THE INSIDER THREAT AND DATA LOSS PREVENTION CSCE 727.

Slides:

Advertisements

Similar presentations

14 September Digital Investigations With the proliferation of devices, do organisations really know where their most sensitive data is held? Companies.

Advertisements

COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.

IAPP CONFIDENTIAL Insider Leakage Threatens Privacy.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

Springfield Technical Community College Security Awareness Training.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2008 Carnegie Mellon University Preventing Insider Threats: Avoiding the Nightmare Scenario of a Good Employee Gone Bad Dawn Cappelli October 31, 2008.

Security for Today’s Threat Landscape Kat Pelak 1.

© Carnegie Mellon University The CERT Insider Threat Center.

SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.

The Privacy Office U.S. Department of Homeland Security Washington, DC t: ; f: Safeguarding.

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

Information Warfare Theory of Information Warfare

Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

© 2011 Autodesk Securing AutoCAD IP in the era of WikiLeaks Presenter: Rahul Kopikar Co-Founder, Seclore Technology.

Comprehensive DLP Solutions in Large Geographically Dispersed Companies.

IT-Partners Limited © 2011 IT Partners Limited Y OUR IT SOLUTION P ARTNERS Managing Director Confidential Data Loss Prevention Sunny Ho 1.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

Author: Andy Reedftp://topsurf.co.uk/reed FdSc IT/Computer Networking & IT(e-commerce) Communications Network Management An Introduction to Security.

Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.

Outline  Company Profile  Services Provided  Assets  System Schema  Risk Categories  Technical Risks and Mitigation  Summary.

** Deckplate training for Navy Sailors **.  On Thursday, 9 July, the Office of Personnel Management (OPM) announced a cyber incident exposed the federal.

General Awareness Training

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Protection from internal threats: Evolution of DLP or Who sets trends.

INTELLECTUAL PROPERTY TRADE SECRETS COPYRIGHTS PATENTS.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

AtomPark Software is founded in The head office is located in Saint-Petersburg, Russia. Company is officially registered in the United States. AtomPark.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.

© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.

Information Warfare Playgrounds to Battlegrounds.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

The Changing World of Endpoint Protection

Information Warfare Midterm Overview. Lectures Covered Everything until (including) March 2 nd Reading: – All lecture slides – Denning book: Chapters.

Top Threats WG Co-Chair Jon-Michael Brook. Agenda About our Top Threats Polling the industry Call for participation Categorizing our Top Threats.

Ali Alhamdan, PhD National Information Center Ministry of Interior

Prepared by Dept. of Information Technology & Telecommunications, November 19, 2015 Application Security Business Risk and Data Protection Gregory Neuhaus.

NON-COMPULSORY BRIEFING SESSION REQUEST FOR INFORMATION: ICT SECURITY SOLUTIONS RAF /2015/00019 Date: 29 September 2015 Time: 10:00.

Sample only Order at Security Awareness Training A threat awareness briefing. A defensive security briefing. An overview of the.

Creating an Insider Threat Program.

Unclassified/FOUO Intelligence Community Directive (ICD) 119 Media Contacts Training.

Falcongaze SecureTower: field experience

Information Warfare Playgrounds to Battlegrounds.

Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.

Reducing data loss by threats detection. InfoWatch Traffic Monitor & Workplace Security. Andrey Sokurenko Business Development Director.

BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

Intellectual Property. Confidential Information Duty not to disclose confidential information about a business that would cause harm to the business or.

Safe’n’Sec IT security solutions for enterprises of any size.

Identity Awareness and Data Loss Prevention Effective DLP David Miller Sr. Director, Security Products October 15, 2009.

Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.

Your data, protected and under control wherever they go SealPath Enterprise – IRM

By: Taysha Johnson. What is an insider threat? 1.A current or former employee, contractor, or other business partner who has or had authorized access.

INSIDER THREATS BY: DENZEL GAY COSC 356. ROAD MAP What makes the insider threat important Types of Threats Logic bombs Ways to prevent.

Information Warfare Summary. Information Security Information Assurance Information Warfare Information Dominance.

Advanced Endpoint Security Data Connectors-Charlotte January 2016

Deployment Planning Services

Understanding DATA LOSS PREVENTION

NON-COMPULSORY BRIEFING SESSION REQUEST FOR INFORMATION: ICT SECURITY SOLUTIONS RAF /2015/00019 Date: 29 September 2015 Time: 10:00.

INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.

Forensics Week 11.

IS4550 Security Policies and Implementation Unit 5 User Policies

Cyber Trends and Market Update

Case Study 1: Security Considerations

DATA LOSS PREVENTION Mr. Collins Oduor.

Detecting Insider Threats: Actions Speak Louder than Words

HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Anuj Dube Jimmy Lambert Michael McClendon

Presentation transcript:

THE INSIDER THREAT AND DATA LOSS PREVENTION CSCE 727

Agenda  Background  The Insider Threat  Examples in the news  Data Loss Prevention  Questions

The Insider Threat  An Insider Threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems. The threat may involve fraud, the theft of confidential or commercially valuable information, the theft of intellectual property, or the sabotage of computer systems.

The Insider Threat – Example 1  Steven Medlock was a disbursement specialist for the State Department’s Global Financial Services Center, which handles worldwide billings and other transactions for the agency.  The U.S. Attorney’s Office said he created a sham company that submitted fake invoices to collect about $58,700 in currency-exchange fees from September 2011 to April He also forged an unidentified person’s name on payment vouchers as part of the embezzlement, prosecutors said.  A Charleston judge has sentenced a former U.S. State Department employee to probation and home detention for embezzling almost $59,000 from the federal government

The Insider Threat – Example 2  Pfc. Bradley Manning - Enlisted intelligence analyst with privileged access.  Downloaded classified files from military networks and leaked them to the anti-secrecy website WikiLeaks.  Host-Based Security System was not installed to detect or prevent the removal of the classified files  Dishonorably discharged from the Army, sentenced to 35 years in prison of violations of the Espionage Act and other offenses.  Now known as Chelsea Elizabeth Manning.

Data Loss Prevention  Data loss prevention solution is a system that is designed to detect potential data breach / data ex- filtration transmissions and prevent them by monitoring, detecting and blocking sensitive data while in-use, in- motion, and at-rest. In data leakage incidents, sensitive data is disclosed to unauthorized personnel either by malicious intent or inadvertent mistake.  Such sensitive data can come in the form of private or company information, intellectual property, financial or patient information, credit-card data, and other information depending on the business and the industry.

Graphical demonstration of how data leaves a network

The Insider Threat, Data Loss Prevention, and Information Warfare.  IW – The use and management of information technology in pursuit of a competitive advantage over an opponent.  Discover confidential data wherever it is stored and identifies data owners.  Monitor how data is being used and where it is going to provide visibility into broken business process and high-risk users.  Protect confidential data by automatically enforcing data loss policies; educating users about data security; securing exposed data; and stopping data leaks.  Manage data loss policies, incident remediation, and risk reporting.  Goals of deploying DLP to monitor Insiders is to Discover, Monitor, and Protect.

Questions?