Download presentation
Presentation is loading. Please wait.
Published byTurner Vardell Modified over 10 years ago
2
© Peter Readings 2007 1 Data Leakage Pete Readings CISSP
3
© Peter Readings 20072 DATA LEAKAGE – WHAT IS IT? Leakage describes an unwanted loss of something which escapes from its proper location 1 Or, in information asset terms, the compromise of confidentiality or availability of data (electronic or hardcopy) 1 WWW.WIKIPEDIA.ORG
4
© Peter Readings 20073 DATA LEAKAGE – WHY DOES IT HAPPEN? Malicious/Intentional Variety of motives Intellectual Property theft Identity theft Revenge Internal/External Can be difficult to prevent or detect “Copy” v. “Move” Accidental Carelessness Thoughtlessness Ignorance Secondary effect of other event
5
© Peter Readings 20074 DATA LEAKAGE – HOW DOES IT HAPPEN? Where do we start? Shoulder surfing Email Instant Messenger PDA BlackBerry Mobile phone Portable media Digital camera Keylogging Eavesdropping Social engineering Malware P2P sharing Dumpster diving Computer disposal Backup tapes Intrusion Password compromise Weak technical security Inadequate privilege management And so on and on and on Depressed yet?
6
© Peter Readings 20075 DATA LEAKAGE – WHY DO WE CARE? Loss of competitive advantage Reputational damage Civil liability Legal exposure Regulatory action Those firewalls cost money
7
© Peter Readings 20076 DATA LEAKAGE – WHEN IT HAPPENS… Incident triage Assess impact Single incident/ongoing Determine appropriate action Assess likelihood of repetition Mitigate impact Identification of source Communication Affected parties Regulatory bodies Law Enforcement Prevention Change passwords Suspend accounts Detection Enable logging Review logs Prevent recurrence Reinforce policies Enhance controls
8
© Peter Readings 20077 DATA LEAKAGE – IT’S A PROBLEM A quarter of businesses have had IP or confidential proprietary information stolen in the last 12 months. Source: 2005 E-Crime Watch Survey
9
© Peter Readings 20078 DATA LEAKAGE – WHAT CAN DO WE DO ABOUT IT? People Awareness Responsibility and accountability – and ownership Policy Data classification is fundamental! Data retention Clear guidance on protecting sensitive data Risk based – evolving with emerging threats Privileged access Process Consistent Understood Performing Handling of media Incident reporting Incident response & management Technology Encryption Storage and transmission Biometrics Remote “kill” Data cleansing Incident detection – what’s permeating through the perimeter?
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.