the impending complexity apocalypse el … 201803.pdf · avoid data theft and downtime by extending...
TRANSCRIPT
![Page 1: The Impending Complexity Apocalypse El … 201803.pdf · Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency,](https://reader031.vdocuments.mx/reader031/viewer/2022021905/5bb1f2e409d3f285758bb1f7/html5/thumbnails/1.jpg)
The Impending Complexity Apocalypse
El Apocalipsis de la Complejidad Inminente
Andy Ellis@csoandy
![Page 2: The Impending Complexity Apocalypse El … 201803.pdf · Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency,](https://reader031.vdocuments.mx/reader031/viewer/2022021905/5bb1f2e409d3f285758bb1f7/html5/thumbnails/2.jpg)
Tesis: Los humanos son ______ en la gestión del riesgo
Malos
Atroces
Terrible ConfundidoIncompetente
Incobrable
Horrible
Perplejo
![Page 3: The Impending Complexity Apocalypse El … 201803.pdf · Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency,](https://reader031.vdocuments.mx/reader031/viewer/2022021905/5bb1f2e409d3f285758bb1f7/html5/thumbnails/3.jpg)
Antithesis / Antítesis
Humans are awesome at risk management
Los humanos son excelentes en la gestión de riesgos
![Page 4: The Impending Complexity Apocalypse El … 201803.pdf · Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency,](https://reader031.vdocuments.mx/reader031/viewer/2022021905/5bb1f2e409d3f285758bb1f7/html5/thumbnails/4.jpg)
Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks.
A Story about Hydra / Una historia sobre hydra
![Page 5: The Impending Complexity Apocalypse El … 201803.pdf · Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency,](https://reader031.vdocuments.mx/reader031/viewer/2022021905/5bb1f2e409d3f285758bb1f7/html5/thumbnails/5.jpg)
Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks.
Decision Making: The OODA Loop : Tomando decisiones
Observe Orient
DecideAct
![Page 6: The Impending Complexity Apocalypse El … 201803.pdf · Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency,](https://reader031.vdocuments.mx/reader031/viewer/2022021905/5bb1f2e409d3f285758bb1f7/html5/thumbnails/6.jpg)
Why do people make “Bad” decisions?Stupid
Incomprehensible
Business Owner Security
Modal bias! / Sesgo modal!
![Page 7: The Impending Complexity Apocalypse El … 201803.pdf · Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency,](https://reader031.vdocuments.mx/reader031/viewer/2022021905/5bb1f2e409d3f285758bb1f7/html5/thumbnails/7.jpg)
Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks.
The Power of Models / El Poder de los Modelos
Observe Orient
DecideAct
Models / Modelos
² Context² Framing
² Expectations
² Contexto² Formulación
² Esperanzas de heredar
![Page 8: The Impending Complexity Apocalypse El … 201803.pdf · Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency,](https://reader031.vdocuments.mx/reader031/viewer/2022021905/5bb1f2e409d3f285758bb1f7/html5/thumbnails/8.jpg)
Historical paranoia / Paranoia histórica
![Page 9: The Impending Complexity Apocalypse El … 201803.pdf · Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency,](https://reader031.vdocuments.mx/reader031/viewer/2022021905/5bb1f2e409d3f285758bb1f7/html5/thumbnails/9.jpg)
Prisoner’s Dilemma / El Dilema del Prisionero
9
Cooperar Engañar
Coop
erate
Cheat
-3
-10
-1
-5
-3
-1
-10
-5
13%!
40%!If we believe our “partner” will cheat on us, we’ll cheat first.
¡Si creemos que nuestro compañero nos engañará, primero engañamos!
![Page 10: The Impending Complexity Apocalypse El … 201803.pdf · Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency,](https://reader031.vdocuments.mx/reader031/viewer/2022021905/5bb1f2e409d3f285758bb1f7/html5/thumbnails/10.jpg)
Actual Prisoners in a Dilemma / Prisioneros reales en un dilema
Cooperar Engañar
Coop
erate
Cheat
-3
-10
-1
-5
-3
-1
-10
-5
30%!
19%!Different communities have different expectations!
¡Diferentes comunidades tienen diferentes expectativas!
