Lifestyle Hacking:

Lifestyle Hacking:
Social Networks and Gen Y Meet Security and Privacy
Moderator:
Gary McGraw
Cigital
Panelists:
Kim De Vries
Social Networking maven
Gillian Hayes
Assistant Professor of Informatics
UC Irvine
James Routh
Head of Global Application Security
JP Morgan Chase
Avi Rubin
Professor of Computer Science
Johns Hopkins University
Session ID: HOT-106
Session Classification: Intermediate
Introductions
• Kim De Vries
• Gillian Hayes
• Jim Routh
• Avi Rubin
• Gary McGraw
2
Pursuit of Productivity
3
The Players
Sandy from HR - Gillian
Howard the CISO - Avi
Benjamin the COO - Jim
4
Incident data trends
5
Employee Demographic Shift
• Average age of employee base: 31
• Average age of employees with < 3 years of
service: 24
• The new generation grew up on the Internet
6
Pursuit of Productivity
7
The Players
Sandy from HR - Gillian
Dylan from Sales- Avi
Misha from Tech - Kim
8
Panel questions
• do controls encourage breaking rules? is hacking
around controls a "gateway drug"?
• how do you define productivity?
• how do you balance maximum productivity against
tools that do genuinely cause productivity loss?
• what is the motivation for 20-somethings to access
various social networking sites?
• is there a line between purely social interaction and
professional interaction?
• is there a parallel to the history of phones in the
workplace?
9
So what?
• Social networking technologies often run counter
to controls
• Security professionals must carefully consider
the risks and benefits of these technologies
– Enable the business (don’t thwart it)
– Risk management tradeoffs are tricky but necessary
• If your answer is “no,” expect to be ignored
10