the vienna programme
play

The Vienna Programme A Global Strategy for Cyber Security Stefan - PowerPoint PPT Presentation

Mar 09, 2024 •9 likes •349 views

Strategy and Governance Malware Psychology of Security The Vienna Programme A Global Strategy for Cyber Security Stefan Schumacher www.sicherheitsforschung-magdeburg.de stefan.schumacher@sicherheitsforschung-magdeburg.de DeepSec 2012 Vienna

  1. Strategy and Governance Malware Psychology of Security The Vienna Programme A Global Strategy for Cyber Security Stefan Schumacher www.sicherheitsforschung-magdeburg.de stefan.schumacher@sicherheitsforschung-magdeburg.de DeepSec 2012 Vienna Stefan Schumacher The Vienna Programme

  2. Strategy and Governance Malware Psychology of Security About me President of the Magdeburg Institute for Security Research Editor of the Magdeburger Journal of Security Research Freelance Security Consultant ex-NetBSD developer B.A. Educational Science and Psychology Focus on Social Engineering, Security Awareness, Organizational Security Veteran of several cyber wars ;-) Stefan Schumacher The Vienna Programme

  3. Strategy and Governance Malware Psychology of Security #include<disclaimer.h> This Talk is a Basis for Discussion. Stefan Schumacher The Vienna Programme

  4. Strategy and Governance Malware Psychology of Security The Problem IT emerges into more fields every day IT insecurity emerges into more fields every day Security is not a hot toppic :-( Let’s change it. Let’s create a strategy to do so. Stefan Schumacher The Vienna Programme

  5. Strategy and Governance Malware Psychology of Security Table of Contents Strategy and Governance 1 Malware 2 Psychology of Security 3 Stefan Schumacher The Vienna Programme

  6. Strategy and Governance Malware Psychology of Security On Cyber Strategy Tactics is the theory of the use of military forces in combat. Strategy is the theory of the use of combats for the object of the war. War is a mere continuation of policy by other means. It may sound strange, but for all who know War in this respect it is a fact beyond doubt, that much more strength of will is required to make an important decision in strategy than in tactics. Stefan Schumacher The Vienna Programme

  7. Strategy and Governance Malware Psychology of Security On Cyber Strategy Tactics is the theory of the use of military forces in combat. Strategy is the theory of the use of combats for the object of the war. War is a mere continuation of policy by other means. It may sound strange, but for all who know War in this respect it is a fact beyond doubt, that much more strength of will is required to make an important decision in strategy than in tactics. Stefan Schumacher The Vienna Programme

  8. Strategy and Governance Malware Psychology of Security Example CORE-2007-0219: OpenBSD’s IPv6 mbufs remote kernel buffer overflow develop a patch roll it out ( cvs update -dP ) patch the source and compile it install new version that’s tactic, it does solve this specific IPv6 mbufs remote kernel buffer overflow but it does not prevent future buffer overflow Stefan Schumacher The Vienna Programme

  9. Strategy and Governance Malware Psychology of Security Example CORE-2007-0219: OpenBSD’s IPv6 mbufs remote kernel buffer overflow develop a patch roll it out ( cvs update -dP ) patch the source and compile it install new version that’s tactic, it does solve this specific IPv6 mbufs remote kernel buffer overflow but it does not prevent future buffer overflow Stefan Schumacher The Vienna Programme

  10. Strategy and Governance Malware Psychology of Security On Cyber-War how to reach goals: Cathedral vs. Bazaar I love it when a plan comes together No plan survives the first contact with Hannibal the enemy - MacGyver Stefan Schumacher The Vienna Programme

  11. Strategy and Governance Malware Psychology of Security The Elders of the Internet We need some global kind of organization in all dimensions (technical, psychological, social, juridical, international law) some institutions already exist (BSI, ENISA) coordination is required (think of the United Nations not ITU) why not organizing like an open source project? (Bazaar) Wikipedia: offer a Wiki/Mailing List/Forum etc. for discussion NetBSD: steering committee, developer groups, mailing listes, sponsors for new developers, security officers Stefan Schumacher The Vienna Programme

