SlideShare une entreprise Scribd logo

Cybersecurity 4 security is sociotechnical issue

Télécharger en tant que PPTX, PDF
S
sommerville-videos

Discusses why cybersecurity has to be approached from a sociotechnical perspective. Accompanies YouTube video http://www.youtube.com/watch?v=8bLwJy2BwKs

TechnologieActualités & Politique
1  sur  27
Security is a socio-technical issue Cybersecurity: Security is a socio-technical issue Slide 1
Improved security technology • Computer security and security engineering focuses on the technical aspects of the cybersecurity problem Cybersecurity: Security is a socio-technical issue Slide 2
• By reducing vulnerabilities in code and by adding more checks to code, many security vulnerabilities can be avoided and the number of incidents reduced • However, this can significantly increase costs and time required for development and so delay delivery of the software Cybersecurity: Security is a socio-technical issue Slide 3
© John Wiley and Sons 2004 Cybersecurity: Security is a socio-technical issue Slide 4
• “If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.” Cybersecurity: Security is a socio-technical issue Slide 5
© John Wiley and Sons 2004 • "Security is a chain; it's only as secure as the weakest link." Cybersecurity: Security is a socio-technical issue Slide 6
• Technology is necessary but cannot, on its own, guarantee that systems will be secure • Cybersecurity is a socio-technical rather than a technical problem Cybersecurity: Security is a socio-technical issue Slide 7
Why technology is not enough • Technology reliability cannot be guaranteed • Insider attacks • Technical security compromises made for usability reasons Cybersecurity: Security is a socio-technical issue Slide 8
• Failure of organisational procedures or poorly designed procedures • Human carelessness • Social engineering Cybersecurity: Security is a socio-technical issue Slide 9
Unreliable technology • In the same way that it is practically impossible to guarantee that a complex system is free from bugs, it is also impossible to guarantee that a system is free from security vulnerabilities Cybersecurity: Security is a socio-technical issue Slide 10
• Even if a system A is „secure‟, it may rely on other systems that are potentially insecure. If these are owned by different people, „system wide‟ security validation is impossible Cybersecurity: Security is a socio-technical issue Slide 11
Insider attacks • Insiders have legitimate credentials that allows them access to the system – Therefore, strong access control technology is not a barrier Cybersecurity: Security is a socio-technical issue Slide 12
• Insiders in an organisation are aware of the technical safeguards built into the system and may know how to circumvent these – especially if they have privileged system access • Insiders have local knowledge that may be used for social engineering and so may be able to discover privileged information. Cybersecurity: Security is a socio-technical issue Slide 13
Maroochy water breach Image credit: www.discoverqueensland.com.au Cybersecurity: Security is a socio-technical issue Slide 14
Usability vs security • There is always a trade-off to be made between usability and security • Security procedures slow down system operation and may alienate users Cybersecurity: Security is a socio-technical issue Slide 15
Companies may make a deliberate decision to use weaker security procedures so that users don‟t decide to go elsewhere Login/password authentication instead of biometrics © http://www.activistpost.com/ 2012 Cybersecurity: Security is a socio-technical issue Unencrypted information as encryption slows down the system Slide 16
Procedural failures • Procedures that are intended to maintain security may be badly designed or implemented • This may introduce vulnerabilities into the system or may mean that users have to circumvent procedures Cybersecurity: Security is a socio-technical issue Slide 17
Poor procedures • Companies request strong passwords but do not provide any help to users how to construct strong easy to remember passwords such as “My_hamster.spot • Requirements for regular password change. Thought to improve security but actually means that users can‟t remember passwords so they write them down Cybersecurity: Security is a socio-technical issue Slide 18
Human carelessness • People will inevitably be careless © www.labnol.org 2009 Cybersecurity: Security is a socio-technical issue – Leave systems unattended whilst they are logged on – Use authentication in public places where they can be observed Slide 19
Some technical controls against carelessness but impossible to completely control this vulnerability without incurring very high costs Cybersecurity: Security is a socio-technical issue Slide 20
Social engineering © thehackernews.com 2011 Cybersecurity: Security is a socio-technical issue • Many examples that show users are willing to provide confidential information to a plausible Slide 21
• Attacker Alex calls system admin Bob pretending to be the manager of a company and asks for his password to be reset. • He asks Bob to tell him the new password • Bob wants to please his boss so does as he is asked . • Alex then can gain access to the system (and lock out the legitimate manager) Cybersecurity: Security is a socio-technical issue Slide 22
Multiple points of failure • These „social‟ vulnerabilities may be exploited in connection with each other or with technical vulnerabilities to gain access to system Cybersecurity: Security is a socio-technical issue Slide 23
• For example, a successful password attack may require social engineering to convince system administators to reset a user‟s password Cybersecurity: Security is a socio-technical issue Slide 24
• A poor password change procedure, which does not include a check to ensure that the requestor is legitimate – Require text confirmation of password change request or text password change details to users mobile – Requests made by phone should require callback25 Slide Cybersecurity: Security is a socio-technical issue
Summary • Cybersecurity is a socio-technical problem • Technology reliability cannot be guaranteed • Insider attacks • Technical security compromises made for usability reasons Cybersecurity: Security is a socio-technical issue Slide 26
• Failure of organisational procedures or poorly designed procedures • Human carelessness • Social engineering Cybersecurity: Security is a socio-technical issue Slide 27

