40      0

(ISC)² Security Congress 2021 - Career Center & Recordings

1778566 - Human Security Engineering: A Strategy to Address "The User Problem"

Oct 18, 2021 11:00am ‐ Oct 18, 2021 12:00pm

Credits: None available.


When users make a harmful action, cybersecurity professionals believe that the solution is more awareness. This is like saying that if a canary dies in a coalmine, the solution is healthier canaries. When the user fails, it is a failure of the entire system. The problem is not that users cause a loss, but that they can potentially initiate a loss. The solution is to engineer the user out of the process, or at least filter out an attack. When a user is in the position of possibly initiating a loss, you create a user experience and provide awareness to avoid initiating a loss. You anticipate the loss being initiated and put detection and reaction in place. We call this Human Security Engineering.

Learning Objectives:
  • Understand conceptually how a user is only an operational part of a system, and how the initiate loss, but not create it.
  • Strategically define technologies and processes to mitigate loss throughout the entire life cycle of an attack, from initiation to user action to mitigating the harm resulting from the user action.
  • Determine how users are put in the position of potentially initiating a loss, and to examine if a user can be removed from the process.


Tags: Advanced


  • 1.00 - CPE

You must be logged in and own this session in order to post comments.

Tim DAngelo
10/19/21 1:23 pm

where was the badge? How could you leave us hanging on that story?

charles searl
10/19/21 8:46 pm

love the focus on the user my biggest problem :)

Patrick Corkery
10/20/21 3:11 pm

The Handout for this presentation - Where can I get it?

Carl Marning
10/22/21 7:32 pm

Positive presentation

Trevor Jones
10/24/21 1:09 am

Excellent presentation, thanks. As with @Patrick Corkery's comment - Please could you make the handout available? It would be very useful for offline review along with the mp3 which was made available.

Anupam Wadehra
10/24/21 10:15 am

Great discussion!

Patrick ASSER
10/25/21 6:19 am

Great session. +1 for handout availability. Thanks

Isabel Raven
10/25/21 9:54 pm

Would appreciate access to slides and handouts.

Ian Mills
10/26/21 11:54 pm

How did I miss this live? +1 for slides. !!

Venkatesh Raju
11/2/21 12:24 pm

Great talk, glad I was able to catch this via the recording!

salahuddin sultan
11/6/21 9:59 pm

Very good approach to systemwide security

Walter Jones
11/23/21 11:38 am

Great session!!