  12. Strategy and Governance Malware Psychology of Security The Elders of the Internet information security is not only a technical problem involve all actors: international organizations, governments, political parties, citizens/users, developers, researchers, companies get some Second Order Cybernetics (discourse analysis, institutional analysis, governance etc., see Luhmann, von Foerster) fight the Semmelweis-Reflex (reflex-like tendency to reject new knowledge because it contradicts established norms) Stefan Schumacher The Vienna Programme

  13. Strategy and Governance Malware Psychology of Security Table of Contents Strategy and Governance 1 Malware 2 Psychology of Security 3 Stefan Schumacher The Vienna Programme

  14. Strategy and Governance Malware Psychology of Security Malware? What’s that? The World Health Organization eradicated Smallpox in the 1970s and Rinderpest in 2011 They had a strategy Stefan Schumacher The Vienna Programme

  15. Strategy and Governance Malware Psychology of Security Malware? What’s that? Do you Remember? Let’s eradicate Malware. Ain’t that megalomanic? Sure, but we need big goals ... We know the complete »DNA« of every OS/Application, we can even change it We can reverse engineer the DNA of malware or create our own examples in the lab We can even mathematically verify the absence of vulnerabilities We don’t have to walk through the outback to get to our patients Yet we still have Buffer Overflows since 1988 ... Stefan Schumacher The Vienna Programme

  16. Strategy and Governance Malware Psychology of Security Malware? What’s that? Do you Remember? Let’s eradicate Malware. Ain’t that megalomanic? Sure, but we need big goals ... We know the complete »DNA« of every OS/Application, we can even change it We can reverse engineer the DNA of malware or create our own examples in the lab We can even mathematically verify the absence of vulnerabilities We don’t have to walk through the outback to get to our patients Yet we still have Buffer Overflows since 1988 ... Stefan Schumacher The Vienna Programme

  17. Strategy and Governance Malware Psychology of Security Malware? What’s that? Identify all the simple Vulnerabilities and wipe them out have a look at the governance model of NetBSD and OpenBSD close at least the Skript Kiddie Vulnerabilities Stefan Schumacher The Vienna Programme

  18. Strategy and Governance Malware Psychology of Security Malware? What’s that? Stefan Schumacher The Vienna Programme

  19. Strategy and Governance Malware Psychology of Security Commercial Software the political/legal dimension prioritise security don’t sell it as an add on: Security First talk to us, offer a path for responsible disclosure and act! customers have a lot of power ( €€€ ) manufacterers are liable for their products car manufacturers have to recall malfunctioning cars aviation authorities monitor airlines and shut them down in case of emergency Has there ever been a recall for Operating Systems? Why not? Why do customers accept broken and FUBARed software? Stefan Schumacher The Vienna Programme

  20. Strategy and Governance Malware Psychology of Security Table of Contents Strategy and Governance 1 Malware 2 Psychology of Security 3 Stefan Schumacher The Vienna Programme

  21. Strategy and Governance Malware Psychology of Security Psychology of Security Why Psychology? Humans act and make decisions, computers do only as told Programmers create Buffer Overflows and forget safety regulations (Ariane 5) ... Users choose weak passwords ... Admins forget to patch ... We have to influence how humans make decisions regarding IT security therefor we will use the ancient black art of psychology ... Stefan Schumacher The Vienna Programme

  22. Strategy and Governance Malware Psychology of Security Making Security Sexy How do I make Security »sexy«? � Motivational Psychology The Holy Grail [ TM ] of Psychology a lot of research done, especially for Industrial Psychology, Leadership, Management motivation is the key of every action � no motivation == no action motivation can be conscious or unconscious several theories of motivation Stefan Schumacher The Vienna Programme

  23. Strategy and Governance Malware Psychology of Security Theories of Motivation Maslow: Pyramid of Needs Herzberg: Two Factor Theory of Content internal vs. external Motivation external Motivation: Reward or Punishment internal motivation is the ideal way people have to want security on their own they have to focus on security Motivation is volatile Stefan Schumacher The Vienna Programme