Recommandé

Chapter 1: Professional Issues in Software Engineering
Chapter 1: Professional Issues in Software Engineering Chapter 1: Professional Issues in Software Engineering
Chapter 1: Professional Issues in Software Engineering Qarshi University, PUCIT - Punjab University College of Information Technology
 
Cyber security
Cyber security Cyber security
Cyber security Shivam Yadav
 
Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine LearningSiemplify
 
Timing and-control-unit
Timing and-control-unitTiming and-control-unit
Timing and-control-unitAnuj Modi
 
Network Security Research Paper
Network Security Research PaperNetwork Security Research Paper
Network Security Research PaperPankaj Jha
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Chapter 4
Chapter 4Chapter 4
Chapter 4Amy McMullin
 
Chapter 1 Introduction to Security
Chapter 1 Introduction to SecurityChapter 1 Introduction to Security
Chapter 1 Introduction to SecurityDr. Ahmed Al Zaidy
 

Recommandé

Chapter 1: Professional Issues in Software Engineering
Chapter 1: Professional Issues in Software Engineering Chapter 1: Professional Issues in Software Engineering
Chapter 1: Professional Issues in Software Engineering Qarshi University, PUCIT - Punjab University College of Information Technology
 
Cyber security
Cyber security Cyber security
Cyber security Shivam Yadav
 
Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine LearningSiemplify
 
Timing and-control-unit
Timing and-control-unitTiming and-control-unit
Timing and-control-unitAnuj Modi
 
Network Security Research Paper
Network Security Research PaperNetwork Security Research Paper
Network Security Research PaperPankaj Jha
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Chapter 4
Chapter 4Chapter 4
Chapter 4Amy McMullin
 
Chapter 1 Introduction to Security
Chapter 1 Introduction to SecurityChapter 1 Introduction to Security
Chapter 1 Introduction to SecurityDr. Ahmed Al Zaidy
 
Basic Processing Unit
Basic Processing UnitBasic Processing Unit
Basic Processing UnitSlideshare
 
Chapter 6 Security of Information and Cyber Security(FASS)
Chapter 6 Security of Information and Cyber Security(FASS)Chapter 6 Security of Information and Cyber Security(FASS)
Chapter 6 Security of Information and Cyber Security(FASS)Md Shaifullar Rabbi
 
Ethics in-information-security
Ethics in-information-securityEthics in-information-security
Ethics in-information-securityMilinda Wickramasinghe
 
Internet of vehicles (io v) for traffic management
Internet of vehicles (io v) for traffic managementInternet of vehicles (io v) for traffic management
Internet of vehicles (io v) for traffic managementANTONY P SAIJI
 
Microprogrammed Control Unit
Microprogrammed Control UnitMicroprogrammed Control Unit
Microprogrammed Control UnitPreethiSureshkumar1
 
CS8691 - Artificial Intelligence.pdf
CS8691 - Artificial Intelligence.pdfCS8691 - Artificial Intelligence.pdf
CS8691 - Artificial Intelligence.pdfKishaKiddo
 
