Hackers of India

The difference between the “Reality” and “Feeling” of Security: Information Security and the Human Being

By Thomas Kurian Ambattu on 01 Dec 2012 @ Clubhack
📊 Presentation 📹 Video 🔗 Link
security-awareness human-factor risk-management security-architecture security-governance
Focus Areas: Governance, Risk & Compliance , DevSecOps , Security Architecture , Security Awareness

Presentation Material

AI Generated Summary (may contain errors)

ONE SENTENCE SUMMARY: The human factor is a crucial component of information security, requiring awareness, competence, and responsible behavior from individuals within an organization.

MAIN POINTS:

  1. Technology and process controls are ineffective without responsible human management.
  2. Awareness and competence are distinct concepts in information security methodology.
  3. The power of perception influences information security activities and outcomes.
  4. Human factor exploitation can occur despite having the best technical security systems in place.
  5. Effective awareness and competent management require a gradual cultural shift within an organization.
  6. ESPs (Expected Security Practices) should be defined, covered, and formatted for optimal awareness content delivery.
  7. Behavior management involves motivational and enforcement strategies to promote responsible security practices.
  8. Feedback mechanisms are essential for evaluating the effectiveness of awareness tools and programs.
  9. Real-life information security incident visualization can help influence user perception and behavior.
  10. Bite-sized, interactive training sessions can be more effective than lengthy, one-time information security training programs.

Note: ESPs stand for Expected Security Practices, which are similar to the Israeli 7001 controls and objectives.