IT Security

a game of counting the negatives, but can we do better?

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration: Not yet available
Language: English
Abstract: In IT security we have been preoccupied with failures, with things that go wrong, and so we count the negatives -- the times when we failed. How about we seriously started counting the positives? More importantly, what if by adding more and more constraints to avoid the holes we have found, we are also removing the positive capacities in the system, thereby hurting our chance of success more than we hurt our chance of failure? In this talk, I will try to highlight how IT security could be done differently, by trying to focus on what goes right, rather than only focusing on what goes wrong, learning from our successes, and reinforcing them, so when next time the storm comes, we will have enough positive slack in the system to withstand the attack.

IT security, just like safety, has been focusing on the negatives, trying to learn from the times when things failed. Hence, we have become experts at counting the negatives, at finding all the holes. Because we rightfully fear failure, we have put more and more constraints on our systems through policies and guidelines and ways of working that constrain how they can be built and operated to avoid all the holes we have found. However, we tend to forget that the vast majority of the times, things go well. In fact, often they go well despite all the constraints we have put on the systems. Are we missing important learning opportunities by ignoring how things go well? In this talk, I will try to demonstrate how we could bring what safety literature calls "Safety II" or "Safety Differently" into the practice of IT security.

Talk ID: jev22-49218
Event:: jev22
Day: 2
Room: HIP1
Start: 3 p.m.
Duration: 00:45:00
Track: E.T.I.
Type of: Talk
Speaker: Mate Soos
Talk Slug & media link: jev22-49218-it_security

The video is not yet available

Missing form or progress bar? It may take up to ten minutes until the form appears, after you saved your progress on amara. Please give it a little patience and reload the page.