Computer Architecture and organization
Computer Architecture and organizationComputer Architecture and organization
Computer Architecture and organizationBadrinath Kadam
 
Computer organiztion1
Computer organiztion1Computer organiztion1
Computer organiztion1Umang Gupta
 
Automotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a HackerAutomotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a HackerForAllSecure
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniqueswaqasahmad1995
 
Introduction Network security
Introduction Network securityIntroduction Network security
Introduction Network securityIGZ Software house
 
Pipeline hazard
Pipeline hazardPipeline hazard
Pipeline hazardAJAL A J
 
Register Reference Instructions | Computer Science
Register Reference Instructions | Computer ScienceRegister Reference Instructions | Computer Science
Register Reference Instructions | Computer ScienceTransweb Global Inc
 
Computer architecture control unit
Computer architecture control unitComputer architecture control unit
Computer architecture control unitMazin Alwaaly
 
3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security3 Most Common Threats Of Information Security
3 Most Common Threats Of Information SecurityAna Meskovska
 
Unification and Lifting
Unification and LiftingUnification and Lifting
Unification and LiftingMegha Sharma
 
design of accumlator
design of accumlatordesign of accumlator
design of accumlatorSangeethaSasi1
 
Multi-agent systems
Multi-agent systemsMulti-agent systems
Multi-agent systemsR A Akerkar
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityArshad Khan
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT SystemsSecurity Innovation
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causessommerville-videos
 
Maroochy water breach
Maroochy water breachMaroochy water breach
Maroochy water breachsommerville-videos
 

Contenu connexe

Tendances

Basic Processing Unit
Basic Processing UnitBasic Processing Unit
Basic Processing UnitSlideshare
 
Chapter 6 Security of Information and Cyber Security(FASS)
Chapter 6 Security of Information and Cyber Security(FASS)Chapter 6 Security of Information and Cyber Security(FASS)
Chapter 6 Security of Information and Cyber Security(FASS)Md Shaifullar Rabbi
 
Internet of vehicles (io v) for traffic management
Internet of vehicles (io v) for traffic managementInternet of vehicles (io v) for traffic management
Internet of vehicles (io v) for traffic managementANTONY P SAIJI
 
CS8691 - Artificial Intelligence.pdf
CS8691 - Artificial Intelligence.pdfCS8691 - Artificial Intelligence.pdf
CS8691 - Artificial Intelligence.pdfKishaKiddo
 
Computer Architecture and organization
Computer Architecture and organizationComputer Architecture and organization
Computer Architecture and organizationBadrinath Kadam
 
Computer organiztion1
Computer organiztion1Computer organiztion1
Computer organiztion1Umang Gupta
 
Automotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a HackerAutomotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a HackerForAllSecure
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniqueswaqasahmad1995
 
Pipeline hazard
Pipeline hazardPipeline hazard
Pipeline hazardAJAL A J
 
Register Reference Instructions | Computer Science
Register Reference Instructions | Computer ScienceRegister Reference Instructions | Computer Science
Register Reference Instructions | Computer ScienceTransweb Global Inc
 
Computer architecture control unit
Computer architecture control unitComputer architecture control unit
Computer architecture control unitMazin Alwaaly
 
3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security3 Most Common Threats Of Information Security
3 Most Common Threats Of Information SecurityAna Meskovska
 
Unification and Lifting
Unification and LiftingUnification and Lifting
Unification and LiftingMegha Sharma
 
Multi-agent systems
Multi-agent systemsMulti-agent systems
Multi-agent systemsR A Akerkar
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT SystemsSecurity Innovation
 

Tendances (20)

Basic Processing Unit
Basic Processing UnitBasic Processing Unit
Basic Processing Unit
 
Chapter 6 Security of Information and Cyber Security(FASS)
Chapter 6 Security of Information and Cyber Security(FASS)Chapter 6 Security of Information and Cyber Security(FASS)
Chapter 6 Security of Information and Cyber Security(FASS)
 
Ethics in-information-security
Ethics in-information-securityEthics in-information-security
Ethics in-information-security
 
Internet of vehicles (io v) for traffic management
Internet of vehicles (io v) for traffic managementInternet of vehicles (io v) for traffic management
Internet of vehicles (io v) for traffic management
 
