When users make a harmful action, cybersecurity professionals believe that the solution is more awareness. This is like saying that if a canary dies in a coalmine, the solution is healthier canaries. When the user fails, it is a failure of the entire system. The problem is not that users cause a loss, but that they can potentially initiate a loss. The solution is to engineer the user out of the process, or at least filter out an attack. When a user is in the position of possibly initiating a loss, you create a user experience and provide awareness to avoid initiating a loss. You anticipate the loss being initiated and put detection and reaction in place. We call this Human Security Engineering.
Understand conceptually how a user is only an operational part of a system, and how the initiate loss, but not create it.
Strategically define technologies and processes to mitigate loss throughout the entire life cycle of an attack, from initiation to user action to mitigating the harm resulting from the user action.
Determine how users are put in the position of potentially initiating a loss, and to examine if a user can be removed from the process.
You must be logged in and own this session in order to
10/19/21 1:23 pm
where was the badge? How could you leave us hanging on that story?
10/19/21 8:46 pm
love the focus on the user
my biggest problem :)
10/20/21 3:11 pm
The Handout for this presentation - Where can I get it?
10/22/21 7:32 pm
10/24/21 1:09 am
Excellent presentation, thanks.
As with @Patrick Corkery's comment - Please could you make the handout available?
It would be very useful for offline review along with the mp3 which was made available.
10/24/21 10:15 am
10/25/21 6:19 am
+1 for handout availability. Thanks