insider threat toronto 22 february 2006. w w w. e l y t r a. c o m problem statement insider person...
TRANSCRIPT
Insider Threat
Toronto
22 February 2006
w w w . e l y t r a . c o m
Problem Statement
Insider• Person that works inside an organization
– Employees– Permanent – Temporary– Co-op
– Contractors – Partners– Support Personnel
w w w . e l y t r a . c o m
Problem Statement
The Threat• There is a lot of evil PEOPLE out there and they all
want to get us
• If they are out there we are OK Inside, Security for Real Dummies by Dilbert
w w w . e l y t r a . c o m
The Reasonable Threat:People
Glory Seeker Vendetta: Disgruntled Employees and Others The Curious and the Incompetent The Greedy
Management
w w w . e l y t r a . c o m
The Carl Bond School of Management
w w w . e l y t r a . c o m
Threat
Threats are meaningless until they are qualified as risks
• We know what the story is, why do we care?– Money – Time – Bandwidth– Image
w w w . e l y t r a . c o m
Back to the Problem and the Solutions
Know the What and Why• Know your assets
– Network structure, its components – The geography of your organization– The nature of the Data and its value– Know the operational and processing needs– Know the your legal requirements (PIPEDA, SOX,….)
w w w . e l y t r a . c o m
You Will Need to Succeed
Know your Governance structure and GET MANAGEMENT BUY-IN• WHY
– You will need their Money – You will need their Support and,– Most of all you will need somebody to wear the unpopular
decisions
w w w . e l y t r a . c o m
Now you are Ready for Action
Establish a Usage Policy and publish it Start working on the basics while you attack your
high risk areas• Use your account management and networking tool to
organize data access• Insure logging and proper log review• Introduce proper entry and departing processes for
employees• Insure that standard security measure are in place
w w w . e l y t r a . c o m
Get more technical
Introduce data protection for traveling staff• Encryption• OTP token
Introduce end point controls (USB,FW, drives…) If you have the money, deploy tracking and
profiling tools
w w w . e l y t r a . c o m
Be in the loop
Don’t let your MANAGEMENT leave you behind
Track the tricks of the trade
Elytra – Who Are We?
w w w . e l y t r a . c o m
Access Authentication
Removable StorageDevices
Software EncryptionHard Drive EncryptionDevice Control & Auditing
Change Auditing Intrusion Prevention
VulnerabilityManagement
Elytra Professional Services
Law, Investigation & Ethics
Network SecurityCryptography
Business Continuity
Application Systems DevelopmentAccess Control
Operations SecurityArchitecture
Security Management Practices
w w w . e l y t r a . c o m
Take the 1st Step!!
Download the Safend Auditor at:• http://www.safend.com/
• Auditor performs a client-less scan of your selected domain and generates a report indicating what is connected today to the scanned PC(s) – or has been in the past!
»Its Free!
