1 deterring internal information systems misuse eecs711 : security management and audit spring 2010...
Post on 21-Dec-2015
215 views
TRANSCRIPT
1
DETERRING INTERNALINFORMATION SYSTEMS MISUSE
EECS711 : Security Management and Audit Spring 2010
Presenter : Amit DandekarInstructor : Dr. Hossein Saiedian
2
Contents
• Information system misuses by insiders• Counter measures• Measuring effectiveness of counter measures– Survey methodology – Survey results– Survey conclusions
• Conclusion
3
Information system misuse by insiders• Misuses of information system (IS) resources– Largely due to intentional actions of legitimate
users• 70% of breaches involving loss of more than 100k are
internal per a study
– Result in financial loss and other negative consequences
– Misuses likely to persist due to increasing user sophistication and availability of tools
4
Counter measures
• Counter measures– Procedural controls• Security policy• Security awareness programs
– Technical controls• Computer monitoring software• Preventive security software
5
Measuring effectiveness of counter measures• Survey studies deterrent effect of these
measures on IS misuse intentions• Web based survey – 579 users from eight organizations from variety of
industries– 44% companies with 10,000 or more employees
• Two parts of survey– Examine awareness countermeasures– Examine effects of awareness on IS misuse
6
Survey methodology
• Measure awareness of four security countermeasures– Measured on seven point scales • one = strongly disagree, seven = strongly agree
7
Survey methodology
• Measure user intentions to misuse IS resources– Measures likelihood of engaging in misuse
behavior
10
Survey results
• Security awareness programs– Most deterrent effect on IS misuse
• Security policy– Significant deterrent effect
• Preventive security software– Significant deterrent effect
• Computer monitoring software– No significant deterrent effect
11
Survey conclusion
• Security awareness programs need to get larger budget than other countermeasures– Most deterrent effect but least deployed security
counter measure
• Security policy statements and guidelines is effective deterrent – Introduce employees to policies as early as
possible– Display policies prominently
12
Survey conclusion
• Preventive security software are significant deterrent– Increase users fear of detection– Deterrent effect is above and beyond its core
functionality– Organizations should make concerted effort to
alert employees of latest technological solutions protecting IS resources• E.g. provide real time feedback during password
construction
13
Survey conclusion
• Computer monitoring software is insignificant deterrent– Users do not equate monitoring to being caught– Users doubted if audit logs were monitored
regularly– Users doubt if punishment will be severe
14
Conclusion
• Following three measures significantly deter user’s IS misuse intentions– Security awareness program– Security policy– Preventive security software
• Monitoring end user activities has least effect• Combination of proactive and preventive
approach is most effective in deterring users from IS misuse