Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Published byLeon Houston Modified over 9 years ago

Similar presentations

Presentation on theme: "Managing Data Against Insider Threats Dr. John D. Johnson, CISSP."— Presentation transcript:

1 Managing Data Against Insider Threats Dr. John D. Johnson, CISSP

2 Insider Threat  The insider is anyone who has been authorized to access internal systems. They originate on internal systems or are permitted special access across the perimeter (i.e. remote access)  The insider threat is not new, however technology can allow greater access, at a distance, to sensitive data, with potentially less effort and less accountability  The threat exists for insiders to exploit their authorized access, attack or misuse information systems

3 Defining The Problem  Intentional: Economic or Malicious motivations  Hacking and Malware  Security Avoidance: Rules not aligned with business objectives  Mistakes: Insiders try to follow rules  Ignorance: Insiders don’t know rules

4 Economic Factors  Economic factors may motivate individuals to do things they otherwise wouldn’t do  The economy is just one example of external factors that may drive up incidents  The economy may reduce security budgets, which may lead to weakened security controls and measures  Companies that empower their employees and keep them informed may have fewer data breaches

5 Global, Legal & Cultural Factors  Many gaps in security practices are exposed when a company expands into new markets/countries  Data must be managed according to laws in the country in which it resides  Not all cultures have the same standards when dealing with intellectual property  The reality of how data is treated in different countries and by different cultures may necessitate new controls and measures

6 Data Breaches  According to the Verizon 2009 Data Breach Investigations Report, 285 million records were compromised in 2008.  All industries suffer from data breaches, although threat vectors may vary significantly  The growth of financial services companies, and advances in technology put larger sets of personal data at risk  Historical data shows external hacking, malware or theft (i.e. data tape or laptop) accounts for approximately 80% of data breaches, while the insider threat remains around 20%  In 2008, nearly all records were compromised from online sources  Approximately 30% of data breaches implicated business partners Source: Verizon 2009 Data Breach Investigations Report, http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf

7 Protecting The Data  Proactive vs. Reactive Responses  Learn from Past Incidents  Encryption  Access Controls & Monitoring  Segmentation  Education

8 Process Improvements  People  Pay attention to employee morale, work closely with HR  Provide security awareness & education that is targeted and measured  Processes  Implement processes for managing employee privileges as their role changes  Review rights quarterly or annually  Keep concise security policies updated and published for easy access

9 Technology  You can’t eliminate all risk, so you need to identify tools that will best address the insider threat based on past incidents at your company  Risk management helps identify where security dollars are best spent  Protecting data at rest and in motion is important, and this works best if you can identify the data you want to protect up front  Most tools exist to keep honest people honest

10 Survey of Tools  Data Loss Prevention  Identity Management  Centralized Security Logging/Reporting  Security Event Management  Web Authentication  Intrusion Detection/Prevention Systems  Network Access Controls  Encryption

11 The Security Budget  As the economy and other factors drive up the threat, the security budget needs to be maintained  Security dollars should be spent where they can have the greatest impact  Significant results can be had by starting with simple, low cost solutions that target “low-hanging fruit”  Remember the principle of security in-depth

12 Measuring Success  Develop consistent and meaningful metrics for measuring the efficacy of your security controls  Develop executive dashboards and favor tools that provide real-time access to data and reporting  Review security processes periodically to ensure they are achieving stated goals, as they legal, cultural and corporate requirements may change

13 Conclusion  While the insider threat has always existed, technology magnifies the problem  It is too late to react when a data breach makes your company front page news, be proactive  Detecting insider attacks requires layered solutions that leverage people, processes and tools  Don’t undervalue the impact of user education  The most expensive solution is not always the best solution!

Download ppt "Managing Data Against Insider Threats Dr. John D. Johnson, CISSP."

Similar presentations

© Peter Readings 2007 1 Data Leakage Pete Readings CISSP.

© Peter Readings Data Leakage Pete Readings CISSP.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Ethical, Social and Environmental Responsibilities Unit 3 June 20131Dr Vidya Kumar.

Ethical, Social and Environmental Responsibilities Unit 3 June 20131Dr Vidya Kumar.
CSI 2005 Computer Crime Survey Put together by J. Scott, 2006 Using Graphics and Text from the Published CSI/FBI 2005 Crime Survey.

CSI 2005 Computer Crime Survey Put together by J. Scott, 2006 Using Graphics and Text from the Published CSI/FBI 2005 Crime Survey.
SL21 Information Security Board Mission, Goals and Guiding Principles.

SL21 Information Security Board Mission, Goals and Guiding Principles.
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Secure Data Transmission James Matheke Information Security Architect Ohio Department of Job and Family Services.

Secure Data Transmission James Matheke Information Security Architect Ohio Department of Job and Family Services.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Www.adira.org Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.

Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
SiteLock Internet Security: Big Threats for Small Business.

SiteLock Internet Security: Big Threats for Small Business.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Introduction to Network Defense

Introduction to Network Defense
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Similar presentations

Ads by Google