Design Thinking in ICT security - Business Aspect · Delivering business value from a fresh...
Transcript of Design Thinking in ICT security - Business Aspect · Delivering business value from a fresh...
![Page 1: Design Thinking in ICT security - Business Aspect · Delivering business value from a fresh approach. Difficulties for security Afterthought Fixing a problem, not designing a feature](https://reader033.fdocuments.us/reader033/viewer/2022051909/5ffd168ef3d9801575127564/html5/thumbnails/1.jpg)
Design Thinking in ICT security
Delivering business value
from a fresh approach
![Page 2: Design Thinking in ICT security - Business Aspect · Delivering business value from a fresh approach. Difficulties for security Afterthought Fixing a problem, not designing a feature](https://reader033.fdocuments.us/reader033/viewer/2022051909/5ffd168ef3d9801575127564/html5/thumbnails/2.jpg)
Difficulties for security Afterthought
Fixing a problem, not
designing a feature
Overhead, Hindrance,
Inconvenience
Jarring for users
Not part of product
design
Can Design Thinking
help?
![Page 3: Design Thinking in ICT security - Business Aspect · Delivering business value from a fresh approach. Difficulties for security Afterthought Fixing a problem, not designing a feature](https://reader033.fdocuments.us/reader033/viewer/2022051909/5ffd168ef3d9801575127564/html5/thumbnails/3.jpg)
What is design thinking?
‘the collaborative process by which the
designer’s sensibilities and methods are
employed to match people’s needs with
what is technically feasible and a
viable business strategy.’ – Tim Brown
Ideo.
Reliability Intuition
Design
Thinking
Science Art
![Page 4: Design Thinking in ICT security - Business Aspect · Delivering business value from a fresh approach. Difficulties for security Afterthought Fixing a problem, not designing a feature](https://reader033.fdocuments.us/reader033/viewer/2022051909/5ffd168ef3d9801575127564/html5/thumbnails/4.jpg)
Build rapid prototypes
of ideas, focused on a
particular area.
‘Lo-fidelity’ to show
potential - not
problems.
Design thinking approach
Gain basic knowledge
to ask the right
questions.
Empathy with target
users. Watch what
they do, not what
they say. Ask “why?”
Develop a point of
view statement.
User + need + insight
Based on POV,
generate as many
ideas as possible.
Take findings from
prototypes back to
assumptions and
validate.
http://www.slideshare.net/mikeyk/intro-to-design-thinking
Understand Observe Synthesise Ideate Prototype Iterate
Inspiration Ideation Implementation
![Page 5: Design Thinking in ICT security - Business Aspect · Delivering business value from a fresh approach. Difficulties for security Afterthought Fixing a problem, not designing a feature](https://reader033.fdocuments.us/reader033/viewer/2022051909/5ffd168ef3d9801575127564/html5/thumbnails/5.jpg)
Design thinking works
http://ns-design.com/sherwinwilliams.php
![Page 6: Design Thinking in ICT security - Business Aspect · Delivering business value from a fresh approach. Difficulties for security Afterthought Fixing a problem, not designing a feature](https://reader033.fdocuments.us/reader033/viewer/2022051909/5ffd168ef3d9801575127564/html5/thumbnails/6.jpg)
Education Insight
http://moraveji.org/projects_med.html
User
+
Need
+
Insight
![Page 7: Design Thinking in ICT security - Business Aspect · Delivering business value from a fresh approach. Difficulties for security Afterthought Fixing a problem, not designing a feature](https://reader033.fdocuments.us/reader033/viewer/2022051909/5ffd168ef3d9801575127564/html5/thumbnails/7.jpg)
Can Design
Thinking be
applied to ICT
security?
Hint – the traffic cop
approach is not the
best answer...