  24. Strategy and Governance Malware Psychology of Security Security Awareness people only learn when they focus on something they focus on something that is important to them security has to be relevant to them this is a complex task: The User - An Unknown Being. Does he identify with his employer? (Maslow) What are his needs? Does he understand security? (Know How/Technical Skills) Can he integrate »security« into his mind set? What does his mind set look like? (Weltanschauung) Stefan Schumacher The Vienna Programme

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction - The Vienna Programme of Action (VPoA) for Landlocked Developing Countries is a ten

Introduction - The Vienna Programme of Action (VPoA) for Landlocked Developing Countries is a ten

Introduction - The Vienna Programme of Action (VPoA) for Landlocked Developing Countries is a ten (ten) year action-plan aimed at accelerating sustainable development in Landlocked Developing Countries (LLDC). The action-plan was adopted in Vienna

350 views • 16 slides
REPORT ON IMPLEMENTATION OF THE VIENNA PROGRAMME OF ACTION 18 - 19 MARCH 2019 Name COLATOR

REPORT ON IMPLEMENTATION OF THE VIENNA PROGRAMME OF ACTION 18 - 19 MARCH 2019 Name COLATOR

REPORT ON IMPLEMENTATION OF THE VIENNA PROGRAMME OF ACTION 18 - 19 MARCH 2019 Name COLATOR MAOKO Designation: DEPUTY DIRECTOR/ CHIEF ECONOMIST Organization: MINISTRY OF INDUSTRY AND COMMERCE Country: ZIMBABWE ZIMBABWE AT A GLANCE Location

250 views • 13 slides
Vienna Programme of Action for LLDCs: legal frameworks for transit cooperation UN-OHRLLS Retreat

Vienna Programme of Action for LLDCs: legal frameworks for transit cooperation UN-OHRLLS Retreat

Vienna Programme of Action for LLDCs: legal frameworks for transit cooperation UN-OHRLLS Retreat of the LLDCs Group, New York, 1 March 2016 William Petty Head, Regional Committee for Africa Efficient road transport 1. Good infrastructure 2.

419 views • 9 slides
Update on EaSI Programme for Microfinance 7 th June 2019, Vienna Filippo Chiesa Compliance and

Update on EaSI Programme for Microfinance 7 th June 2019, Vienna Filippo Chiesa Compliance and

Update on EaSI Programme for Microfinance 7 th June 2019, Vienna Filippo Chiesa Compliance and AML - PerMicro PerMicro: the ambition to finance good entrepreneurial ideas and family needs Funded in 2007 in Torino (Italy). Specialised in

308 views • 6 slides
2019 EMEA Regional Meeting Bid Vienna October 11 13 Why Vienna? Vienna is the worlds

2019 EMEA Regional Meeting Bid Vienna October 11 13 Why Vienna? Vienna is the worlds

2019 EMEA Regional Meeting Bid Vienna October 11 13 Why Vienna? Vienna is the worlds most livable city and our vibrant country committee is excited to share it with Democrats Abroad! It has palaces, top museums, three opera houses,

349 views • 12 slides
Paediatric Medicines and the Health theme in the Co-operation Programme of FP7 Dr. Fergal

Paediatric Medicines and the Health theme in the Co-operation Programme of FP7 Dr. Fergal

Paediatric Medicines and the Health theme in the Co-operation Programme of FP7 Dr. Fergal DONNELLY Directorate Health DG Research European Commission 1 Launching FP7 DI A Vienna 27.3.2007 The Health Theme in Framework Programme 7

497 views • 36 slides
TOWARDS AN 8 TH ENVIRONMENT ACTION PROGRAMME: CATALYSING A JUST TRANSITION TO A ONE PLANET

TOWARDS AN 8 TH ENVIRONMENT ACTION PROGRAMME: CATALYSING A JUST TRANSITION TO A ONE PLANET

TOWARDS AN 8 TH ENVIRONMENT ACTION PROGRAMME: CATALYSING A JUST TRANSITION TO A ONE PLANET ECONOMY Patrick ten Brink, EU Policy Director, EEB Vienna 10 December 2018 p.2 THE 7 EAP: OVERVIEW OF ITS PERFORMANCE The 7 th EAP has proven to be

623 views • 29 slides
Multiverse Conceptions and the Hyperuniverse Programme C. Antos, S.-D. Friedman, R. Honzik, C.

