4 b. thomas whipp presentation
TRANSCRIPT
![Page 1: 4 b. thomas whipp presentation](https://reader033.vdocuments.net/reader033/viewer/2022060117/5587a243d8b42a1e368b4685/html5/thumbnails/1.jpg)
Achieving Durable Security :Being Honest About What You Can Really Do.
Thomas Whipp MSc MEng CISSP CPP CBCIHead of RiskOval Ltd
![Page 2: 4 b. thomas whipp presentation](https://reader033.vdocuments.net/reader033/viewer/2022060117/5587a243d8b42a1e368b4685/html5/thumbnails/2.jpg)
Where are the risks?
Thinking differently
about security
What are the real costs of
your strategy?Where are you starting from?
Presentation Overview
![Page 3: 4 b. thomas whipp presentation](https://reader033.vdocuments.net/reader033/viewer/2022060117/5587a243d8b42a1e368b4685/html5/thumbnails/3.jpg)
Where are you starting from?
![Page 4: 4 b. thomas whipp presentation](https://reader033.vdocuments.net/reader033/viewer/2022060117/5587a243d8b42a1e368b4685/html5/thumbnails/4.jpg)
Your Information?
ExcelSQL
Emails Memory Sticks
Printers
Scanned Images
Mobile Phones
![Page 5: 4 b. thomas whipp presentation](https://reader033.vdocuments.net/reader033/viewer/2022060117/5587a243d8b42a1e368b4685/html5/thumbnails/5.jpg)
Your Business
Costs Value for Money?
Who’s budget?
Will it really be spent?
Capital Vs.
RevenuePolitics PreventionDetectionIncident
ResponseWill it work?Displacement
![Page 6: 4 b. thomas whipp presentation](https://reader033.vdocuments.net/reader033/viewer/2022060117/5587a243d8b42a1e368b4685/html5/thumbnails/6.jpg)
Where are the risks?
![Page 7: 4 b. thomas whipp presentation](https://reader033.vdocuments.net/reader033/viewer/2022060117/5587a243d8b42a1e368b4685/html5/thumbnails/7.jpg)
Script Kiddies
Who is out there?
HacktavistsCriminalsIndustrialEspionage
State Sponsored
TechnicalAttacks
SocialEngineering
![Page 8: 4 b. thomas whipp presentation](https://reader033.vdocuments.net/reader033/viewer/2022060117/5587a243d8b42a1e368b4685/html5/thumbnails/8.jpg)
Thinking Differently About Security
![Page 9: 4 b. thomas whipp presentation](https://reader033.vdocuments.net/reader033/viewer/2022060117/5587a243d8b42a1e368b4685/html5/thumbnails/9.jpg)
Rational Choice Theory
? How much will I get
? How likely am I to be caught
? How large is the punishment
Evaluation of risk and return
Uses
A good model for planned offences
Typically acquisitive in nature
Largely fails to explain expressive offences
![Page 10: 4 b. thomas whipp presentation](https://reader033.vdocuments.net/reader033/viewer/2022060117/5587a243d8b42a1e368b4685/html5/thumbnails/10.jpg)
Routine activity theory
Lack of a capable guardian
Motivated offender
Can be used to explain
everyday type crimes
![Page 11: 4 b. thomas whipp presentation](https://reader033.vdocuments.net/reader033/viewer/2022060117/5587a243d8b42a1e368b4685/html5/thumbnails/11.jpg)
Situational PreventionRonald v Clarke
Key Concerns 5 Main mechanisms
Crime not criminalityEvent drivenNear not
distant causeHow not why Increase the effort
Increase the risk
Reduce the rewardsReduce
provocationsRemove excuses
Examples:
![Page 12: 4 b. thomas whipp presentation](https://reader033.vdocuments.net/reader033/viewer/2022060117/5587a243d8b42a1e368b4685/html5/thumbnails/12.jpg)
Defensible SpaceOscar Newman
Key PointsTerritoriality (key behaviour to
encourage)
Natural surveillance
Image MilieuThinking point:
Is it worth allowing some personalisation at the desktop?
![Page 13: 4 b. thomas whipp presentation](https://reader033.vdocuments.net/reader033/viewer/2022060117/5587a243d8b42a1e368b4685/html5/thumbnails/13.jpg)
Displacement
A key criteria used to assess physical security initiatives
Putting in a control
May not reduce offending
May simply move it elsewhere
![Page 14: 4 b. thomas whipp presentation](https://reader033.vdocuments.net/reader033/viewer/2022060117/5587a243d8b42a1e368b4685/html5/thumbnails/14.jpg)
Disinhibition
Strong sense of
anonymity
Disassociation from the ‘real
world’
Lack of a sense of consequence
Leads to significant changes in behaviour
Key challenge for InfoSec
awareness but also situational
controls
![Page 15: 4 b. thomas whipp presentation](https://reader033.vdocuments.net/reader033/viewer/2022060117/5587a243d8b42a1e368b4685/html5/thumbnails/15.jpg)
What are the real costs of your strategy?
![Page 16: 4 b. thomas whipp presentation](https://reader033.vdocuments.net/reader033/viewer/2022060117/5587a243d8b42a1e368b4685/html5/thumbnails/16.jpg)
Covering your bases...Spreading the costs
Prevention
Detection
Response
Residual
![Page 17: 4 b. thomas whipp presentation](https://reader033.vdocuments.net/reader033/viewer/2022060117/5587a243d8b42a1e368b4685/html5/thumbnails/17.jpg)
Choosing a Strategy...What are the options?
Process Product
Service Architecture
Any option can deliver an
effective control if implemented
properly
![Page 18: 4 b. thomas whipp presentation](https://reader033.vdocuments.net/reader033/viewer/2022060117/5587a243d8b42a1e368b4685/html5/thumbnails/18.jpg)
Risks to Strategy...
![Page 19: 4 b. thomas whipp presentation](https://reader033.vdocuments.net/reader033/viewer/2022060117/5587a243d8b42a1e368b4685/html5/thumbnails/19.jpg)
Choosing a Strategy...Controls and their true costs
Process Product Service Architecture0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
PoliticalEffortRevenueCapital
![Page 20: 4 b. thomas whipp presentation](https://reader033.vdocuments.net/reader033/viewer/2022060117/5587a243d8b42a1e368b4685/html5/thumbnails/20.jpg)
Tom Whipp MSc MEng CISSP CPP CBCI Head of Risk, Oval Ltd
Tel: 01924 433081Mbl: 07500 796391Email: [email protected]