Achieving Durable Security : Being Honest About What You Can Really Do. Thomas Whipp MSc MEng CISSP CPP CBCI Head of Risk Oval Ltd Presentation Overview Where are you starting from? Where are the risks? Thinking differently about security What are the real costs of your strategy? Where are you starting from? Your Information? Printers Mobile Phones SQL Excel Emails Memory Sticks Scanned Images Your Business Who’s budget? Will it really be spent? Costs Capital Vs. Revenue Preventio n Detection Incident Response Will it work? Politics Displace ment Value for Money? Where are the risks? Who is out there? Script Kiddies Hacktavists Criminals Technical Attacks Social Engineering Industrial Espionage State Sponsored Thinking Differently About Security Rational Choice Theory Evaluation of risk and return Uses ? ? ? How much will I get How likely am I to be caught How large is the punishment A good model for planned offences Typically acquisitive in nature Largely fails to explain expressive offences Routine activity theory Motivated offender Lack of a capable guardian Situational Prevention Ronald v Clarke Crime not criminali ty Increase the effort Increase the risk Key Concerns Event driven Near not distant cause Reduce the rewards Reduce provocat ions How not why Remove excuses 5 Main mechanisms Defensible Space Oscar Newman Key Points Territoriality (key behaviour to encourage) Natural surveillance Image Milieu Displacement A key criteria used to assess physical security initiatives Putting in a control May not reduce offending May simply move it elsewhere Disinhibition Key challenge Leads to for InfoSec significant awareness but changes in also situational behaviour controls Strong sense of anonymity Disassociation from the ‘real world’ Lack of a sense of consequence What are the real costs of your strategy? Covering your bases... Spreading the costs Prevention Response Residual Detection Choosing a Strategy... What are the options? Process Product Any option can deliver an effective control if implemented properly Service Architecture Risks to Strategy... Choosing a Strategy... Controls and their true costs 100% 90% 80% 70% Political 60% Effort Revenue 50% Capital 40% 30% 20% 10% 0% Process Product Service Architecture Tom Whipp MSc MEng CISSP CPP CBCI Head of Risk, Oval Ltd Tel: 01924 433081 Mbl: 07500 796391 Email: [email protected]
© Copyright 2026 Paperzz