Security Awareness Blog

Securing The Human - Vegas

Thanks to everyone who joined us last night at SANS Las Vegas for my presentation Securing The Human. We had a really interactive crowd which makes events like these so much fun. As promised, I've posted the latest version of the presentation online for all to download and share. The focus of the presentation was on why humans are so vulnerable, how cyber attackers exploit those vulnerabilities, and what we can do to 'patch' the vulnerabilities. Throughout the presentation we compared the human to the idea of being nothing more then another operating system, however an operating system ten years behind all others in terms of security. After the event we had a community discussion on some of the key points of what does and does not work in security awareness. Some key points shared include

  • One of the greatest challenges security is facing is communicating the value of awareness to management. This so reminds me of security ten years ago when the biggest battle in security was getting management's attention. We now have management's attention, but everything is focused on the technical issues, not on the human issues. One of the things I want to put together is a cheat sheet for all of us out there on how to create awareness .... on the value of awareness.
  • Several people shared horror stories about how in their organization there is absolutely no awareness, for example employees storing credit cards in excel spreadsheets on community shared laptops. We agreed that it is not the fault of these people, they simply were not aware. However it is stories like these that need to brought to management. In addition, the best way to leverage stories is to use ones about your own organization. Management will not care about what happens in other organizations, only their own.

2 Comments

Posted September 28, 2010 at 3:38 AM | Permalink | Reply

darrell aldridge

lance,
thank you very much for the presentation. your presentation skills are OFF THE CHART. i really enjoyed it. the meeting after the presentation was very informative as well.
i love the comparison of the human to a operating system. i think it is the perfect analogy. i would like to try integrate many of the things you talked about in the fraud prevention classes I teach and in the managers meetings at work.
i will try my best to help educate others, build awareness and of course, make every attempt possable to try to "secure the human".
thanks for the slides, the ideas, the session after your presentation and the ice cold beer..
I hope to attend a presentation or a class by you in the near future.
darrell a.

Posted September 28, 2010 at 3:52 AM | Permalink | Reply

lspitzner

Darrell, thanks for the kind words. I'm really excited about the possibilities of "Securing The Human" and presenting is one of my favorite ways to communicate that message. As for the Human Operating System, I agree I can't think of a better analogy. However to be honest credit goes to Chris Hadnagy at http://www.social-engineer.org, he was the first that I know of to post about the HumanOS.