![Page 11: The Impending Complexity Apocalypse El … 201803.pdf · Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency,](https://reader031.vdocuments.mx/reader031/viewer/2022021905/5bb1f2e409d3f285758bb1f7/html5/thumbnails/11.jpg)
Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks.
Risky Business / Opciones Arriesgadas
Observe Orient
DecideAct
Models
² Costs² Fears² Expected
OutcomesRisks / Riesgos
² Confirmation bubbles
² Hindsight expectations
² Burbujas de confirmación
² Expectativasretrospectiva
² Costos² Miedos² Resultados
esperados
![Page 12: The Impending Complexity Apocalypse El … 201803.pdf · Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency,](https://reader031.vdocuments.mx/reader031/viewer/2022021905/5bb1f2e409d3f285758bb1f7/html5/thumbnails/12.jpg)
Cost Context Matters / El contexto personal es importante
Te dan una oportunidad para jugar un juego. Se lanzará un dado justo de 20 caras. Usted apuesta $X en un número; si su número se lanza, ustedmantiene su apuesta y vuelve 20 veces X; de lo contrario, pierdes tuapuesta. Su pago esperado es, por lo tanto, 1.05 veces su apuesta.¿Apostarías $ 10.000?¿Apostarías $ 100.000?¿Apostarías $ 1.000.000?¿Apostarías $ 10.000.000?¿Apostarías $ 100.000.000?¿Apostarías $ 1.000.000.000?Usted valora algo por lo que renuncia a obtenerlo (You value something by what you give up to get it).
![Page 13: The Impending Complexity Apocalypse El … 201803.pdf · Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency,](https://reader031.vdocuments.mx/reader031/viewer/2022021905/5bb1f2e409d3f285758bb1f7/html5/thumbnails/13.jpg)
Peltzman Effect / Efecto Peltzman / Compensación de Riesgo
R I
E S
G O
P
E R
C I
B I D
O
L A
R E
D U
C C
I Ó
N
D E
R
I E
S G
O S
![Page 14: The Impending Complexity Apocalypse El … 201803.pdf · Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency,](https://reader031.vdocuments.mx/reader031/viewer/2022021905/5bb1f2e409d3f285758bb1f7/html5/thumbnails/14.jpg)
Changing Risk Awareness / Cambiar la Conciencia del Riesgo
threat ignorance ignorancia de amenazas
known vulnerability riesgo conocido
“FUD” / “MID”
stealth improvements
mejoras secretasrisk reduction
reducción de riesgossecurity theater
teatro de seguridad
blind compliance cumplimientoobcecado
Awareness Conciencia
P E
R C
E I
V E
D /
P E
R C
I B
I D O
A C T U A L / R E A L
Para su comodidad y seguridad, antes de bañarse, asegúrese de que la alfombrade baño esté bien colocada y
que la cortina de la duchaesté dentro de la ducha.
![Page 15: The Impending Complexity Apocalypse El … 201803.pdf · Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency,](https://reader031.vdocuments.mx/reader031/viewer/2022021905/5bb1f2e409d3f285758bb1f7/html5/thumbnails/15.jpg)
Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks.
The Spotlight / El Centro de Atención
Observe Orient
DecideAct
Models
² Proximity² Novelty² Urgency
Risks
Attention / Atención
² Obscure costs² Complex returns
² Confirmation bubbles
² Hindsight expectations
² Proximidad² Novedad² Urgencia
² Costos oscuros² Devoluciones
complejas
![Page 16: The Impending Complexity Apocalypse El … 201803.pdf · Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency,](https://reader031.vdocuments.mx/reader031/viewer/2022021905/5bb1f2e409d3f285758bb1f7/html5/thumbnails/16.jpg)
Attention Filtration / Atención Filtración
![Page 17: The Impending Complexity Apocalypse El … 201803.pdf · Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency,](https://reader031.vdocuments.mx/reader031/viewer/2022021905/5bb1f2e409d3f285758bb1f7/html5/thumbnails/17.jpg)
Cognitive Blindness / Ceguera Cognitiva
¡Ignoramos lo esperado!We ignore the expected!