![Page 8: Design Thinking in ICT security - Business Aspect · Delivering business value from a fresh approach. Difficulties for security Afterthought Fixing a problem, not designing a feature](https://reader033.fdocuments.us/reader033/viewer/2022051909/5ffd168ef3d9801575127564/html5/thumbnails/8.jpg)
Consumer
Choice
Employee
Rule (ouch)
![Page 9: Design Thinking in ICT security - Business Aspect · Delivering business value from a fresh approach. Difficulties for security Afterthought Fixing a problem, not designing a feature](https://reader033.fdocuments.us/reader033/viewer/2022051909/5ffd168ef3d9801575127564/html5/thumbnails/9.jpg)
Tactical
security models
hurt users
Benefits are
invisible
Security as
strategy?
![Page 10: Design Thinking in ICT security - Business Aspect · Delivering business value from a fresh approach. Difficulties for security Afterthought Fixing a problem, not designing a feature](https://reader033.fdocuments.us/reader033/viewer/2022051909/5ffd168ef3d9801575127564/html5/thumbnails/10.jpg)
Behaviour on unseen risks
http://www.youtube.com/watch?v=h-8PBx7isoM
![Page 11: Design Thinking in ICT security - Business Aspect · Delivering business value from a fresh approach. Difficulties for security Afterthought Fixing a problem, not designing a feature](https://reader033.fdocuments.us/reader033/viewer/2022051909/5ffd168ef3d9801575127564/html5/thumbnails/11.jpg)
ANZ Security
http://www.youtube.com/watch?v=Fqr7-9dT17E
![Page 12: Design Thinking in ICT security - Business Aspect · Delivering business value from a fresh approach. Difficulties for security Afterthought Fixing a problem, not designing a feature](https://reader033.fdocuments.us/reader033/viewer/2022051909/5ffd168ef3d9801575127564/html5/thumbnails/12.jpg)
Checkin security
User
+
Need
+
Insight
![Page 13: Design Thinking in ICT security - Business Aspect · Delivering business value from a fresh approach. Difficulties for security Afterthought Fixing a problem, not designing a feature](https://reader033.fdocuments.us/reader033/viewer/2022051909/5ffd168ef3d9801575127564/html5/thumbnails/13.jpg)
Conditions for design thinking
• Needs different kind of
leadership
– Promote exploitation and
exploration
– Move away from reliability and
onto validity
• If you’re not the CEO
– Become a design champion
– Stance, tools, experiences
![Page 14: Design Thinking in ICT security - Business Aspect · Delivering business value from a fresh approach. Difficulties for security Afterthought Fixing a problem, not designing a feature](https://reader033.fdocuments.us/reader033/viewer/2022051909/5ffd168ef3d9801575127564/html5/thumbnails/14.jpg)
How can You become a
design thinker? • Stance
– Step away from reliability model
– Priority on seeking validity and
advances in knowledge
• Tools
– Noticing, analysing, synthesising
• Experiences
– Mastery of local domain
– Continuous improvement
– External models which can help
![Page 15: Design Thinking in ICT security - Business Aspect · Delivering business value from a fresh approach. Difficulties for security Afterthought Fixing a problem, not designing a feature](https://reader033.fdocuments.us/reader033/viewer/2022051909/5ffd168ef3d9801575127564/html5/thumbnails/15.jpg)
Flow Stance - who am
I and what am I
trying to achieve?
Tools – what do I use to
organise my thinking
and understand the
world?
Experiences – what
can I use to build
my selection of
sensitivities and
skill?
Guide
Inform
Guide
Inform
![Page 16: Design Thinking in ICT security - Business Aspect · Delivering business value from a fresh approach. Difficulties for security Afterthought Fixing a problem, not designing a feature](https://reader033.fdocuments.us/reader033/viewer/2022051909/5ffd168ef3d9801575127564/html5/thumbnails/16.jpg)
Takeaways
• Design thinking promotes
divergent approaches in business
• Involves thinkers from across the
business
• Creates conditions for revolution,
gets out of evolution.
• Security needs to play in the
business to get the benefits
• Security projects become change
projects too!
![Page 17: Design Thinking in ICT security - Business Aspect · Delivering business value from a fresh approach. Difficulties for security Afterthought Fixing a problem, not designing a feature](https://reader033.fdocuments.us/reader033/viewer/2022051909/5ffd168ef3d9801575127564/html5/thumbnails/17.jpg)
Some reading