1 / 22

The best security devices don’t stop cars getting stolen Thieves look for the old cars/alarms

The best security devices don’t stop cars getting stolen Thieves look for the old cars/alarms Or careless owners…. Often it is the person, not the process that is the threat. (“guns don’t kill people, people do”).

arista
Download Presentation

The best security devices don’t stop cars getting stolen Thieves look for the old cars/alarms

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The best security devices don’t stop cars getting stolen • Thieves look for the old cars/alarms • Or careless owners…

  2. Often it is the person, not the process that is the threat. • (“guns don’t kill people, people do”)

  3. Presented by Carol Bott, Asst. Director ICT Security Professionalisation, DSD • “Weapons of Influence” • Reciprocity- People have to return a favour (email info scares). • Commitment and Consistency- If people commit, orally or in writing, to an idea or goal, they are more likely to honour that commitment. • Social Proof - People will do things that they see other people are doing. • Authority - People will tend to obey authority figures, even if they are asked to perform objectionable acts. • Liking - People are persuaded by other people that they like. • Scarcity - Perceived scarcity will generate demand.

  4. Also check out “Stumbling on Happiness” • The brain tricks us on a second-by-second basis • People make regular, invalid assumptions of their future happiness • We want our actions to work out well, even in the face of contradictory evidence

  5. So how do those techniques apply to the online world?

  6. Authority… consistency…

  7. Authority… scarcity…

  8. I received this from a reliable family friend this morning. 10/28/01 BIG TROUBLE !!!! DO NOT OPEN "WTC Survivor" It is a virus that will erase your whole "C" drive. It will come to you in the form of an E-Mail from a familiar person. I repeat a friend sent it to me, but called and warned me before I opened it. He was not so lucky and now he can't even start his computer! Forward this to everyone in your address book. I would rather receive this 25 times than not not all.If you receive an email called "WTC Survivor" do not open it. Delete it right away! This virus removes all dynamic link libraries (.dll files) from your computer. This is a serious one. Social proof… reciprocity… liking… authority…

  9. Microsoft Mail Internet Headers Version 2.0 Received: from mail.nntt.gov.au ([10.10.0.93]) by perdcexch.nntt.gov.au with Microsoft SMTPSVC(6.0.3790.3959); Wed, 24 Mar 2010 10:59:28 +0800 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AggDANIcqUvLCgHyjmdsb2JhbACBQpllFQEBAQEJCwgJEQUfvk+CVYIoBIMc X-IronPort-AV: E=Sophos;i="4.51,298,1267372800"; d="scan'208,217";a="1808472" Received: from outbound-mail01.westnet.com.au ([203.10.1.242]) by ironport.nntt.gov.au with ESMTP; 24 Mar 2010 10:59:28 +0800 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Aj8GAEodqUvKSLOI/2dsb2JhbACBQplkdL5UglWCKASDHA X-IronPort-AV: E=Sophos;i="4.51,298,1267372800"; d="scan'208,217";a="66667651" Received: from dsl-202-72-179-136.wa.westnet.com.au (HELO remote.rossgriffin.com.au) ([202.72.179.136]) by outbound-mail01.westnet.com.au with ESMTP/TLS/AES128-SHA; 24 Mar 2010 10:59:16 +0800 Received: from RGH-FS1.rgh.com.au ([fe80::2064:1a0f:44e0:5d5d]) by RGH-FS1.rgh.com.au ([fe80::2064:1a0f:44e0:5d5d%10]) with mapi; Wed, 24 Mar 2010 10:59:15 +0800 From: Reception <reception@rossgriffin.com.au> To: "Dart, Martin" <Martin.Dart@nntt.gov.au> Date: Wed, 24 Mar 2010 10:59:14 +0800 Subject: RE: Car Thread-Topic: Car Thread-Index: AcrK8Rs9/pl5wC0XQou06Ey5nNmsjQADKmaA Message-ID: <603AE2C1D22F1747A92EA6C9CE375A8057D86724@RGH-FS1.rgh.com.au> References: <9669748D6D82454F9923FA565CC0417005B2310E@perdcexch.nntt.gov.au> In-Reply-To: <9669748D6D82454F9923FA565CC0417005B2310E@perdcexch.nntt.gov.au> Accept-Language: en-US, en-AU Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, en-AU x-tm-as-product-ver: SMEX-8.0.0.1307-6.000.1038-17272.000 x-tm-as-result: No--40.929200-8.000000-31 x-tm-as-user-approved-sender: No x-tm-as-user-blocked-sender: No Content-Type: multipart/alternative; boundary="_000_603AE2C1D22F1747A92EA6C9CE375A8057D86724RGHFS1rghcomau_" MIME-Version: 1.0 Return-Path: reception@rossgriffin.com.au X-OriginalArrivalTime: 24 Mar 2010 02:59:28.0318 (UTC) FILETIME=[04B86DE0:01CACAFE] --_000_603AE2C1D22F1747A92EA6C9CE375A8057D86724RGHFS1rghcomau_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_000_603AE2C1D22F1747A92EA6C9CE375A8057D86724RGHFS1rghcomau_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable --_000_603AE2C1D22F1747A92EA6C9CE375A8057D86724RGHFS1rghcomau_--

  10. 70% of targeted attacks can be mitigated by following 4 basic strategies Defence is targeted around 200 times each year by organisations seeking to steal specific information. Non-defence agencies are targeted some 220 times. Dr Ian J Watt AOSecretary of Defence Anonymity & non-attribution the main benefits attacks enjoy. Mining sector a recently expanding battlefield “We must all hang together, or most assuredly, we will hang alone”. (Benjamin Franklin) Duncan Lewis AONational Security Advisor DPMC

  11. Other conference points of note: • The PSM needs urgent review in this area, as it’s focus has been on protecting paper • Any internet system can be compromised • We need to extend beyond the footprint of our technology/systems – security involves the end-to-end transaction • 2007 Estonian ‘cyberwar’ noted as a portent or things to come (be that state-sponsored of non-state actors). • 75% of attacks utilise targeted socially engineered email

  12. Any network can be utilised as a jumping off point for bigger attacks (hence we are a target) • Government has not had capacity to date to realise the extent of attacks • Boundaries are useless - we must extend systems into the community • We needs learning/adaptive systems – no more siege warfare • If not patched, you are swiss cheese. • Patch within 2 days.

  13. Do this! (at home and work) Automated patching makes your system self-learning How? Easy – Start/search/”update”

  14. 1. 2. 3. 4.

  15. Simple tip #1 Choose the right user account… • Give everyone a personal account • Use unique & complex passwords • Change passwords as often as you can tolerate

  16. Simple tip #2 …and put them in the right group! • There should only be 1 administrator • If your making your life easier, you making it less secure.

  17. Thanks.. Questions?

More Related