1 / 8

Employee Hacking: The New Inside Job

Employee Hacking: The New Inside Job. Joseph Kummer Terri Berry Brad White. Summary. 1. Specific instances of employee hacking and the consequences which resulted therefrom.

anoush
Download Presentation

Employee Hacking: The New Inside Job

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Employee Hacking: The New Inside Job Joseph Kummer Terri Berry Brad White

  2. Summary • 1. Specific instances of employee hacking and the consequences which resulted therefrom. • 2. How employees utilize their positions within an organization to obtain sensitive information and then briefly discuss their various motivations for doing so.

  3. Summary • 3. Various methods and techniques for preventing employee hacking and potential modifications to accounting laws and regulations relating to internal controls and IT security that would assist in ensuring that businesses allocate sufficient resources for the protection sensitive information from their own employees.

  4. Specific Incidents • 1. Gucci America Inc. • 2. U.S. State Department • 3. Education Logistics • 4. Akimbo Systems (f/k/a Blue Falcon Networks),

  5. The How and Why • Extensive knowledge of the system and the company • Possess necessary access credentials • Understand the security systems in place and related control mechanisms and know how to avoid controls and detection • TRUST!!!

  6. Intentionally cause damage to the company • Recklessly cause damage to the company • Personal financial gain • Sale of trade secrets • Sale of financial or other insider information • Sale of authorization/access codes and/or knowledge of the system

  7. Prevention • Promote information security as an organizational goal • Obtain top level support for making information security a priority • Implement proper access and authorization controls • Change access and authorization controls on a regularly scheduled basis • Monitor employee access records • Deprovision user access as appropriate

  8. Federal and state governments protect 3rd parties • Require implementation of security and confidentiality procedures and technology • Require strict access control policies, including deprovisioning policies • Require monitoring of employee access • Require reporting of unauthorized disclosures, access and/or breach

More Related