storytelli storytelling ng in in infosec infosec
play

Storytelli Storytelling ng in in Infosec Infosec (Draft aft of) - PowerPoint PPT Presentation

Aug 20, 2022 •46 likes •566 views

Dr. med. Christina Czeschik www.serapion.de Storytelli Storytelling ng in in Infosec Infosec (Draft aft of) a Pr Practical ctical Guide ide BalCCon 2k17 Sept 16, 2017, Novi Sad How to Make Users Behave Safely? Explain things to them?

  1. Dr. med. Christina Czeschik www.serapion.de Storytelli Storytelling ng in in Infosec Infosec (Draft aft of) a Pr Practical ctical Guide ide BalCCon 2k17 Sept 16, 2017, Novi Sad

  2. How to Make Users Behave Safely?

  3. Explain things to them? Source: http://www.simonmgarrett.com/career/lecturing-and-training/

  4. Take away their permissions? Source: https://www.ibm.com/developerworks/community/blogs/idsteam/entry/oat_311_login?lang=en

  5. Threaten them with heavy objects?

  6. A better way: Tell a story.

  7. Why Storytelling Works

  8. Evolutionary Advantage?

  10. Evolutionary Advantage! Sources: http://untappedcities.com/2013/06/20/discover-cave-paintings-in-baja-california-mexico-near-loreto/, https://owlcation.com/stem/The-Saber-Tooth-Tiger

  11. Why we remember stories … … better than stand-alone facts: 1. They raise attention! Source: http://www.i-am-bored.com/2015/08/call-him-a-crazy-cat-person-one-more-time-pic.html

  12. Why we remember stories … … better than stand-alone facts: 2. They organize knowledge. Source: https://www.commonsensemedia.org/tv-reviews/scrubs

  13. Why we remember stories … … better than stand-alone facts: 3. They offer self-reference. Source: http://www.dailymail.co.uk/news/article-2044620/School-bans-children-putting-hands-class--tells-pupils-Fonz- thumbs-instead.html

  14. Why we remember stories … … better than stand-alone facts: 3. They offer self-reference. … commonly known as the answer to the question: "WTF will I ever need that for?" Source: http://www.dailymail.co.uk/news/article-2044620/School-bans-children-putting-hands-class--tells-pupils-Fonz- thumbs-instead.html

  15. Why we remember stories … … better than stand-alone facts: 4. They invoke emotions.

  16. What Is a Story?

  17. What is a story? Sources: http://edtech2.boisestate.edu/weltys/502/conceptmap.html

  18. What is a story? Protagonist Source: http://250bpm.com/blog:45

  19. What is a story? Joseph Campbell, The Power of Myth (1988) Sources: http://www.yourheroicjourney.com/, https://britannica.com/biography/Joseph-Campbell-American-author

  20. Working definition: Humans

  21. Working definition: Humans doing

  22. Working definition: Humans doing stuff.

  23. Types of Stories

  24. Types of Stories Narrative Case Study Scenario Problem-based Learning

  25. Types of Stories Emotion Narrative Case Study Scenario Problem-based Learning Analysis

  26. Narrative Example: Source: https://snowdenfilm.com

  27. Case Study Example: Source: https://www.heise.de/newsticker/meldung/Trojaner-im-OP-wie-ein-Krankenhaus-mit-den-Folgen- lebt-3617880.html

  28. Scenario Example: Source: http://news.softpedia.com/news/petya-ransomware-uses-dos-level-lock-screen-prevents-os-boot- up-502166.shtml#sgal_2

  29. Problem-based Learning Example: Source: http://www.csoonline.com/article/3175503/leadership-management/congrats-you-re-the-new-ciso- now-what.html

  30. Metaphors and Analogies

  31. Narratives, Case Studies and Scenarios … can be real, but don't have to be. They can also be analogies from other fields than infosec.

  32. Narratives, Case Studies and Scenarios … can be real, but don't have to be. They can also be analogies from other fields than infosec. In fact, that may be better .

