We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byTurner Vardell
Modified over 2 years ago
© Peter Readings 2007 1 Data Leakage Pete Readings CISSP
© Peter Readings 20072 DATA LEAKAGE – WHAT IS IT? Leakage describes an unwanted loss of something which escapes from its proper location 1 Or, in information asset terms, the compromise of confidentiality or availability of data (electronic or hardcopy) 1 WWW.WIKIPEDIA.ORG
© Peter Readings 20073 DATA LEAKAGE – WHY DOES IT HAPPEN? Malicious/Intentional Variety of motives Intellectual Property theft Identity theft Revenge Internal/External Can be difficult to prevent or detect “Copy” v. “Move” Accidental Carelessness Thoughtlessness Ignorance Secondary effect of other event
© Peter Readings 20074 DATA LEAKAGE – HOW DOES IT HAPPEN? Where do we start? Shoulder surfing Email Instant Messenger PDA BlackBerry Mobile phone Portable media Digital camera Keylogging Eavesdropping Social engineering Malware P2P sharing Dumpster diving Computer disposal Backup tapes Intrusion Password compromise Weak technical security Inadequate privilege management And so on and on and on Depressed yet?
© Peter Readings 20075 DATA LEAKAGE – WHY DO WE CARE? Loss of competitive advantage Reputational damage Civil liability Legal exposure Regulatory action Those firewalls cost money
© Peter Readings 20076 DATA LEAKAGE – WHEN IT HAPPENS… Incident triage Assess impact Single incident/ongoing Determine appropriate action Assess likelihood of repetition Mitigate impact Identification of source Communication Affected parties Regulatory bodies Law Enforcement Prevention Change passwords Suspend accounts Detection Enable logging Review logs Prevent recurrence Reinforce policies Enhance controls
© Peter Readings 20077 DATA LEAKAGE – IT’S A PROBLEM A quarter of businesses have had IP or confidential proprietary information stolen in the last 12 months. Source: 2005 E-Crime Watch Survey
© Peter Readings 20078 DATA LEAKAGE – WHAT CAN DO WE DO ABOUT IT? People Awareness Responsibility and accountability – and ownership Policy Data classification is fundamental! Data retention Clear guidance on protecting sensitive data Risk based – evolving with emerging threats Privileged access Process Consistent Understood Performing Handling of media Incident reporting Incident response & management Technology Encryption Storage and transmission Biometrics Remote “kill” Data cleansing Incident detection – what’s permeating through the perimeter?
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
David Cronkright Chuck Dudinetz Paul Jones Corporate Auditing The Dow Chemical Company February 16, 2012 Auditing Protection of Intellectual Property.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Security considerations for mobile devices in GoRTT Dearl Bain, Security & Assurance Unit 18 April, 2013.
Data Security Overview. Data Security Periphery –Firewalls –Web Filtering –Intrusion Detection & Prevention Internal –Virus Protection –Anti Spy-ware.
Information Systems Security Operations Security Domain #9.
Women in Technology 2009 Mary Henthorn. Security Prevent loss, theft, or inappropriate access Privacy Ensure freedom from intrusion or disturbance Security.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
1 Session 3 – Information Security Policies. 2 General - background How to establish security requirements –Risk assessments –Legal, statutory requirements.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Definition s a set of actions taken to prevent or minimize adverse consequences to assets an entity of importance a weakness in the security system to.
Information Security Policies and Standards Bryan McLaughlin Information Security Officer Creighton University
Information Systems Security Operational Control for Information Security.
General Awareness Training Security Awareness Module 2 What is a Security Incident? How Vulnerable am I?
Bank Crime Investigation Techniques by means of Forensic IT Technological Crime Trends Gina Carletti’s Scotiabank Canada.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Possible Threats To Data. Objectives To understand: Types of threats Importance of security Preventative and remedial actions Personal safety This will.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Program Objective Security Basics Framework for managing information security user’s role in implementing & maintaining information security.
Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.
Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
How Safe Is Your Mobile Information? Issues and Safeguards for Mobile Devices Dan Morrissey, CHSP Catholic Health Initiatives Fourteenth National HIPAA.
Chapter 3: Information Security Framework. 2 Objectives Plan the protection of the confidentiality, integrity and availability of corporate data—the.
90% of EU exports consist of product and services of IPR-intensive industries. Among 269 senior risk managers, 53% said IP loss or theft had inflicted.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
Security fundamentals Topic 12 Maintaining organisational security.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Information Security Technological Security Implementation and Privacy Protection.
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Fundamentals of Information Systems Security.
Koen Maris – The Human Factor in Information technology – Copyright 2005 – The Human Factor in Information Technology.
Handling Sensitive Data: Security, Privacy, and Other Considerations Rodney Petersen Government Relations Officer Security Task Force Coordinator EDUCAUSE.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security Controls – What Works Southside Virginia Community College: Security Awareness.
Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Privacy and Security Risks in Higher Education Professor Daniel J. Solove John Marshall Harlan Research Professor of Law George Washington University Law.
New EU General Data Protection Regulation Conference 2016 Managing a Data Breach Prevention-Detection-Mitigation By Gerard Joyce Dun Laoghaire Feb 24 th.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
© 2017 SlidePlayer.com Inc. All rights reserved.