![Page 18: The Impending Complexity Apocalypse El … 201803.pdf · Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency,](https://reader031.vdocuments.mx/reader031/viewer/2022021905/5bb1f2e409d3f285758bb1f7/html5/thumbnails/18.jpg)
Recency Bias / Parcialidad de Recencia
![Page 19: The Impending Complexity Apocalypse El … 201803.pdf · Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency,](https://reader031.vdocuments.mx/reader031/viewer/2022021905/5bb1f2e409d3f285758bb1f7/html5/thumbnails/19.jpg)
Tribal Bias / Parcialidad Tribal
![Page 20: The Impending Complexity Apocalypse El … 201803.pdf · Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency,](https://reader031.vdocuments.mx/reader031/viewer/2022021905/5bb1f2e409d3f285758bb1f7/html5/thumbnails/20.jpg)
Surprise / Sorpresa
![Page 21: The Impending Complexity Apocalypse El … 201803.pdf · Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency,](https://reader031.vdocuments.mx/reader031/viewer/2022021905/5bb1f2e409d3f285758bb1f7/html5/thumbnails/21.jpg)
Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks.
The Response Playbook / Libro de Respuestas
Observe Orient
DecideAct
Models
² Practice² Repetitive² Low risk
Risks
Attention
Trained responsesRespuestas entrenadas
² Obscure costs² Complex returns
² Confirmation bubbles
² Hindsight expectations
² Distributed social networks
² Fast information flow
² Virtual proximity
² Vastas redessociales
² Flujo rápido de información
² Proximidadvirtual
² Preparación² Repetitivo² Riesgo bajo
![Page 22: The Impending Complexity Apocalypse El … 201803.pdf · Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency,](https://reader031.vdocuments.mx/reader031/viewer/2022021905/5bb1f2e409d3f285758bb1f7/html5/thumbnails/22.jpg)
System 1 vs System 2 / Sistema 1 vs Sistema 2
IZQUIERDADERECHAIZQUIERDADERECHAIZQUIERDA DERECHA
IZQUIERDA DERECHA
![Page 23: The Impending Complexity Apocalypse El … 201803.pdf · Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency,](https://reader031.vdocuments.mx/reader031/viewer/2022021905/5bb1f2e409d3f285758bb1f7/html5/thumbnails/23.jpg)
System 1 vs System 2 / Sistema 1 vs Sistema 2
IZQUIERDAIZQUIERDA IZQUIERDA
DERECHADERECHAIZQUIERDADERECHA
DERECHA
![Page 24: The Impending Complexity Apocalypse El … 201803.pdf · Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency,](https://reader031.vdocuments.mx/reader031/viewer/2022021905/5bb1f2e409d3f285758bb1f7/html5/thumbnails/24.jpg)
Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks.
Doing What We Know / Haciendo lo que Sabemos
Observe Orient
DecideAct
Models
Risks
Attention
Trained responses
² Repurposed responses
² Dunning-Kruger
² Respuestasreutilizadas
² Dunning-Kruger
![Page 25: The Impending Complexity Apocalypse El … 201803.pdf · Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency,](https://reader031.vdocuments.mx/reader031/viewer/2022021905/5bb1f2e409d3f285758bb1f7/html5/thumbnails/25.jpg)
Synthesis / Síntesis
Humans are situationally awesome at risk management.
En la situación correcta, los humanos son genialesen la gestión de riesgos.
![Page 26: The Impending Complexity Apocalypse El … 201803.pdf · Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency,](https://reader031.vdocuments.mx/reader031/viewer/2022021905/5bb1f2e409d3f285758bb1f7/html5/thumbnails/26.jpg)
Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks.
The End of the Right Situation / El Final de la Situación Correcta
Observe Orient
DecideAct
Models
² Vastas redessociales
² Flujo rápido de información
² Proximidadvirtual
Risks
Attention
Trained responses
² Burbujas de confirmación
² Expectativasretrospectiva
² Costos oscuros² Devoluciones
complejas
² Respuestasreutilizadas
² Dunning-Kruger
² Contexto² Formulación² Esperanzas de
heredar
² Preparación² Repetitivo² Riesgo bajo
² Proximidad² Novedad² Urgencia
² Costos² Miedos² Resultados
esperados