Multiverse Conceptions and the Hyperuniverse Programme C. Antos, S.-D. Friedman, R. Honzik, C.

Outline The Multiverse Phenomenon Multiverse Conceptions The Hyperuniverse Programme Multiverse Conceptions and the Hyperuniverse Programme C. Antos, S.-D. Friedman, R. Honzik, C. Ternullo KGRC, Vienna 21 September 2013 C. Antos, S.-D.

877 views • 46 slides
The Congress of Vienna (September 1, 1814 June 9, 1815) The Congress of Vienna kings,

The Congress of Vienna (September 1, 1814 June 9, 1815) The Congress of Vienna kings,

The Congress of Vienna (September 1, 1814 June 9, 1815) The Congress of Vienna kings, princes, and diplomats gathered for a peace conference in Vienna fall 1814 - summer 1815 Tsar Alexander I (Russia) Foreign Minister, Viscount

59 views • 4 slides
IAEA guidelines on transition from conventional to 3-D conformal radiotherapy programme

IAEA guidelines on transition from conventional to 3-D conformal radiotherapy programme

IAEA guidelines on transition from conventional to 3-D conformal radiotherapy programme Stanislav Vatnitsky Presented to: Lunch Forum Session I: ICARO IAEA, Vienna: April 27, 2009 IAEA TECDOC- 1040 (1998 ) [ extension (2008) includes linear

437 views • 23 slides
PRESENTATION TO THE VIENNA SYMPOSIUM ON GREEK DEBT VIENNA, 17 May 2017 he destructive effects

PRESENTATION TO THE VIENNA SYMPOSIUM ON GREEK DEBT VIENNA, 17 May 2017 he destructive effects

PRESENTATION TO THE VIENNA SYMPOSIUM ON GREEK DEBT VIENNA, 17 May 2017 he destructive effects of the Private Sector INVOLVEMENT IN GREECE John Kyriakopoulos, Former Managing Director &amp; CEO of Hellenic Pension Fund Mgt Company, CEO of KYROS

340 views • 3 slides
Contents 1. Programme Overview 2. Programme Structure 3. Programme Milestones a. Compulsory

Contents 1. Programme Overview 2. Programme Structure 3. Programme Milestones a. Compulsory

Contents 1. Programme Overview 2. Programme Structure 3. Programme Milestones a. Compulsory Modules b. Overseas Study Trip c. Project d. Other CPD activities e. Example on how to complete Programme Milestones 4. Service Milestones

396 views • 28 slides
Cheshire and Merseyside Tobacco Control Programme Jo McCullagh, Programme Lead What We Will

Cheshire and Merseyside Tobacco Control Programme Jo McCullagh, Programme Lead What We Will

Cheshire and Merseyside Tobacco Control Programme Jo McCullagh, Programme Lead What We Will Cover.. Tobacco Control programme objectives 2011/12 programme highlights Next steps (Nov 2012-March 2013) Programme Partners Heart of

462 views • 15 slides
Logic in Vienna Logic in Vienna: History 1920s: Wiener Kreis M. Schlick, H. Hahn, H.

Logic in Vienna Logic in Vienna: History 1920s: Wiener Kreis M. Schlick, H. Hahn, H.

Logic in Vienna Logic in Vienna: History 1920s: Wiener Kreis M. Schlick, H. Hahn, H. Menger, O. Neurath, R. Carnap, . . . Logical Positivism (in contrast to K. Poppers Falsification ) Influential: L. Wittgenstein Eminent: K. G

393 views • 17 slides
continuous variables Manfred Dorninger University of Vienna Vienna, Austria

continuous variables Manfred Dorninger University of Vienna Vienna, Austria

Verification of forecasts of continuous variables Manfred Dorninger University of Vienna Vienna, Austria manfred.dorninger@univie.ac.at Thanks to: B. Brown, M. Gber, B. Casati 7 th Verification Tutorial Course, Berlin, 3-6 May, 2017 Types

532 views • 39 slides
Vienna University of Technology Motorcycle Accidents Case Studies and What to Learn From Them

