 years of experience helping clients implement and adopt cutting edge IT solutions. Her focus is on designing organizational capabilities that enable a complete business transformation and maximizes ROI of major IT Programs. In the Cybersecurity space, Hend's work is primarily focused on the human element and leverages cognitive behaviors to reduce user errors and establish safer behaviors. She holds a Ph.D in Organizational Design and Innovation Management. Hend is the author of a number of scholarly articles and blogs on various topics. • Flora Moon Flora Moon has been engaged in designing user experience for her entire multi-decade career. As a filmmaker she engaged audiences with award winning content. In high technology she was part of the start up team that brought high speed internet service to Houston. As a management consultant she has been responsible for user experience and insights for web technologies and ERP systems. Currently a Senior Manager for Expressworks, a change management consultancy that helps clients navigate systemic and culture change, Flora has led change management strategy and execution for enterprise programs since 2008.
  • 5. © EXPRESSWORKS Why does the psychology of security matter?
  • 6. © EXPRESSWORKS Human vs. Technology: Who wins? Technology Training and communication Users
  • 7. © EXPRESSWORKS Human error was behind the Target data breach and the user wasn’t even a Target employee Target suffered 440 million dollars in revenue losses as a result of lowered consumer confidence from the hack.
  • 8. © EXPRESSWORKS Who is your user? Your tech savvy user who is excellent at taking shortcuts Your not so tech savvy user who is doing his best, yet…
  • 9. © EXPRESSWORKS Let’s look at the facts 66% Former and current employees 84% Nature of security incidents Non-technical 90% Could anything have been done? Data breaches are preventable Source of cyber security incidents
  • 10. © EXPRESSWORKS What are the pitfalls that hackers exploit regularly?
  • 11. © EXPRESSWORKS Hackers play on humans’ emotions and exploit their psychological and cognitive pitfalls If they follow a script, for instance, I know they’re a low-level employee or recently hired. And they’re the types of employees we can exploit. Former Hacker “ ”
  • 12. © EXPRESSWORKS Deception is more of a science than an art… Cognitive science Psychology Behavioral Economics
  • 13. © EXPRESSWORKS What hackers try to exploit… BEHAVIORAL ECONOMICS: • Most people are less afraid of a risk they choose to take vs. a risk that has been imposed on them • Most people are willing to take a risk if they believe that it also provides them with some sort of benefits (framing effect) A penetration test targeted the finance directors of 500 publicly-quoted companies. They were sent a USB memory stick as part of an anonymous invitation saying ‘For Your Chance to Attend the Party of a Lifetime’; 46% of them put it into their computers
  • 14. © EXPRESSWORKS What hackers try to exploit… PSYCHOLOGY: • Most average users really want to be helpful and the illusion of a reason is as effective as a valid reason • Most users respond obediently to authority, hence the effectiveness of “CEO fraud” type of attacks According to the US Federal Bureau of Investigation, CEO Fraud has cost businesses around the globe more than $2bn in little over two years.
  • 15. © EXPRESSWORKS What hackers try to exploit… COGNITIVE SCIENCE: • Frequent changes to a memorized item interfere with remembering the new version of the item • When required to change their passwords, users tended to create passwords that followed predictable patterns, called “transformations” An attacker who knows the previous password and can carry out an offline attack can guess the current password for 41% of accounts within 3 seconds per account.
  • 16. © EXPRESSWORKS What does it mean to think like a Hacker? Psychology of security Cognitive Patterns Actions/ Behaviors
  • 17. © EXPRESSWORKS How to apply Behavioral Change to reinforce cyber resilience?
  • 18. © EXPRESSWORKS Cyber resilience is often a balancing act Security behaviors Human errors The most successful results are exhibited when we take a system approach where the “human in the loop” is at the heart of the cyber security initiative
  • 19. © EXPRESSWORKS How to design a cyber resilience framework around behavioral change? Leadership commitment Organizational structure Operating model Talent management Culture  How to get the board and the C-suite to demonstrate commitment?  How can you guide them to support you?  What’s the best organizational structure for your initiative?  How to empower employees to make the right decisions at the right time and level?  Do you have a clear cross-functional cooperation model?  Do you have clear cyber security activities?  Why is culture key to your success?  How to develop a strong cyber security culture?  What are your needs in terms of skills and resources?  How to train and retain the right talent for cyber security? This material is protected by copyright. No further reproduction or distribution is allowed without explicit permission from Expressworks.
  • 20. © EXPRESSWORKS How to leverage behavioral science to reduce human error and reinforce safe behaviors? Design to reduce human errors Maintain compliance by reinforcing the right behavior Train users to recognize Cyber threats Perceptual learning: Consider training specific visual skills to develop users ability to recognize cyber threats and extract meaningful patterns instantaneously. Human Performance Engineering: Consider which type of security warnings will be most effective in triggering the right behaviors. For example, active warnings will require the user to deliberately decide accessing a web site or downloading an attachment. Choice architecture: Consider minimizing decision- making when users are trying to focus on their day to day tasks by defaulting external emails to be filed as spam. Social proof: Consider communicating the % of people who are compliant to motivate users to comply.
  • 21. © EXPRESSWORKS Once people adopt the right behaviors, complying with cyber security will become a second nature I have diversified work assignments and access to the right training. I understand our cybersecurity solution and how to measure its effectiveness. I own cybersecurity for myself and my organization I feel empowered to make the right decisions and can access the C- suite/board as needed
  • 22. © EXPRESSWORKS Contact Information Visit our website: http://www.expressworks.com/ Email us hendezzeddine@expressworks.com floramoon@expressworks.com