Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Slides:

Advertisements

Similar presentations

© Peter Readings Data Leakage Pete Readings CISSP.

Advertisements

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

Ethical, Social and Environmental Responsibilities Unit 3 June 20131Dr Vidya Kumar.

CSI 2005 Computer Crime Survey Put together by J. Scott, 2006 Using Graphics and Text from the Published CSI/FBI 2005 Crime Survey.

SL21 Information Security Board Mission, Goals and Guiding Principles.

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

Secure Data Transmission James Matheke Information Security Architect Ohio Department of Job and Family Services.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

SiteLock Internet Security: Big Threats for Small Business.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Introduction to Network Defense

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

Information Security Technological Security Implementation and Privacy Protection.

[Name / Title] [Date] Effective Threat Protection Strategies.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

Social Media Jeevan Kaur, Michael Mai, Jing Jiang.

Information Security Issues at Casinos and eGaming

How STERIS is using Cloud Technology to Protect Web Access Presented By: Ed Pollock, CISSP-ISSMP, CISM CISO STERIS Corporation “Enabling Business”

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 7, 2015 DRAFT1.

Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

© 2010 Verizon. All Rights Reserved. PTE / DBIR.

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

Put your company logo here Confidential Data Upgrade from 8.x to 9.0.

The Fifteenth National HIPAA Summit Overview of Approaches to Security Officer Training John Parmigiani December 12, 2007.

Data Security Assessment and Prevention AD660 – Databases, Security, and Web Technologies Marcus Goncalves Spring 2013.

Internet Security Breach & Its Impact on Business Operations Kim Nguyen Manish Shirke Wa Mo Saravanan Velrajan.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Ali Alhamdan, PhD National Information Center Ministry of Interior

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)

Data Security at Duke DECEMBER What happened: “At this time, we have no indication that research data or personal data managed by Harvard systems.

A global nonprofit: Focusing on IP Protection and Anti-Corruption Sharing leading practices based on insights from global companies, academics, organizations.

Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Enterprise Mobility Suite: Simplify security, stay productive Protect data and empower workers Unsecured company data can cost millions in lost research,

Why SIEM – Why Security Intelligence??

Understanding DATA LOSS PREVENTION

Six Steps to Secure Access for Privileged Insiders and Vendors

Cybersecurity - What’s Next? June 2017

Insiders are Today’s Biggest Security Threat

Juniper Software-Defined Secure Network

Six Steps to Secure Access for Privileged Insiders and Vendors

Securing Information Systems

Today’s Risk. Today’s Solutions. Cyber security and

Information Security: Risk Management or Business Enablement?

How to Mitigate the Consequences What are the Countermeasures?

Chapter 8 Developing an Effective Ethics Program

DATA LOSS PREVENTION Mr. Collins Oduor.

Web Information Systems Engineering (WISE)

Information Protection

Protect data in core business applications

Data Breach of United States Office of Personnel Management

Information Protection

AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.

Presentation transcript:

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP

Insider Threat  The insider is anyone who has been authorized to access internal systems. They originate on internal systems or are permitted special access across the perimeter (i.e. remote access)  The insider threat is not new, however technology can allow greater access, at a distance, to sensitive data, with potentially less effort and less accountability  The threat exists for insiders to exploit their authorized access, attack or misuse information systems

Defining The Problem  Intentional: Economic or Malicious motivations  Hacking and Malware  Security Avoidance: Rules not aligned with business objectives  Mistakes: Insiders try to follow rules  Ignorance: Insiders don’t know rules

Economic Factors  Economic factors may motivate individuals to do things they otherwise wouldn’t do  The economy is just one example of external factors that may drive up incidents  The economy may reduce security budgets, which may lead to weakened security controls and measures  Companies that empower their employees and keep them informed may have fewer data breaches

Global, Legal & Cultural Factors  Many gaps in security practices are exposed when a company expands into new markets/countries  Data must be managed according to laws in the country in which it resides  Not all cultures have the same standards when dealing with intellectual property  The reality of how data is treated in different countries and by different cultures may necessitate new controls and measures

Data Breaches  According to the Verizon 2009 Data Breach Investigations Report, 285 million records were compromised in  All industries suffer from data breaches, although threat vectors may vary significantly  The growth of financial services companies, and advances in technology put larger sets of personal data at risk  Historical data shows external hacking, malware or theft (i.e. data tape or laptop) accounts for approximately 80% of data breaches, while the insider threat remains around 20%  In 2008, nearly all records were compromised from online sources  Approximately 30% of data breaches implicated business partners Source: Verizon 2009 Data Breach Investigations Report,

Protecting The Data  Proactive vs. Reactive Responses  Learn from Past Incidents  Encryption  Access Controls & Monitoring  Segmentation  Education

Process Improvements  People  Pay attention to employee morale, work closely with HR  Provide security awareness & education that is targeted and measured  Processes  Implement processes for managing employee privileges as their role changes  Review rights quarterly or annually  Keep concise security policies updated and published for easy access

Technology  You can’t eliminate all risk, so you need to identify tools that will best address the insider threat based on past incidents at your company  Risk management helps identify where security dollars are best spent  Protecting data at rest and in motion is important, and this works best if you can identify the data you want to protect up front  Most tools exist to keep honest people honest

Survey of Tools  Data Loss Prevention  Identity Management  Centralized Security Logging/Reporting  Security Event Management  Web Authentication  Intrusion Detection/Prevention Systems  Network Access Controls  Encryption

The Security Budget  As the economy and other factors drive up the threat, the security budget needs to be maintained  Security dollars should be spent where they can have the greatest impact  Significant results can be had by starting with simple, low cost solutions that target “low-hanging fruit”  Remember the principle of security in-depth

Measuring Success  Develop consistent and meaningful metrics for measuring the efficacy of your security controls  Develop executive dashboards and favor tools that provide real-time access to data and reporting  Review security processes periodically to ensure they are achieving stated goals, as they legal, cultural and corporate requirements may change

Conclusion  While the insider threat has always existed, technology magnifies the problem  It is too late to react when a data breach makes your company front page news, be proactive  Detecting insider attacks requires layered solutions that leverage people, processes and tools  Don’t undervalue the impact of user education  The most expensive solution is not always the best solution!