1 / 26

People, Process and Technology

People, Process and Technology. Andy Papadopoulos . Fighting Fraud. Go after low hanging fruit – start with the most sensitive data and the areas where they are vulnerable - then work outwards Leverage existing investments in Microsoft technologies Implement Scorecards and Monitoring .

vaughn
Download Presentation

People, Process and Technology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. People, Process and Technology Andy Papadopoulos

  2. Fighting Fraud • Go after low hanging fruit • – start with the most sensitive data and the areas where they are vulnerable • - then work outwards • Leverage existing investments in Microsoft technologies • Implement Scorecards and Monitoring

  3. Today’s Information Challenge More than 80% of enterprise's digitized information reside in individual hard drives and in personal files and 80% of the data is unstructured, not secure nor backed up. Employees get 50%-75% of their relevant information directly from other people Individuals hold the key to the knowledge economy and most of it is lost when they leave the enterprise Source: Gartner Group/CIBC World Markets

  4. Availability Maximize functionality and uptime Integrity Ensure accuracy of data and data processing Confidentiality Ensure privacy of user information and transmission Trust Confidence to transact

  5. Workplace E-mail Stats Christina Cavanagh Professor, Richard Ivey School of Business

  6. Keeping it Confidential • Don’t add layers …. Users won’t use them • Take advantage of tools already in place with the interfaces they are already used to Information Rights Management

  7. Common ‘problems’ with data • Common agreed definitions (shared context) lacking • Inconsistent definitions across applications • Manual transformations and analysis • Manual Audit Trails • Poor Data Quality • Poor Connectivity from applications to resources • One Way Data Traffic (errors not corrected at the source)

  8. What does FINE mean ? • “Don’t worry everything is Fine” • How do I get the validation I need • Make use of dashboards and scorecards

  9. Service Level Reporting

  10. The Identity Lifecycle Retire User • Delete/Freeze Accounts • Delete/Freeze Entitlements New User • User ID Creation • Credential Issuance • Access Rights Password Mgmt • Strong Passwords • “Lost” Password • Password Reset Account Changes • Promotions • Transfers • New Privileges • Attribute Changes

  11. Identity Business Impact • 24% lower productivity • End user spends 16 minutes a day logging in to various system • Provisioning new users take 28 hours longer than business requirements • Increased IT Operational Costs • Roughly 48% of help desk calls are password resets ($45-$153 each) • User management consumers 5.25% of all IT productivity • Most admin tasks (moves, adds, changes) take 10x longer than necessary • 23% additional security risks • Only 70% of users deleted on departure • New users provisioned to 16 apps, on departure deleted from 10 • A survey of over 600 organizations concluded that the average cost impact of security breaches on each organization alone is over $972K* Source: Metagroup/PwC Survey 2002, * CSI/FBI Survey

  12. It’s a Virtual World … • The fine balance between keeping safe and allowing employees to do their jobs. • Workforce is mobile • Laptops are everywhere

  13. Mobile Workforce Why We Need Quarantine

  14. Internet and PC Usage Policy • “I didn’t know I couldn’t sell stuff on ebay 4 hours a day ….” • Put it in writing, keep it current, make it part of your HR process.

  15. Microsoft Best Practice Tools • Microsoft Baseline Security Analyzer • Exchange Best Practice Analyzer • SQL Best Practice Analyzer • Validates that your installation and configuration are done to best practice guidelines

  16. Microsoft Security Assessment Tool • Free tool to drive security awareness around people, process and technology • Download from: www.securityguidance.com

  17. Legislation Policies Procedures Physical Controls Application Features Inherent System Capabilities A Layered Approach to Compliance • Engages the entire business for success • Allows for the allocation of controls outside of IT

  18. A Layered Approach to Security Policies, Procedures, & Awareness Physical Security Access controls- data encryption Data Applications Application hardening, antivirus OS hardening, patch management, authentication Desktop and Servers Firewalls, VPN quarantine Internal Network Perimeter Network segments, Isolation Guards, locks, tracking devices Documented Process and User Education !

  19. Discovery Session Offer • 1-2 day offer from Office Systems Team • Makes use of scorecards and collaboration • Show you how you can use tools to better communicate/collaborate/share • Show accountability to stakeholders andy@legendcorp.com

  20. Summary • Leverage investments already made with Microsoft Technology • Make use of scorecards and monitoring systems to ensure things really are FINE

More Related