Presentation is loading. Please wait.

Presentation is loading. Please wait.

Insider Threat Toronto 22 February 2006. w w w. e l y t r a. c o m Problem Statement  Insider Person that works inside an organization –Employees –Permanent.

Published byJulia Townsend Modified over 9 years ago

Similar presentations

Presentation on theme: "Insider Threat Toronto 22 February 2006. w w w. e l y t r a. c o m Problem Statement  Insider Person that works inside an organization –Employees –Permanent."— Presentation transcript:

1 Insider Threat Toronto 22 February 2006

2 w w w. e l y t r a. c o m Problem Statement  Insider Person that works inside an organization –Employees –Permanent –Temporary –Co-op –Contractors –Partners –Support Personnel

3 w w w. e l y t r a. c o m Problem Statement  The Threat There is a lot of evil PEOPLE out there and they all want to get us If they are out there we are OK Inside, Security for Real Dummies by Dilbert

4 w w w. e l y t r a. c o m The Reasonable Threat:People  Glory Seeker  Vendetta: Disgruntled Employees and Others  The Curious and the Incompetent  The Greedy  Management

5 w w w. e l y t r a. c o m The Carl Bond School of Management

6 w w w. e l y t r a. c o m Threat  Threats are meaningless until they are qualified as risks We know what the story is, why do we care? –Money –Time –Bandwidth –Image

7 w w w. e l y t r a. c o m Back to the Problem and the Solutions  Know the What and Why Know your assets –Network structure, its components –The geography of your organization –The nature of the Data and its value –Know the operational and processing needs –Know the your legal requirements (PIPEDA, SOX,….)

8 w w w. e l y t r a. c o m You Will Need to Succeed  Know your Governance structure and GET MANAGEMENT BUY-IN WHY –You will need their Money –You will need their Support and, –Most of all you will need somebody to wear the unpopular decisions

9 w w w. e l y t r a. c o m Now you are Ready for Action  Establish a Usage Policy and publish it  Start working on the basics while you attack your high risk areas Use your account management and networking tool to organize data access Insure logging and proper log review Introduce proper entry and departing processes for employees Insure that standard security measure are in place

10 w w w. e l y t r a. c o m Get more technical  Introduce data protection for traveling staff Encryption OTP token  Introduce end point controls (USB,FW, drives…)  If you have the money, deploy tracking and profiling tools

11 w w w. e l y t r a. c o m Be in the loop  Don’t let your MANAGEMENT leave you behind  Track the tricks of the trade

12 Elytra – Who Are We?

13 w w w. e l y t r a. c o m Access Authentication Removable Storage Devices Software EncryptionHard Drive Encryption Device Control & Auditing Change Auditing Intrusion Prevention Vulnerability Management Elytra Professional Services Law, Investigation & Ethics Network Security Cryptography Business Continuity Application Systems Development Access Control Operations Security Architecture Security Management Practices

14 w w w. e l y t r a. c o m Take the 1 st Step!!  Download the Safend Auditor at: http://www.safend.com/ Auditor performs a client-less scan of your selected domain and generates a report indicating what is connected today to the scanned PC(s) – or has been in the past! »Its Free!

15 Thanks You for Attending! Carl Bond carl.bond@elytra.comcarl.bond@elytra.com Paul Vaillant paul.vaillant@elytra.compaul.vaillant@elytra.com 613.746.0762

Download ppt "Insider Threat Toronto 22 February 2006. w w w. e l y t r a. c o m Problem Statement  Insider Person that works inside an organization –Employees –Permanent."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.

Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.
Department of Revenue Lessons for Management by Department of Revenue Internal Audit.

Department of Revenue Lessons for Management by Department of Revenue Internal Audit.
Security and Personnel

Security and Personnel
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”
Security Controls – What Works

Security Controls – What Works
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Forensic and Investigative Accounting

Forensic and Investigative Accounting
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.

Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.
August 9, 2005UCCSC Converting Policy to Reality Building Campus Security Programs Karl Heins -- Director of IT Audit Services Office of the University.

August 9, 2005UCCSC Converting Policy to Reality Building Campus Security Programs Karl Heins -- Director of IT Audit Services Office of the University.
Dr. Sarbari Gupta Electrosoft Services Tel: (703)757-9096 Security Characteristics of Cryptographic.

Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.
IT Security Requirements

IT Security Requirements
IS 380 OME 1 Fall 2010 Class 1. Administrative Roster Syllabus Review Class overview 10 domains overview.

IS 380 OME 1 Fall 2010 Class 1. Administrative Roster Syllabus Review Class overview 10 domains overview.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.

Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Similar presentations

Ads by Google