2023-10-31 –, Main Stage
In infosec we often stand before the option the go for either a behavior based measure to mitigate risks or choose a technical measure. In this talk I will argue that technical measures are preferable and why we need to reconsider our fear of them stimulating shadow IT.
"WARNING: Wet paint!". Have you ever been tempted to touch the surface of whatever this warning was attached to? Yes? You're not alone!
Then why do many of us still rely on behavior based awareness campaigns for mitigating (complex) security risks? When we know that people tend to do very poorly when it comes to adhering to rules and regulations.
Is it because we have a fear of technical measures encouraging the use of things like shadow IT? And how real is this when set against the alternative; behavior based rules?
In this talk I will explain why I have come to believe we should always consider technical measures first in information security and why you might want to do the same.
Fleur van Leusden is an experienced CISO that has worked for multiple Dutch government organisations over the past decade. She has an interest in changing the way infosec handles awareness and behavior based measures in security.