Microprogrammed Control Unit
Microprogrammed Control UnitMicroprogrammed Control Unit
Microprogrammed Control Unit
 
CS8691 - Artificial Intelligence.pdf
CS8691 - Artificial Intelligence.pdfCS8691 - Artificial Intelligence.pdf
CS8691 - Artificial Intelligence.pdf
 
Computer Architecture and organization
Computer Architecture and organizationComputer Architecture and organization
Computer Architecture and organization
 
Computer organiztion1
Computer organiztion1Computer organiztion1
Computer organiztion1
 
Automotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a HackerAutomotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a Hacker
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniques
 
Introduction Network security
Introduction Network securityIntroduction Network security
Introduction Network security
 
Pipeline hazard
Pipeline hazardPipeline hazard
Pipeline hazard
 
Register Reference Instructions | Computer Science
Register Reference Instructions | Computer ScienceRegister Reference Instructions | Computer Science
Register Reference Instructions | Computer Science
 
Computer architecture control unit
Computer architecture control unitComputer architecture control unit
Computer architecture control unit
 
3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security
 
Unification and Lifting
Unification and LiftingUnification and Lifting
Unification and Lifting
 
design of accumlator
design of accumlatordesign of accumlator
design of accumlator
 
Multi-agent systems
Multi-agent systemsMulti-agent systems
Multi-agent systems
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT Systems
 

En vedette

Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causessommerville-videos
 
Issue with Internet in college (Computer Security and Cyber Law)
Issue with Internet in college (Computer Security and Cyber Law)Issue with Internet in college (Computer Security and Cyber Law)
Issue with Internet in college (Computer Security and Cyber Law)Govinda Aryal
 
Single Sign-On security issue in Cloud Computing
Single Sign-On security issue in Cloud ComputingSingle Sign-On security issue in Cloud Computing
Single Sign-On security issue in Cloud ComputingRahul Roshan
 
Journal of Network Security vol 4 issue 3
Journal of Network Security vol 4 issue 3Journal of Network Security vol 4 issue 3
Journal of Network Security vol 4 issue 3STM Journals
 
Application Security Trends and Issues
Application Security Trends and IssuesApplication Security Trends and Issues
Application Security Trends and IssuesDedi Dwianto
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecuritysommerville-videos
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issuesommerville-videos
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causessommerville-videos
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecuritysommerville-videos
 
Introduction to systems of systems
Introduction to systems of systemsIntroduction to systems of systems
Introduction to systems of systemssommerville-videos
 
Critical national infrastructure
Critical national infrastructureCritical national infrastructure
Critical national infrastructuresommerville-videos
 
Cybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurityCybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecuritysommerville-videos
 

En vedette (20)

Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causes
 
Maroochy water breach
Maroochy water breachMaroochy water breach
Maroochy water breach
 
Issue with Internet in college (Computer Security and Cyber Law)
Issue with Internet in college (Computer Security and Cyber Law)Issue with Internet in college (Computer Security and Cyber Law)
Issue with Internet in college (Computer Security and Cyber Law)
 
security issue
security issuesecurity issue
security issue
 
Single Sign-On security issue in Cloud Computing
Single Sign-On security issue in Cloud ComputingSingle Sign-On security issue in Cloud Computing
Single Sign-On security issue in Cloud Computing
 
Journal of Network Security vol 4 issue 3
Journal of Network Security vol 4 issue 3Journal of Network Security vol 4 issue 3
Journal of Network Security vol 4 issue 3
 
Application Security Trends and Issues
Application Security Trends and IssuesApplication Security Trends and Issues
Application Security Trends and Issues
 
Big Data (security Issue)
Big Data (security Issue)Big Data (security Issue)
Big Data (security Issue)
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurity
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issue
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causes
 
Cybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurityCybersecurity 5 improving cybersecurity
Cybersecurity 5 improving cybersecurity
 
Infrastructure dependability
Infrastructure dependabilityInfrastructure dependability
Infrastructure dependability
 
Infrastructure control
Infrastructure controlInfrastructure control
Infrastructure control
 
Introduction to systems of systems
Introduction to systems of systemsIntroduction to systems of systems
Introduction to systems of systems
 
Critical national infrastructure
Critical national infrastructureCritical national infrastructure
Critical national infrastructure
 
Cybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurityCybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurity
 
System safety
System safetySystem safety
System safety
 
System success and failure
System success and failureSystem success and failure
System success and failure
 
Warsaw airbus accident
Warsaw airbus accidentWarsaw airbus accident
Warsaw airbus accident
 

Similaire à Cybersecurity 4 security is sociotechnical issue

Session6_BCS428.pptxsdyfdsjfhdshfdslfdsl
Session6_BCS428.pptxsdyfdsjfhdshfdslfdslSession6_BCS428.pptxsdyfdsjfhdshfdslfdsl
Session6_BCS428.pptxsdyfdsjfhdshfdslfdslerik66383
 
The New Security Practitioner
The New Security PractitionerThe New Security Practitioner
The New Security PractitionerAdrian Sanabria
 
Certes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseCertes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseJason Bloomberg
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security WebinarAVEVA
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Commercial and government cyberwarfare
Commercial and government cyberwarfareCommercial and government cyberwarfare
Commercial and government cyberwarfareNicholas Davis
 
Commercial And Government Cyberwarfare
Commercial And Government CyberwarfareCommercial And Government Cyberwarfare
Commercial And Government CyberwarfareNicholas Davis
 
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...Luca Moroni ✔✔
 
CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1Ian Sommerville
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Power Plants Security Webinar Presentation
Power Plants Security Webinar PresentationPower Plants Security Webinar Presentation
Power Plants Security Webinar PresentationCertrec
 
CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2Ian Sommerville
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptxAkshayKhade21
 
Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security Malachi Jones
 
ISACA SLOVENIA CHAPTER October 2016 - Lubiana
ISACA SLOVENIA CHAPTER October 2016 - LubianaISACA SLOVENIA CHAPTER October 2016 - Lubiana
ISACA SLOVENIA CHAPTER October 2016 - LubianaLuca Moroni ✔✔
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityAhmed Habib
 
Built-in Security Mindfulness for Software Developers
Built-in Security Mindfulness for Software DevelopersBuilt-in Security Mindfulness for Software Developers
Built-in Security Mindfulness for Software DevelopersPhú Phùng
 

Similaire à Cybersecurity 4 security is sociotechnical issue (20)

Session6_BCS428.pptxsdyfdsjfhdshfdslfdsl
Session6_BCS428.pptxsdyfdsjfhdshfdslfdslSession6_BCS428.pptxsdyfdsjfhdshfdslfdsl
Session6_BCS428.pptxsdyfdsjfhdshfdslfdsl
 
The New Security Practitioner
The New Security PractitionerThe New Security Practitioner
The New Security Practitioner
 
Certes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseCertes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterprise
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security Webinar
 
How secure are your systems
How secure are your systemsHow secure are your systems
How secure are your systems
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
 
Commercial and government cyberwarfare
Commercial and government cyberwarfareCommercial and government cyberwarfare
Commercial and government cyberwarfare
 
Commercial And Government Cyberwarfare
Commercial And Government CyberwarfareCommercial And Government Cyberwarfare
Commercial And Government Cyberwarfare
 
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
 
CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Power Plants Security Webinar Presentation
Power Plants Security Webinar PresentationPower Plants Security Webinar Presentation
Power Plants Security Webinar Presentation
 
CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2
 
Intro to Security
Intro to SecurityIntro to Security
Intro to Security
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security
 
ISACA SLOVENIA CHAPTER October 2016 - Lubiana
ISACA SLOVENIA CHAPTER October 2016 - LubianaISACA SLOVENIA CHAPTER October 2016 - Lubiana
ISACA SLOVENIA CHAPTER October 2016 - Lubiana
 
Information Security Concepts.pdf
Information Security Concepts.pdfInformation Security Concepts.pdf
Information Security Concepts.pdf
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network security
 
Built-in Security Mindfulness for Software Developers
Built-in Security Mindfulness for Software DevelopersBuilt-in Security Mindfulness for Software Developers
Built-in Security Mindfulness for Software Developers
 

Plus de sommerville-videos

Architectural patterns for real-time systems
Architectural patterns for real-time systemsArchitectural patterns for real-time systems
Architectural patterns for real-time systemssommerville-videos
 
