Security Congress Abstract
According to studies by Verizon, more than 90% of data breaches result from user failings. The industry response is to implement awareness, which is proven to be generally unsuccessful. Even with the best awareness programs, users will make mistakes. Awareness also does nothing to prevent malicious user actions. This session proposes a Human Security Officer, who is responsible for breaking down business processes that could result in data breaches resulting from human vulnerabilities, and determining a comprehensive set of technology, process and awareness countermeasures to prevent and mitigate the losses. The session will cover the processes to identify the underlying vulnerabilities and then prioritize the countermeasures, be they technology, process or awareness to prevent and mitigate the potential attacks.