  33. Source: http://memory-alpha.wikia.com/wiki/Q_Continuum?file=Q_Continuum_ranch_house.jpg

  34. (By the way …) Happy 30th Birthday, Q! … on September 28, 2017

  35. So… Where Do We Get Our Stories From?

  36. Myths and Legends (Of course.)

  37. Myths and Legends Peace be within your walls and security within your towers! Psalm 122:7 Source: http://www.ebrahma.com/2015/04/firewall-basic-concepts/

  38. Myths and Legends For you say, I am rich, I have prospered, and I need nothing, not realizing that you are wretched, pitiable, poor, blind, and naked. Revelation 3:17 Source: http://www.macworld.co.uk/review/mac-laptops/apple-macbook-air-mid-2017-review-3659879/

  39. The Analogies Project www.theanalogiesproject.org

  40. The Analogies Project

  41. The Analogies Project Rapunzel – lessons learned: Biometric access control can be fooled. Even if Especially when the system is human. Source: https://theanalogiesproject.org/the-analogies/rapunzel/

  42. The Analogies Project Rumpelstiltskin – lessons learned: Do not sing your passwords when dancing around a campfire. (Not even on BalCCon. Seriously.) Source: https://theanalogiesproject.org/the-analogies/rumpelstiltskin-a-lesson-in-password-security/

  43. The Analogies Project Infosec is like sun protection: Lotion won't prevent heatstroke Hat won't prevent sunburn  You need more than one protection. (Or you can just stay offline – lock yourself in your apartment all summer …) Source: https://theanalogiesproject.org/the-analogies/infosec-like-sun-protection/

  44. TV Tropes www.tvtropes.org

  45. TV Tropes A trope is a - storytelling device or convention, - a shortcut for describing situations the storyteller can reasonably assume the audience will recognize.

  46. TV Tropes !!! Source: http://tvtropes.org/pmwiki/pmwiki.php/Main/MagicalComputer

  47. TV Tropes !!! Source: http://tvtropes.org/pmwiki/pmwiki.php/Main/HollywoodHacking

  48. TV Tropes !!! Source: http://tvtropes.org/pmwiki/pmwiki.php/Main/HollywoodHacking

  49. TV Tropes !!! Source: http://tvtropes.org/pmwiki/pmwiki.php/Main/ApologisesALot

  50. TV Tropes !!! Source: http://tvtropes.org/pmwiki/pmwiki.php/Main/YouDidntAsk

  51. TV Tropes Source: http://tvtropes.org/pmwiki/pmwiki.php/Main/RaceAgainstTheClock

  52. Thank you for your attention! Christina Czeschik www.serapion.de czeschik@serapion.de Twitter: @serapionblog

Recommend

InfoSec Training and Awareness Program Training & Employee InfoSec Yearly In-person

InfoSec Training and Awareness Program Training & Employee InfoSec Yearly In-person

InfoSec Training and Awareness Program Training & Employee InfoSec Yearly In-person Whitepapers, InfoSec Spear Awareness Comms Intranet Site Security Security Brochures E-mailbox Phishing Awareness Awareness Exercises

389 views • 36 slides
InfoSec Ninjas Croissants Intrusion Detection and Prevention System (IDPS) InfoSec Ninjas Who

InfoSec Ninjas Croissants Intrusion Detection and Prevention System (IDPS) InfoSec Ninjas Who

InfoSec Ninjas Croissants Intrusion Detection and Prevention System (IDPS) InfoSec Ninjas Who am I? Samiux is an Information Security Enthusiast. - OSCE, OSCP, OSWP - Blogger - Linux user Hobbies : - Programming - Reading

261 views • 12 slides
Flex your Flex your InfoSec InfoSec muscles! muscles! Zuzana Bitterova Zuzana Bitterova

Flex your Flex your InfoSec InfoSec muscles! muscles! Zuzana Bitterova Zuzana Bitterova

Flex your Flex your InfoSec InfoSec muscles! muscles! Zuzana Bitterova Zuzana Bitterova This presentation is about Passion This presentation is NOT about Embracing change how to become an expert in the information security area

975 views • 49 slides
So basically same as a lot of us here: Wants to do cool InfoSec stuff, Wants to Stay out of Jail

So basically same as a lot of us here: Wants to do cool InfoSec stuff, Wants to Stay out of Jail

Changing Legal Landscape for Infosec Who I am: Elissa Shevinsky CEO of Jekudo Privacy Company @ElissaBeth and @Jekudo_Cat on Twitter Writer/Journalist Cautious Security Researcher So basically same as a lot of us here: Wants to do cool

472 views • 17 slides
HTTP/2 & InfoSec Anderson Dadario Topics HTTP Today Why HTTP/2 How it works

HTTP/2 & InfoSec Anderson Dadario Topics HTTP Today Why HTTP/2 How it works

HTTP/2 & InfoSec Anderson Dadario Topics HTTP Today Why HTTP/2 How it works What is relevant to your InfoSec job 2 HTTP Today Using HTTP 1.1 since 1997 / 1999 Connection: keep-alive Head of Line

376 views • 21 slides
Statewide IT, InfoSec and Privacy Update S eptember 2019 Re c e nt Suc c e sse s o f Sha re d