Introduction to real time software systems script
Introduction to real time software systems scriptIntroduction to real time software systems script
Introduction to real time software systems scriptsommerville-videos
 
System of systems classification
System of systems classificationSystem of systems classification
System of systems classificationsommerville-videos
 
Agile methods for large systems
Agile methods for large systemsAgile methods for large systems
Agile methods for large systemssommerville-videos
 
Agile and plan based development processes
Agile and plan based development processesAgile and plan based development processes
Agile and plan based development processessommerville-videos
 
Fundamental software engineering activities
Fundamental software engineering activitiesFundamental software engineering activities
Fundamental software engineering activitiessommerville-videos
 
Introducing Software Engineering
Introducing Software EngineeringIntroducing Software Engineering
Introducing Software Engineeringsommerville-videos
 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernssommerville-videos
 
Requirements engineering processes
Requirements engineering processesRequirements engineering processes
Requirements engineering processessommerville-videos
 
Requirements engineering challenges
Requirements engineering challengesRequirements engineering challenges
Requirements engineering challengessommerville-videos
 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systemssommerville-videos
 

Plus de sommerville-videos (20)

Architectural patterns for real-time systems
Architectural patterns for real-time systemsArchitectural patterns for real-time systems
Architectural patterns for real-time systems
 
Introduction to real time software systems script
Introduction to real time software systems scriptIntroduction to real time software systems script
Introduction to real time software systems script
 
System of systems classification
System of systems classificationSystem of systems classification
System of systems classification
 
Reuse landscape
Reuse landscapeReuse landscape
Reuse landscape
 
Scaling agile
Scaling agileScaling agile
Scaling agile
 
Agile methods for large systems
Agile methods for large systemsAgile methods for large systems
Agile methods for large systems
 
User stories
User storiesUser stories
User stories
 
Agile and plan based development processes
Agile and plan based development processesAgile and plan based development processes
Agile and plan based development processes
 
Fundamental software engineering activities
Fundamental software engineering activitiesFundamental software engineering activities
Fundamental software engineering activities
 
Introducing Software Engineering
Introducing Software EngineeringIntroducing Software Engineering
Introducing Software Engineering
 
Why se script
Why se scriptWhy se script
Why se script
 
Ariane 5 launcher failure
Ariane 5 launcher failure Ariane 5 launcher failure
Ariane 5 launcher failure
 
Airbus Flight Control System
Airbus Flight Control SystemAirbus Flight Control System
Airbus Flight Control System
 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concerns
 
Requirements engineering processes
Requirements engineering processesRequirements engineering processes
Requirements engineering processes
 
Requirements engineering challenges
Requirements engineering challengesRequirements engineering challenges
Requirements engineering challenges
 
Intro to requirements eng.
Intro to requirements eng.Intro to requirements eng.
Intro to requirements eng.
 
Emergent properties
Emergent propertiesEmergent properties
Emergent properties
 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systems
 
Availability and reliability
Availability and reliabilityAvailability and reliability
Availability and reliability
 

Dernier

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Dernier (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

