Identify - "Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities." Music Box - 5th Floor
May 08, 2018 12:30 PM - 01:00 PM(America/New_York)
20180508T1230 20180508T1300 America/New_York Threat Prioritization: Freeing the White Whale

We all acknowledge that critical infrastructure organizations face particularly pernicious security risks, made ever-more-complex by strict uptime requirements. A raging sea of threats leads to consistently high-stress situations, in which “irrational” human thinking is more likely to dominate – and thus lead to misallocation of defensive resources. Too often, security practitioners seek to defend against all threats they face – particularly athwart more “sophisticated” adversaries – which becomes their “white whale,” killing the chance of an effective security program.

The cognitive biases that lead to this sort of thinking are magnified by the overwhelming ocean of choice in security tools and defensive advice. Before deploying a security strategy, one must first identify what needs to be protected, and why. In this talk, we’ll explore how to hone your brain to the signal, while tuning out the roaring waves of the ocean of choice.

 

You will learn why human brains will prioritize some threats over others – chasing their white whales – and why that leads to poor defensive outcomes. We’ll then cover cognitive countermeasures, including a prioritization framework for how organizations can begin prioritizing which threats to tackle in an optimal manner. Finally, we’ll go in-depth into specific critical industries – such as transportation, finance, and energy – for hands-on examples of how organizations can bypass their behavioral biases and cultivate stronger security strategies based on realistic threat models.

Music Box - 5th Floor HACK NYC 2018 events@magegroupe.com
24 attendees saved this session

We all acknowledge that critical infrastructure organizations face particularly pernicious security risks, made ever-more-complex by strict uptime requirements. A raging sea of threats leads to consistently high-stress situations, in which “irrational” human thinking is more likely to dominate – and thus lead to misallocation of defensive resources. Too often, security practitioners seek to defend against all threats they face – particularly athwart more “sophisticated” adversaries – which becomes their “white whale,” killing the chance of an effective security program.

The cognitive biases that lead to this sort of thinking are magnified by the overwhelming ocean of choice in security tools and defensive advice. Before deploying a security strategy, one must first identify what needs to be protected, and why. In this talk, we’ll explore how to hone your brain to the signal, while tuning out the roaring waves of the ocean of choice.

 

You will learn why human brains will prioritize some threats over others – chasing their white whales – and why that leads to poor defensive outcomes. We’ll then cover cognitive countermeasures, including a prioritization framework for how organizations can begin prioritizing which threats to tackle in an optimal manner. Finally, we’ll go in-depth into specific critical industries – such as transportation, finance, and energy – for hands-on examples of how organizations can bypass their behavioral biases and cultivate stronger security strategies based on realistic threat models.

Product Manager
,
SecurityScorecard
No moderator for this session!
Attendees public profile is disabled.
Upcoming Sessions
231 visits

FAQ

 Code of Conduct  Press Releases
 Get Involved   Report ISSUE / BUG
Tickets  

The Critical Infrastructure Association of America, Inc. is a 501(c)6 Not for Profit. The mission of Critical Infrastructure Association of America is to create a membership-based, trade association of like-minded cybersecurity and closely related industry professionals that work in the field of cybersecurity. The goal is to share best practices, establish and maintain high operational standards and to educate and interact with those in the cybersecurity community within public, private and governmental sectors.