Statewide IT, InfoSec and Privacy Update S eptember 2019 Re c e nt Suc c e sse s o f Sha re d

Statewide IT, InfoSec and Privacy Update S eptember 2019 Re c e nt Suc c e sse s o f Sha re d Se rvic e s $71,000 pe r ye ar for age nc ie s as we ll as $1.2 million in c ost avoide d by not ope r ating the DT O Pr int and Mail fac

327 views • 13 slides
Fig Leaf Security @haroonmeer - 2011 #disclaimer Who am i ? & Why this talk? A

Fig Leaf Security @haroonmeer - 2011 #disclaimer Who am i ? & Why this talk? A

Fig Leaf Security @haroonmeer - 2011 #disclaimer Who am i ? & Why this talk? A chance to meet our heroes! like Simple Nomad! thegnome: we expected thegnome: we got beard this is my rant.. The infosec industry ZA infosec

1.09k views • 64 slides
InfoSec 101 Introduction to Information Security for (non-IT) Professionals Fabian Lischka,

InfoSec 101 Introduction to Information Security for (non-IT) Professionals Fabian Lischka,

InfoSec 101 Introduction to Information Security for (non-IT) Professionals Fabian Lischka, Larry Salibra, Leonhard Weese FCC, Hong Kong, 2015-02-26 V0.97 from 2015-03-12 Content I n t r o d u c t i o n D i s c l a i m e r s

421 views • 30 slides
Cheapskate! Free and Excellent Infosec Career Resources Nathan Chan, CISSP C|EH 2019 Oct 11 1

Cheapskate! Free and Excellent Infosec Career Resources Nathan Chan, CISSP C|EH 2019 Oct 11 1

Cheapskate! Free and Excellent Infosec Career Resources Nathan Chan, CISSP C|EH 2019 Oct 11 1 / 48 Who Am I Three careers Flight Simulation both trainers and engineering Software Tester Security Worked in defense,

777 views • 48 slides
SirepRAT Windows IoT Core Abusing a Windows service for RCE About Me 7+ years in InfoSec

SirepRAT Windows IoT Core Abusing a Windows service for RCE About Me 7+ years in InfoSec

SirepRAT Windows IoT Core Abusing a Windows service for RCE About Me 7+ years in InfoSec Security Researcher @Safebreach Presented at DEFCON, DEEPSEC, Hackfest @bemikre Contents 1. Windows IoT Core 2. Live SirepRAT

967 views • 74 slides
INFOSEC: TOdayS INvISIblE baTTlESpaCE CapT JErad SaylEr, USaF Chief of Offensive Cyber

INFOSEC: TOdayS INvISIblE baTTlESpaCE CapT JErad SaylEr, USaF Chief of Offensive Cyber

INFOSEC: TOdayS INvISIblE baTTlESpaCE CapT JErad SaylEr, USaF Chief of Offensive Cyber Operations Work at HQ Air Force Space Command Grew up in Beulah, ND Commissioned 2009 from UND ROTC program Computer Science Degree from

645 views • 18 slides
Reversing P25 Radio Scanners Let's beat a dead horse. Super Quick Presentation Founder of

Reversing P25 Radio Scanners Let's beat a dead horse. Super Quick Presentation Founder of

Reversing P25 Radio Scanners Let's beat a dead horse. Super Quick Presentation Founder of an obscurely named infosec company (see footer) founded at the end of 2011 infosec dev, pentests president, lead coder, chief janitor

405 views • 37 slides
A Recareering Framework @fuzzing_panda A Recareering Framework 1. Framework a. Recon b.

A Recareering Framework @fuzzing_panda A Recareering Framework 1. Framework a. Recon b.

A Recareering Framework @fuzzing_panda A Recareering Framework 1. Framework a. Recon b. Vulnerability Analysis c. Exploitation 2. Life Hack 3. A word to the wise history | grep -v infosec history | grep -v infosec How did I recareer into

697 views • 21 slides
Smart Grid IoT Security Kwaku Sarpong Manu About Me Computer Engineer Novice InfoSec researcher

Smart Grid IoT Security Kwaku Sarpong Manu About Me Computer Engineer Novice InfoSec researcher

Smart Grid IoT Security Kwaku Sarpong Manu About Me Computer Engineer Novice InfoSec researcher Signals Intelligence Cyanide and Happiness junkie Twitter: @_kwaku__ Electricity, Water and Gas What is Smart Grid IoT? Internet of things

