People Characteristics: A predictor of Cyber Security incidents?
-
Upload
hr-tech-world -
Category
Presentations & Public Speaking
-
view
1.919 -
download
3
Transcript of People Characteristics: A predictor of Cyber Security incidents?
Copyright of Shell International
HR Analytics Ana lyst
1
Peop le Character istics:A p red ictor of Cy ber Secur ity incidents?Ben Haw k esAssessment Lead, HR Analytics
25 October 2016Paris HR Tech World Congress
Vasil is Giagk oulas
Copyright of Shell International
DEFIN ITION S AN D CAUTION ARY N OTE
Reserves: Our use of the term “reserves” in this presenta tion means SEC proved oil and gas reserves.
Resources: Our use of the term “resources” in this presenta tion includes quantities of oil and gas not yet classified as SEC proved oil and gas reserves. Resources a re consistent with the Society of Petroleum Engineers 2P and 2C definitions.
Organic: Our use of the term Organic includes SEC proved oil and gas reserves excluding changes resulting from acquisitions, divestments and year-average pricing impact.
Resources plays: Our use of the term ‘resources plays’ refers to tight, sha le and coa l bed methane oil and gas acreage.
The companies in which Royal Dutch Shell plc directly and indirectly owns investments a re separa te entities. In this document “Shell”, “Shell group” and “Royal Dutch Shell” are sometimes used for convenience where references a re made to Royal
Dutch Shell plc and its subsidia ries in genera l. Likewise, the words “we”, “us” and “our” are a lso used to refer to subsidia ries in genera l or to those who work for them. These expressions a re a lso used where no useful purpose is served by
identifying the particula r company or companies. ‘‘Subsidia ries’’, “Shell subsidia ries” and “Shell companies” as used in this document refer to companies over which Royal Dutch Shell plc either directly or indirectly has control. Companies over
which Shell has joint control a re genera lly referred to as “joint ventures” and companies over which Shell has significant influence but neither control nor joint control a re referred to as “associa tes”. The term “Shell interest” is used for convenience
to indica te the direct and/ or indirect ownership interest held by Shell in a venture, partnership or company, a fter exclusion of a ll third-party interest.
This presenta tion conta ins forward-looking sta tements concerning the financia l condition, results of opera tions and businesses of Roya l Dutch Shell. All sta tements other than sta tements of historica l fact a re, or may be deemed to be, forward-
looking sta tements. Forward-looking sta tements a re sta tements of future expecta tions tha t a re based on management’s current expecta tions and assumptions and involve known and unknown risks and uncerta inties tha t could cause actua l results,
performance or events to differ materia lly from those expressed or implied in these sta tements. Forward-looking sta tements include, among other things, sta tements concerning the potentia l exposure of Royal Dutch Shell to market risks and
sta tements expressing management’s expecta tions, beliefs, estimates, forecasts, projections and assumptions. These forward-looking sta tements a re identified by their use of terms and phrases such as ‘‘anticipa te’’, ‘‘believe’’, ‘‘could’’, ‘‘estimate’’,
‘‘expect’’, ‘‘intend’’, ‘‘may’’, ‘‘plan’’, ‘‘objectives’’, ‘‘outlook’’, ‘‘probably’’, ‘‘project’’, ‘‘will’’, ‘‘seek’’, ‘‘ta rget’’, ‘‘risks’’, ‘‘goals’’, ‘‘should’’ and simila r terms and phrases. There a re a number of factors tha t could a ffect the future opera tions of Roya l
Dutch Shell and could cause those results to differ materia lly from those expressed in the forward-looking sta tements included in this presenta tion, including (without limita tion): (a ) price fluctua tions in crude oil and na tura l gas; (b) changes in
demand for Shell’s products; (c) currency fluctua tions; (d) drilling and production results; (e) reserves estimates; (f) loss of market share and industry competition; (g) environmenta l and physica l risks; (h) risks associa ted with the identifica tion of
suitable potentia l acquisition properties and ta rgets, and successful negotia tion and completion of such transactions; (i) the risk of doing business in developing countries and countries subject to interna tiona l sanctions; (j) legisla tive, fisca l and
regula tory developments including potentia l litiga tion and regula tory measures as a result of climate changes; (k) economic and financia l market conditions in various countries and regions; (l) politica l risks, including the risks of expropria tion and
renegotia tion of the terms of contracts with governmenta l entities, delays or advancements in the approva l of projects and delays in the reimbursement for shared costs; and (m) changes in trading conditions. All forward-looking sta tements
conta ined in this presenta tion a re expressly qua lified in their entirety by the cautionary sta tements conta ined or referred to in this section. Readers should not place undue reliance on forward-looking sta tements. Additiona l factors tha t may a ffect
future results a re conta ined in Royal Dutch Shell’s 20-F for the year ended 31 December, 2015 (ava ilable a t www.shell.com/ investor and www.sec.gov ). These factors a lso should be considered by the reader. Each forward-looking sta tement
speaks only as of the da te of this presenta tion, 25 October, 2016. Neither Royal Dutch Shell nor any of its subsidia ries undertake any obliga tion to publicly upda te or revise any forward-looking sta tement as a result of new information, future
events or other information. In light of these risks, results could differ materia lly from those sta ted, implied or inferred from the forward-looking sta tements conta ined in this presenta tion. There can be no assurance tha t dividend payments will
match or exceed those set out in this presenta tion in the future, or tha t they will be made a t a ll.