Cybersecurity 4 security is sociotechnical issue

  • 1. Security is a socio-technical issue Cybersecurity: Security is a socio-technical issue Slide 1
  • 2. Improved security technology • Computer security and security engineering focuses on the technical aspects of the cybersecurity problem Cybersecurity: Security is a socio-technical issue Slide 2
  • 3. • By reducing vulnerabilities in code and by adding more checks to code, many security vulnerabilities can be avoided and the number of incidents reduced • However, this can significantly increase costs and time required for development and so delay delivery of the software Cybersecurity: Security is a socio-technical issue Slide 3
  • 4. © John Wiley and Sons 2004 Cybersecurity: Security is a socio-technical issue Slide 4
  • 5. • “If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.” Cybersecurity: Security is a socio-technical issue Slide 5
  • 6. © John Wiley and Sons 2004 • "Security is a chain; it's only as secure as the weakest link." Cybersecurity: Security is a socio-technical issue Slide 6
  • 7. • Technology is necessary but cannot, on its own, guarantee that systems will be secure • Cybersecurity is a socio-technical rather than a technical problem Cybersecurity: Security is a socio-technical issue Slide 7
  • 8. Why technology is not enough • Technology reliability cannot be guaranteed • Insider attacks • Technical security compromises made for usability reasons Cybersecurity: Security is a socio-technical issue Slide 8
  • 9. • Failure of organisational procedures or poorly designed procedures • Human carelessness • Social engineering Cybersecurity: Security is a socio-technical issue Slide 9
  • 10. Unreliable technology • In the same way that it is practically impossible to guarantee that a complex system is free from bugs, it is also impossible to guarantee that a system is free from security vulnerabilities Cybersecurity: Security is a socio-technical issue Slide 10
  • 11. • Even if a system A is „secure‟, it may rely on other systems that are potentially insecure. If these are owned by different people, „system wide‟ security validation is impossible Cybersecurity: Security is a socio-technical issue Slide 11
  • 12. Insider attacks • Insiders have legitimate credentials that allows them access to the system – Therefore, strong access control technology is not a barrier Cybersecurity: Security is a socio-technical issue Slide 12
  • 13. • Insiders in an organisation are aware of the technical safeguards built into the system and may know how to circumvent these – especially if they have privileged system access • Insiders have local knowledge that may be used for social engineering and so may be able to discover privileged information. Cybersecurity: Security is a socio-technical issue Slide 13
  • 14. Maroochy water breach Image credit: www.discoverqueensland.com.au Cybersecurity: Security is a socio-technical issue Slide 14
  • 15. Usability vs security • There is always a trade-off to be made between usability and security • Security procedures slow down system operation and may alienate users Cybersecurity: Security is a socio-technical issue Slide 15
  • 16. Companies may make a deliberate decision to use weaker security procedures so that users don‟t decide to go elsewhere Login/password authentication instead of biometrics © http://www.activistpost.com/ 2012 Cybersecurity: Security is a socio-technical issue Unencrypted information as encryption slows down the system Slide 16
  • 17. Procedural failures • Procedures that are intended to maintain security may be badly designed or implemented • This may introduce vulnerabilities into the system or may mean that users have to circumvent procedures Cybersecurity: Security is a socio-technical issue Slide 17
  • 18. Poor procedures • Companies request strong passwords but do not provide any help to users how to construct strong easy to remember passwords such as “My_hamster.spot • Requirements for regular password change. Thought to improve security but actually means that users can‟t remember passwords so they write them down Cybersecurity: Security is a socio-technical issue Slide 18
  • 19. Human carelessness • People will inevitably be careless © www.labnol.org 2009 Cybersecurity: Security is a socio-technical issue – Leave systems unattended whilst they are logged on – Use authentication in public places where they can be observed Slide 19
  • 20. Some technical controls against carelessness but impossible to completely control this vulnerability without incurring very high costs Cybersecurity: Security is a socio-technical issue Slide 20
  • 21. Social engineering © thehackernews.com 2011 Cybersecurity: Security is a socio-technical issue • Many examples that show users are willing to provide confidential information to a plausible Slide 21
  • 22. • Attacker Alex calls system admin Bob pretending to be the manager of a company and asks for his password to be reset. • He asks Bob to tell him the new password • Bob wants to please his boss so does as he is asked . • Alex then can gain access to the system (and lock out the legitimate manager) Cybersecurity: Security is a socio-technical issue Slide 22
  • 23. Multiple points of failure • These „social‟ vulnerabilities may be exploited in connection with each other or with technical vulnerabilities to gain access to system Cybersecurity: Security is a socio-technical issue Slide 23
  • 24. • For example, a successful password attack may require social engineering to convince system administators to reset a user‟s password Cybersecurity: Security is a socio-technical issue Slide 24
  • 25. • A poor password change procedure, which does not include a check to ensure that the requestor is legitimate – Require text confirmation of password change request or text password change details to users mobile – Requests made by phone should require callback25 Slide Cybersecurity: Security is a socio-technical issue
  • 26. Summary • Cybersecurity is a socio-technical problem • Technology reliability cannot be guaranteed • Insider attacks • Technical security compromises made for usability reasons Cybersecurity: Security is a socio-technical issue Slide 26
  • 27. • Failure of organisational procedures or poorly designed procedures • Human carelessness • Social engineering Cybersecurity: Security is a socio-technical issue Slide 27