Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Peter Readings 2007 1 Data Leakage Pete Readings CISSP.

Similar presentations


Presentation on theme: "© Peter Readings 2007 1 Data Leakage Pete Readings CISSP."— Presentation transcript:

1

2 © Peter Readings Data Leakage Pete Readings CISSP

3 © Peter Readings DATA LEAKAGE – WHAT IS IT? Leakage describes an unwanted loss of something which escapes from its proper location 1 Or, in information asset terms, the compromise of confidentiality or availability of data (electronic or hardcopy) 1

4 © Peter Readings DATA LEAKAGE – WHY DOES IT HAPPEN? Malicious/Intentional Variety of motives Intellectual Property theft Identity theft Revenge Internal/External Can be difficult to prevent or detect “Copy” v. “Move” Accidental Carelessness Thoughtlessness Ignorance Secondary effect of other event

5 © Peter Readings DATA LEAKAGE – HOW DOES IT HAPPEN? Where do we start? Shoulder surfing Instant Messenger PDA BlackBerry Mobile phone Portable media Digital camera Keylogging Eavesdropping Social engineering Malware P2P sharing Dumpster diving Computer disposal Backup tapes Intrusion Password compromise Weak technical security Inadequate privilege management And so on and on and on Depressed yet?

6 © Peter Readings DATA LEAKAGE – WHY DO WE CARE? Loss of competitive advantage Reputational damage Civil liability Legal exposure Regulatory action Those firewalls cost money

7 © Peter Readings DATA LEAKAGE – WHEN IT HAPPENS… Incident triage Assess impact Single incident/ongoing Determine appropriate action Assess likelihood of repetition Mitigate impact Identification of source Communication Affected parties Regulatory bodies Law Enforcement Prevention Change passwords Suspend accounts Detection Enable logging Review logs Prevent recurrence Reinforce policies Enhance controls

8 © Peter Readings DATA LEAKAGE – IT’S A PROBLEM A quarter of businesses have had IP or confidential proprietary information stolen in the last 12 months. Source: 2005 E-Crime Watch Survey

9 © Peter Readings DATA LEAKAGE – WHAT CAN DO WE DO ABOUT IT? People Awareness Responsibility and accountability – and ownership Policy Data classification is fundamental! Data retention Clear guidance on protecting sensitive data Risk based – evolving with emerging threats Privileged access Process Consistent Understood Performing Handling of media Incident reporting Incident response & management Technology Encryption Storage and transmission Biometrics Remote “kill” Data cleansing Incident detection – what’s permeating through the perimeter?


Download ppt "© Peter Readings 2007 1 Data Leakage Pete Readings CISSP."

Similar presentations


Ads by Google