We use certa in terms in this presenta tion, such as discovery potentia l, tha t the United Sta tes Securities and Exchange Commission (SEC) guidelines strictly prohibit us from including in filings with the SEC. U.S. Investors a re urged to consider
closely the disclosure in our Form 20-F, File No 1-32575, ava ilable on the SEC website www.sec.gov. You can a lso obta in this form from the SEC by ca lling 1-800-SEC-0330.
25 October 2016 2Paris HR Tech World Congress
Copyright of Shell International
Cy ber Secur ity in Shell: Back ground
25 October 2016 3Paris HR Tech World Congress
Copyright of Shell International 25 October 2016 4Paris HR Tech World Congress
How do Peop le Character istics in f luence Cy ber Secur ity incidents?
Copyright of Shell International CONFIDENTIAL
Copyright of Shell International
Cy ber Secur ity in Shell: The landscape
% People Phished
25 October 2016 5Paris HR Tech World Congress
% People with Virus
1 2 3 4 5 or more# Virus0 1 2
Copyright of Shell International
Assessing the im pact of ind iv idua l character istics over Cy ber Secur ity :The case of Tenure in Shell.
0 5 10 15 20 25 30 35 40Tenure in Years
Phished Virus
25 October 2016 6Paris HR Tech World Congress
Copyright of Shell International
Assessing the im pact of ind iv idua l character istics over Cy ber Secur ity :The case of Sk il ls and Ty pe of Assignm ent.
Skill Set A Skill Set B Skill Set C Skill Set D6 October 2016 7Shell HR Analytics
Assignment Type 1 Assignment Type 2 Assignment Type 3
? ?
Copyright of Shell International 25 October 2016 8Paris HR Tech World Congress
How can a ll elem ents be com b ined to p red ict Cy ber Secur ity incidents?
Copyright of Shell International
𝐘𝐘 = 𝛂𝛂 � 𝐗𝐗𝟏𝟏 + 𝛃𝛃 � 𝐗𝐗𝟐𝟐 + 𝛄𝛄 � 𝐗𝐗𝟑𝟑 + ⋯+ 𝐗𝐗1:𝐗𝐗2 + 𝐗𝐗1:𝐗𝐗𝟓𝟓 + ⋯+ 𝛆𝛆
HR Ana ly tics: Pred icting Cy ber Secur ity incidents using trad it iona l sta tistics
25 October 2016 9Paris HR Tech World Congress
Cyber Behavior
Age
Tenure
Potential
Interaction: Age-Tenure
Interaction: Age-Potential
Cybe
r Beh
avio
r
Copyright of Shell International
HR Ana ly tics: Pred icting Cy ber Secur ity incidents using Random Forests
25 October 2016 10Paris HR Tech World Congress
Age
BusinessHost
Phished Age Tenure Nationality
Phished Gender Base Host
PhishedSkillset Hierarchy Potential Phished
SkillsetAgeAge
Gender
GenderNationality Nationality HierarchyBusiness Phished
Gender
Phished
Skillset
Copyright of Shell International
HR Ana ly tics: Pred icting Cy ber Secur ity incidents using Random Forests
25 October 2016 11Paris HR Tech World Congress
Host
AgePhished Gender Base
Tenure NationalityBusiness Skillset
Age
Skillset Host
Copyright of Shell International 25 October 2016 12Paris HR Tech World Congress
By ta rgeting less than 30% of the em p loy ees, w e successfully cover m ore than 50% of potentia l Cy ber Secur ity incidents.
Copyright of Shell International
Case Study : Dep loy ing a ta rgeted aw areness cam pa ign to those m ost l ik ely to dem onstra te a h igh r isk cy ber behav ior
25 October 2016 13Paris HR Tech World Congress
53%
84%
47%
16%
57%
As Is Targeted group Future State
Targeted
Incident
No Incident
Copyright of Shell International 25 October 2016 14Paris HR Tech World Congress
Reduced enterp r ise r isk Increased p roductiv ity Increased ef f iciency of
aw areness cam pa igns