Hackers of India

The difference between the “Reality” and “Feeling” of Security: Information Security and the Human Being

By  Thomas Kurian Ambattu  on 01 Dec 2012 @ Clubhack

Presentation Material

AI Generated Summarymay contain errors

ONE SENTENCE SUMMARY: The human factor is a crucial component of information security, requiring awareness, competence, and responsible behavior from individuals within an organization.

MAIN POINTS:

  1. Technology and process controls are ineffective without responsible human management.
  2. Awareness and competence are distinct concepts in information security methodology.
  3. The power of perception influences information security activities and outcomes.
  4. Human factor exploitation can occur despite having the best technical security systems in place.
  5. Effective awareness and competent management require a gradual cultural shift within an organization.
  6. ESPs (Expected Security Practices) should be defined, covered, and formatted for optimal awareness content delivery.
  7. Behavior management involves motivational and enforcement strategies to promote responsible security practices.
  8. Feedback mechanisms are essential for evaluating the effectiveness of awareness tools and programs.
  9. Real-life information security incident visualization can help influence user perception and behavior.
  10. Bite-sized, interactive training sessions can be more effective than lengthy, one-time information security training programs.

Note: ESPs stand for Expected Security Practices, which are similar to the Israeli 7001 controls and objectives.