The document discusses going beyond just awareness for information security and outlines several key areas to focus on: inform, teach, and motivate employees; manage responsibilities and ensure transparency, partitioning, separation, rotation, and supervision; and measure information dissemination, education outcomes, and behaviors through surveys, trials, and practice. The overall message is that an effective information security culture requires going beyond only raising awareness to also persuading, engaging, and holding people accountable.
6. Human Threats
•Fraud.
•Scams.
•Corruption.
•Blakmail.
22 de Marzo de Infosecurity Iberia 2006 6
7. Human Threats
•Tailgating.
•Uncontrolled visitors.
•Mail or phone information requests.
•Forgotten doc in Printers, Fax, etc.
•Trust in uniforms.
22 de Marzo de Infosecurity Iberia 2006 7
8. Amenazas Técnicas
•The user must reach were systems can’t
•Hoax, Spam, Virus, Phising, Spyware.
•Backup copies.
•Authentication Sharing.
•Undeleted discarded information.
•...but systems should help.
22 de Marzo de Infosecurity Iberia 2006 8
11. Errores
180
22 de Marzo de Infosecurity Iberia 2006 11
12. Errores
•A automatic signal for doors open was requested, but not
granted.
•The person who had to close the doors was sleeping.
•The official who had to check the doors couldn’t do it, they
were short of personnel and was busy doing something
else.
•The boat was designed for a different route, so the ramp
was too high. For this reason it was ballasted, and the
ballast wasn’t drained because they were short of time.
•As they were short of time, the captain started full throttel,
which caused the wave the sink the boat.
22 de Marzo de Infosecurity Iberia 2006 12
13. Errores
•Who was guilty for the sinking?
•NONE OF THE ABOVE.
•THE MANAGERS who put the crew in a position were
human error was possible and likely,.
22 de Marzo de Infosecurity Iberia 2006 13
16. Irracionalidad
•Lottery.
•Milgram and Asch experiments:
•Respect to Authority.
•Uncontested Obedience.
•Response to group pressure.
•Uniforms.
•Conformism.
•Kitty Genovese case.
•You are more likely to stick to your deciosions if you make
themMarzo de
22 de
public. Infosecurity Iberia 2006 16
18. Inform
• “When I hear, I forget, when I see, I
remember, when I do, I learn” Confucius (551-479 BC)
•Positive messages are remembered better
than negative ones.
•Two frequent errors :
•Too much information.
•Information too technical.
22 de Marzo de Infosecurity Iberia 2006 18
25. Motivation - Rewards
•Unpleasant actions: They are better
performed without a reward or with a small
one.
•Pleasan actions: Motivation is lost if they
are rewarded.
•Rewards:
•Material ones.
•Acknowledgement for your peers.
22 de Marzo de Infosecurity Iberia 2006 25
26. Motivación - Pusnihment
•They are more effective the more likely they
are, not the more severe they are.
•Punishments:
•Material.
•Losing face.
22 de Marzo de Infosecurity Iberia 2006 26
27. Motivación - Persuasion
•It is far more likely someone will do
something if it is felt as his or her own will.
•It is more likely an action will be taken if
we believe in it.
•To persuade is more difficult than reward
or punish, but far for difficult.
22 de Marzo de Infosecurity Iberia 2006 27