47      1

1778566 - Human Security Engineering: A Strategy to Address "The User Problem"

‐ Oct 18, 2021 11:00am

When users make a harmful action, cybersecurity professionals believe that the solution is more awareness. This is like saying that if a canary dies in a coalmine, the solution is healthier canaries. When the user fails, it is a failure of the entire system. The problem is not that users cause a loss, but that they can potentially initiate a loss. The solution is to engineer the user out of the process, or at least filter out an attack. When a user is in the position of possibly initiating a loss, you create a user experience and provide awareness to avoid initiating a loss. You anticipate the loss being initiated and put detection and reaction in place. We call this Human Security Engineering.

Learning Objectives:

  • Understand conceptually how a user is only an operational part of a system, and how the initiate loss, but not create it.
  • Strategically define technologies and processes to mitigate loss throughout the entire life cycle of an attack, from initiation to user action to mitigating the harm resulting from the user action.
  • Determine how users are put in the position of potentially initiating a loss, and to examine if a user can be removed from the process.




You must be logged in and own this session in order to post comments.

Tim DAngelo
10/19/21 12:23 pm

where was the badge? How could you leave us hanging on that story?

charles searl
10/19/21 7:46 pm

love the focus on the user my biggest problem :)

Patrick Corkery
10/20/21 2:11 pm

The Handout for this presentation - Where can I get it?

Carl Marning
10/22/21 6:32 pm

Positive presentation

Trevor Jones
10/24/21 12:09 am

Excellent presentation, thanks. As with @Patrick Corkery's comment - Please could you make the handout available? It would be very useful for offline review along with the mp3 which was made available.

Anupam Wadehra
10/24/21 9:15 am

Great discussion!

Patrick ASSER
10/25/21 5:19 am

Great session. +1 for handout availability. Thanks

Isabel Raven
10/25/21 8:54 pm

Would appreciate access to slides and handouts.

Ian Mills
10/26/21 10:54 pm

How did I miss this live? +1 for slides. !!

Venkatesh Raju
11/2/21 11:24 am

Great talk, glad I was able to catch this via the recording!

salahuddin sultan
11/6/21 8:59 pm

Very good approach to systemwide security

Walter Jones
11/23/21 11:38 am

Great session!!

Anupam Wadehra
12/29/21 11:55 am

Superb presentation