1 / 13

Managing Data Against Insider Threats

Managing Data Against Insider Threats. Dr. John D. Johnson, CISSP. Insider Threat. The insider is anyone who has been authorized to access internal systems. They originate on internal systems or are permitted special access across the perimeter (i.e. remote access)

kendall
Download Presentation

Managing Data Against Insider Threats

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Managing Data Against Insider Threats Dr. John D. Johnson, CISSP

  2. Insider Threat • The insider is anyone who has been authorized to access internal systems. They originate on internal systems or are permitted special access across the perimeter (i.e. remote access) • The insider threat is not new, however technology can allow greater access, at a distance, to sensitive data, with potentially less effort and less accountability • The threat exists for insiders to exploit their authorized access, attack or misuse information systems

  3. Defining The Problem • Intentional: Economic or Malicious motivations • Hacking and Malware • Security Avoidance: Rules not aligned with business objectives • Mistakes: Insiders try to follow rules • Ignorance: Insiders don’t know rules

  4. Economic Factors • Economic factors may motivate individuals to do things they otherwise wouldn’t do • The economy is just one example of external factors that may drive up incidents • The economy may reduce security budgets, which may lead to weakened security controls and measures • Companies that empower their employees and keep them informed may have fewer data breaches

  5. Global, Legal & Cultural Factors • Many gaps in security practices are exposed when a company expands into new markets/countries • Data must be managed according to laws in the country in which it resides • Not all cultures have the same standards when dealing with intellectual property • The reality of how data is treated in different countries and by different cultures may necessitate new controls and measures

  6. Data Breaches • According to the Verizon 2009 Data Breach Investigations Report, 285 million records were compromised in 2008. • All industries suffer from data breaches, although threat vectors may vary significantly • The growth of financial services companies, and advances in technology put larger sets of personal data at risk • Historical data shows external hacking, malware or theft (i.e. data tape or laptop) accounts for approximately 80% of data breaches, while the insider threat remains around 20% • In 2008, nearly all records were compromised from online sources • Approximately 30% of data breaches implicated business partners Source: Verizon 2009 Data Breach Investigations Report, http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf

  7. Protecting The Data • Proactive vs. Reactive Responses • Learn from Past Incidents • Encryption • Access Controls & Monitoring • Segmentation • Education

  8. Process Improvements • People • Pay attention to employee morale, work closely with HR • Provide security awareness & education that is targeted and measured • Processes • Implement processes for managing employee privileges as their role changes • Review rights quarterly or annually • Keep concise security policies updated and published for easy access

  9. Technology • You can’t eliminate all risk, so you need to identify tools that will best address the insider threat based on past incidents at your company • Risk management helps identify where security dollars are best spent • Protecting data at rest and in motion is important, and this works best if you can identify the data you want to protect up front • Most tools exist to keep honest people honest

  10. Survey of Tools • Data Loss Prevention • Identity Management • Centralized Security Logging/Reporting • Security Event Management • Web Authentication • Intrusion Detection/Prevention Systems • Network Access Controls • Encryption

  11. The Security Budget • As the economy and other factors drive up the threat, the security budget needs to be maintained • Security dollars should be spent where they can have the greatest impact • Significant results can be had by starting with simple, low cost solutions that target “low-hanging fruit” • Remember the principle of security in-depth

  12. Measuring Success • Develop consistent and meaningful metrics for measuring the efficacy of your security controls • Develop executive dashboards and favor tools that provide real-time access to data and reporting • Review security processes periodically to ensure they are achieving stated goals, as they legal, cultural and corporate requirements may change

  13. Conclusion • While the insider threat has always existed, technology magnifies the problem • It is too late to react when a data breach makes your company front page news, be proactive • Detecting insider attacks requires layered solutions that leverage people, processes and tools • Don’t undervalue the impact of user education • The most expensive solution is not always the best solution!

More Related