1 / 19

Internal Risk s and threats

Internal Risk s and threats. Security Breaches Hackers vs Insiders. 2005 survey done by the U.S. Secret Service in conjunction with CERT

boris-walter
Download Presentation

Internal Risk s and threats

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internal Risks and threats

  2. Security Breaches Hackers vs Insiders 2005 survey done by the U.S. Secret Service in conjunction with CERT The survey shows that of the insiders who cause security breaches, 59 percent were former employees or former contractors. Of those, 48 percent had been fired, 38 percent had resigned and 7 percent had been laid off. Witiger.com> http://itmanagement.earthweb.com/career/article.php/3595456

  3. Agenda

  4. What is Internal Threat? in·ter·nal   [in-tur-nl] Pronunciation Key –adjective 1. situated or existing in the interior of something; interior

  5. threat     (thrět)   n.   1. An expression of an intention to inflict pain, injury, evil, or punishment. 2. An indication of impending danger or harm. 3. One that is regarded as a possible danger; a menace.

  6. Internal + Threat • In terms of business Internal threats expose the business making it vunerable • CAUSE: • Active employee • Ex-employee • Third party

  7. Internal Threats • Not easy to find information and examples makes vulnerabilities public knowledge • Weakens investor confidence • If deposit taking institution may cause “run on the bank” • Makes the company look bad in the public eye • Negative PR = NOT GOOD

  8. Who is effected? • Customers • The business • Third Party

  9. What can Happen? • Lost profits • Lost market share • Lost investor confidence • Negative PR

  10. Influencing Environments o Economic Environment o Competitive Environment o Political Environment o Social/Cultural Environment o Technological Environment

  11. Economical and Competitive • 3rd party • Outsourcing – cut costs • Cut corners • Former Employee • Former Employees – economic • some employees are enticed, (sometimes by their new employers) to use their old company passwords and inside information to acquire confidential information) to use their old company

  12. Social and Cultural • Former Employees • Who has some grudge against company (for being laid off or fired maybe) and have malicious intentions in creating a situation adverse to business operations)

  13. Political • Legislature related to client information retention • CSB investors victimized • Sponsorship Scandel

  14. Technological • Hard to keep up with in order to prevent threats • “Vishing”

  15. What are the measures to deal with the risks? • Train and educate employees • Having a security system • Contracts

  16. 4. Future Circumstances • Coke will be reviewing its security measures currently in place • Competition is becoming fierce, not all companies can be expected to act like Pepsi and do the right thing

  17. Ability to Handle Internal Threats • Spread the info amongst a few employees • Employees are assigned a level based on their position in the company. • All sensitive info is also assigned a level • Only high level employee’s can see highly confidential information. • Intranet • Removing access (passwords) a day before termination

  18. Handling Third Parties • Companies have a disclaimer when using a third party. • To inform the customer that the offer or service is from another company

  19. What have we learned?

More Related