764 views • 21 slides
iPanSec.com SOAPA Dashboard Smart InfoSec Automation Zero Trust Assurance Suite SOAPA

iPanSec.com SOAPA Dashboard Smart InfoSec Automation Zero Trust Assurance Suite SOAPA

iPanSec.com SOAPA Dashboard Smart InfoSec Automation Zero Trust Assurance Suite SOAPA Dashboard Integrated with Network Layer (PacketX , UPAS) Field WiFi /BLE /ZigBee Layer (ArcRan iSecMaster) Endpoint Layer (Comodo)

549 views • 13 slides
. IoT or Internet of {Things,Threats} Thomas (@nyx__o) Malware Researcher at ESET CTF lover

. IoT or Internet of {Things,Threats} Thomas (@nyx__o) Malware Researcher at ESET CTF lover

. IoT or Internet of {Things,Threats} Thomas (@nyx__o) Malware Researcher at ESET CTF lover Open source contributor Olivier (@obilodeau) Malware Researcher at ESET Infosec lecturer at ETS University in Montreal Previously infosec

1.25k views • 104 slides
InfoSec Cinema Rogue One: a Star Wars Story 26 th of April 2018 WELCOME! Important No fire

InfoSec Cinema Rogue One: a Star Wars Story 26 th of April 2018 WELCOME! Important No fire

InfoSec Cinema Rogue One: a Star Wars Story 26 th of April 2018 WELCOME! Important No fire alarms planned today Description of the activity Short description of the activity (this) Movie Screening Discussion Purpose of the

500 views • 33 slides
RFID Hacking Live Free or RFID Hard 24 Mar 2015 InfoSec World 2015 Orlando, FL Presen

RFID Hacking Live Free or RFID Hard 24 Mar 2015 InfoSec World 2015 Orlando, FL Presen

RFID Hacking Live Free or RFID Hard 24 Mar 2015 InfoSec World 2015 Orlando, FL Presen sented ed b by: Francis Brown & Rob Ragan Bishop Fox www.bishopfox.com Agenda O V E R V I E W Qu Quic ick k Over erview ew

853 views • 57 slides
Infosec & counter-surveillance writing what powerful people don't want written means you have

Infosec & counter-surveillance writing what powerful people don't want written means you have

Infosec & counter-surveillance writing what powerful people don't want written means you have something to hide Arjen Kamphuis arjen@gendo.ch Have you been using: Have you been using: e-mail e-mail video or voice chat video or voice

511 views • 50 slides
InfoSec and Privacy Professional Development SAP Success Factors Learning Management System

InfoSec and Privacy Professional Development SAP Success Factors Learning Management System

InfoSec and Privacy Professional Development SAP Success Factors Learning Management System What a learning management system can do for you MySCLearning Agenda Overview of LMS Functionality Review purpose of the LMS Overview of

724 views • 48 slides
Storytelling & Designing Immersive Experiences Lecture 7 IML 499 Storytelling Why is

Storytelling & Designing Immersive Experiences Lecture 7 IML 499 Storytelling Why is

Storytelling & Designing Immersive Experiences Lecture 7 IML 499 Storytelling Why is storytelling important in UX? How does the concept of narrative work in digital product design? Why Good Storytelling Helps You Design Great

522 views • 17 slides
STORYTELLING STORYTELLING IS THE INTERACTIVE ART OF USING WORDS AND ACTIONS TO REVEAL THE

STORYTELLING STORYTELLING IS THE INTERACTIVE ART OF USING WORDS AND ACTIONS TO REVEAL THE

STORYTELLING STORYTELLING IS THE INTERACTIVE ART OF USING WORDS AND ACTIONS TO REVEAL THE ELEMENTS AND IMAGES OF A STORY WHILE ENCOURAGING THE LISTENERS IMAGINATION. STORYTELLING APPLICATIONS FIRST PERSON TRUE EXPERIENCE

224 views • 18 slides
Transmedia Storytelling Liz Ellis & Kristen Reid TRANSMEDIA STORYTELLING Plan for the

Transmedia Storytelling Liz Ellis & Kristen Reid TRANSMEDIA STORYTELLING Plan for the

Transmedia Storytelling Liz Ellis & Kristen Reid TRANSMEDIA STORYTELLING Plan for the session What is storytelling? Making a MOOC Table discussion & plenary Using assets to tell a story The Grande Narrative WHAT IS STORYTELLING?

281 views • 10 slides
G r o w i n g C o m p l e x i t y Source: Obregon, L. (2015). Secure

G r o w i n g C o m p l e x i t y Source: Obregon, L. (2015). Secure

G r o w i n g C o m p l e x i t y Source: Obregon, L. (2015). Secure architecture for industrial control systems. SANS Institute InfoSec Reading Room . Source:

739 views • 26 slides

More recommend