Vienna University of Technology Motorcycle Accidents Case Studies and What to Learn From Them

Vienna University of Technology Motorcycle Accidents Case Studies and What to Learn From Them Horst Ecker Vienna University of Technology, Vienna, Austria Int. Motorcycle Safety Conference, Long Beach, March 28-30, 2006 Whats ahead

477 views • 25 slides
Computing genus 2 curves from invariants on the Hilbert moduli space Journal of Number Theory,

Computing genus 2 curves from invariants on the Hilbert moduli space Journal of Number Theory,

Computing genus 2 curves from invariants on the Hilbert moduli space Journal of Number Theory, Special Issue on Elliptic Curve Cryptography http://eprint.iacr.org/2010/294 Kristin Lauter, Microsoft Research Joint work with: Tonghai Yang,

421 views • 39 slides
Group Project K ans ShanghAI Lectures 2019 A K an ( ) is a story, dialogue,

Group Project K ans ShanghAI Lectures 2019 A K an ( ) is a story, dialogue,

Group Project K ans ShanghAI Lectures 2019 A K an ( ) is a story, dialogue, question, or statement, which is used in Zen-practice to provoke the great doubt, and test a student's progress in Zen practice. Wikipedia K

666 views • 20 slides
MOTIVATIONAL INFLUENCE (A N EW A PPROACH TO C OUNSELING ) Douglas L. Beck, Au.D. Board Certified

MOTIVATIONAL INFLUENCE (A N EW A PPROACH TO C OUNSELING ) Douglas L. Beck, Au.D. Board Certified

MOTIVATIONAL INFLUENCE (A N EW A PPROACH TO C OUNSELING ) Douglas L. Beck, Au.D. Board Certified Audiologist photo Director of Professional Relations Oticon, Inc., Somerset, NJ dmb@oticonusa.com S TATUS Q UO S ERGEI K OCHKIN M ARKE T RAK VIII

848 views • 61 slides
Solving Problems by Searching Marco Chiarandini Department of Mathematics &amp; Computer Science

Solving Problems by Searching Marco Chiarandini Department of Mathematics &amp; Computer Science

Lecture 2 Solving Problems by Searching Marco Chiarandini Department of Mathematics &amp; Computer Science University of Southern Denmark Slides by Stuart Russell and Peter Norvig Problem Solving Agents Search Uninformed search algorithms

1.01k views • 74 slides
Gaudi Framework Overview and The Daya Bay Experience Brett Viren Physics Department Future

Gaudi Framework Overview and The Daya Bay Experience Brett Viren Physics Department Future

Gaudi Framework Overview and The Daya Bay Experience Brett Viren Physics Department Future Neutrino Software, FNAL 2009/3/13 Brett Viren (BNL) Gaudi/Daya Bay 2009/3/13 1 / 37 Outline Gaudi Framework Overview What is a Software Framework?

477 views • 37 slides
Learning from Observations Chapter 18, Sections 13 Chapter 18, Sections 13 1 Outline

Learning from Observations Chapter 18, Sections 13 Chapter 18, Sections 13 1 Outline

Learning from Observations Chapter 18, Sections 13 Chapter 18, Sections 13 1 Outline Learning agents Inductive learning Decision tree learning Measuring learning performance Chapter 18, Sections 13 2 Learning

653 views • 32 slides
Constructing cryptographic curves with complex multiplication Reinier Br oker

Constructing cryptographic curves with complex multiplication Reinier Br oker

Constructing cryptographic curves with complex multiplication Reinier Br oker Microsoft Research Fields Institute May 2009 Curves and crypto Curve cryptography comes in 2 flavours: standard : we want curves of prime order;

594 views • 36 slides
Language and Cognition Seminar School of Psychology, University of Birmingham, 5 Nov 2004

Language and Cognition Seminar School of Psychology, University of Birmingham, 5 Nov 2004

Language and Cognition Seminar School of Psychology, University of Birmingham, 5 Nov 2004 Varieties of Meaning Aaron Sloman School of Computer Science http://www.cs.bham.ac.uk/axs/ These slides will later be added to

587 views • 32 slides

More recommend