Player size: small large

(ISC)² Security Congress 2021 - Career Center & Recordings

1778566 - Human Security Engineering: A Strategy to Address "The User Problem"

Oct 18, 2021 10:00am ‐ Oct 18, 2021 11:00am

Overview
Comments

When users make a harmful action, cybersecurity professionals believe that the solution is more awareness. This is like saying that if a canary dies in a coalmine, the solution is healthier canaries. When the user fails, it is a failure of the entire system. The problem is not that users cause a loss, but that they can potentially initiate a loss. The solution is to engineer the user out of the process, or at least filter out an attack. When a user is in the position of possibly initiating a loss, you create a user experience and provide awareness to avoid initiating a loss. You anticipate the loss being initiated and put detection and reaction in place. We call this Human Security Engineering.

Learning Objectives:

Understand conceptually how a user is only an operational part of a system, and how the initiate loss, but not create it.
Strategically define technologies and processes to mitigate loss throughout the entire life cycle of an attack, from initiation to user action to mitigating the harm resulting from the user action.
Determine how users are put in the position of potentially initiating a loss, and to examine if a user can be removed from the process.

Speaker(s):

Dr. Tracy Celaya-Brown, DM, CISSP, PMP, CSM, President, Go Consulting International
Ira Winkler, CISSP, Chief Security Architect, Walmart

Tags:

Advanced

You must be logged in and own this session in order to post comments.

Tim DAngelo
10/19/21 12:23 pm

where was the badge? How could you leave us hanging on that story?

charles searl
10/19/21 7:46 pm

love the focus on the user my biggest problem :)

Patrick Corkery
10/20/21 2:11 pm

The Handout for this presentation - Where can I get it?

Carl Marning
10/22/21 6:32 pm

Positive presentation

Trevor Jones
10/24/21 12:09 am

Excellent presentation, thanks. As with @Patrick Corkery's comment - Please could you make the handout available? It would be very useful for offline review along with the mp3 which was made available.

Anupam Wadehra
10/24/21 9:15 am

Great discussion!

Patrick ASSER
10/25/21 5:19 am

Great session. +1 for handout availability. Thanks

Isabel Raven
10/25/21 8:54 pm

Would appreciate access to slides and handouts.

Ian Mills
10/26/21 10:54 pm

How did I miss this live? +1 for slides. !!

Venkatesh Raju
11/2/21 11:24 am

Great talk, glad I was able to catch this via the recording!

salahuddin sultan
11/6/21 8:59 pm

Very good approach to systemwide security

Walter Jones
11/23/21 11:38 am

Great session!!

Anupam Wadehra
12/29/21 11:55 am

Superb presentation

1778566 - Human Security Engineering: A Strategy to Address "The User Problem"

Oct 18, 2021 10:00am ‐ Oct 18, 2021 11:00am

Learning Objectives:

Speaker(s):

Tags:

Tim DAngelo 10/19/21 12:23 pm

charles searl 10/19/21 7:46 pm

Patrick Corkery 10/20/21 2:11 pm

Carl Marning 10/22/21 6:32 pm

Trevor Jones 10/24/21 12:09 am

Anupam Wadehra 10/24/21 9:15 am

Patrick ASSER 10/25/21 5:19 am

Isabel Raven 10/25/21 8:54 pm

Ian Mills 10/26/21 10:54 pm

Venkatesh Raju 11/2/21 11:24 am

salahuddin sultan 11/6/21 8:59 pm

Walter Jones 11/23/21 11:38 am

Anupam Wadehra 12/29/21 11:55 am