We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byTurner Vardell
Modified over 4 years ago
© Peter Readings 2007 1 Data Leakage Pete Readings CISSP
© Peter Readings 20072 DATA LEAKAGE – WHAT IS IT? Leakage describes an unwanted loss of something which escapes from its proper location 1 Or, in information asset terms, the compromise of confidentiality or availability of data (electronic or hardcopy) 1 WWW.WIKIPEDIA.ORG
© Peter Readings 20073 DATA LEAKAGE – WHY DOES IT HAPPEN? Malicious/Intentional Variety of motives Intellectual Property theft Identity theft Revenge Internal/External Can be difficult to prevent or detect “Copy” v. “Move” Accidental Carelessness Thoughtlessness Ignorance Secondary effect of other event
© Peter Readings 20074 DATA LEAKAGE – HOW DOES IT HAPPEN? Where do we start? Shoulder surfing Email Instant Messenger PDA BlackBerry Mobile phone Portable media Digital camera Keylogging Eavesdropping Social engineering Malware P2P sharing Dumpster diving Computer disposal Backup tapes Intrusion Password compromise Weak technical security Inadequate privilege management And so on and on and on Depressed yet?
© Peter Readings 20075 DATA LEAKAGE – WHY DO WE CARE? Loss of competitive advantage Reputational damage Civil liability Legal exposure Regulatory action Those firewalls cost money
© Peter Readings 20076 DATA LEAKAGE – WHEN IT HAPPENS… Incident triage Assess impact Single incident/ongoing Determine appropriate action Assess likelihood of repetition Mitigate impact Identification of source Communication Affected parties Regulatory bodies Law Enforcement Prevention Change passwords Suspend accounts Detection Enable logging Review logs Prevent recurrence Reinforce policies Enhance controls
© Peter Readings 20077 DATA LEAKAGE – IT’S A PROBLEM A quarter of businesses have had IP or confidential proprietary information stolen in the last 12 months. Source: 2005 E-Crime Watch Survey
© Peter Readings 20078 DATA LEAKAGE – WHAT CAN DO WE DO ABOUT IT? People Awareness Responsibility and accountability – and ownership Policy Data classification is fundamental! Data retention Clear guidance on protecting sensitive data Risk based – evolving with emerging threats Privileged access Process Consistent Understood Performing Handling of media Incident reporting Incident response & management Technology Encryption Storage and transmission Biometrics Remote “kill” Data cleansing Incident detection – what’s permeating through the perimeter?
Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.
David Cronkright Chuck Dudinetz Paul Jones Corporate Auditing The Dow Chemical Company February 16, 2012 Auditing Protection of Intellectual Property.
Women in Technology 2009 Mary Henthorn. Security Prevent loss, theft, or inappropriate access Privacy Ensure freedom from intrusion or disturbance Security.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
Travelers CyberRisk for Insurance Companies
Ethics, Privacy and Information Security
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Koen Maris – The Human Factor in Information technology – Copyright 2005 – The Human Factor in Information Technology.
Possible Threats To Data. Objectives To understand: Types of threats Importance of security Preventative and remedial actions Personal safety This will.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security Controls – What Works
Information Security Policies and Standards
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Chapter 1 Introduction to Security
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
© 2018 SlidePlayer.com Inc. All rights reserved.