Your SlideShare is downloading. ×
Humans Are The Weakest Link – How DLP Can Help
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Humans Are The Weakest Link – How DLP Can Help

1,399

Published on

SAS 2012 Official Video is available at http://www.youtube.com/watch?v=Vr8lmIhc0pk …

SAS 2012 Official Video is available at http://www.youtube.com/watch?v=Vr8lmIhc0pk

Abstracts: All companies are invested in security, but far from all came to realize: employees’ awareness and education are the key factors to improve information protection and prevent data leaks. You can install most powerful DLP, encryption and other security tools, hire a lot of security officers and consulters to tune your business processes, eventually waste a lot of money and resources at security issues, but if end-users don’t understand threats, don’t know rules – they cannot follow internal policies and regulations, cannot correctly use appropriate tools. It’s all for nothing. Efficient information security strategy is to create a culture of awareness and enforcement – culture where users understand the consequences.

This session is about 3 main things:
1) What is user awareness in information security?
2) Why user awareness is required?
3) How to raise user awareness and what are key factors.

Practical recommendations for security user awareness program adopters and practitioners will be given. Role of the DLP in raising user awareness will be highlighted.

Related links:
http://www.youtube.com/watch?v=vXlyuGXAZzU – Valery Boronin on Data Luxury Protection at DLP Russia 2011 (in Russian)

Published in: Technology, Business
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,399
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
39
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Valery brings funny toy to the scene & makes it sitting.Hello everyone.I am veryglad to openConference Day Two. My name is Valery Boronin and, together <pointing gesture to Vera> with Vera Trubacheva, werepresent DLP Research department at Kaspersky Lab.Antimalware technologiesare primarily focused on external threats and have achieved truly outstanding results to date, in many respects this success is due to years of effort by many of you. DLP focuses mainly on internal threatsandthe technology for this is not yet very mature But what is common for both is that a weakest link is always the same.Today, together with you, we will talk about the weakest link in security –the human.We will talkhow DLP can help the Human.
  • Let’s briefly overview an agenda.We spend a few minutes to figure out Customers’ expectationsin regard to DLP 1.0<pointing gesture to DLP 1.0 toy>, represented by this funny toy as a personification of DLP technologies to date.Then, I’ll describe Key Challenge for DLP vendors, relate it to the topic and deliver it together with Vera. <pointing gesture to Vera> Let’s go!
  • Valery :Dear friends, our performance is finished. Hope you enjoyed it. Thank you very much for your attention!
  • Transcript

    • 1. Click to edit Master title styleHumans Are The Weakest Link –How DLP Can HelpValery Boronin, Director DLP ResearchVera Trubacheva, System AnalystDLP Research, R&D, Kaspersky LabFebruary 3, 2012Cancun, Mexico, Ritz-Carlton Hotel
    • 2. Click to edit Master title styleAgenda1. DLP to date2. Key challenge3. User awareness 1. What is it? 2. Why is it required? 3. How to raise it? 4. How DLP could help?4. Q&A
    • 3. DLP to date Master title style Click to editCustomers want: Customers receive:1. Easy 1. Complicated2. Convenient 2. Inconvenient3. Reliable 3. Unreliable4. Cheap 4. Expensive Gartner research estimates that more than 800 technology vendors and other providers currently have data security offerings. Numerous nontechnical controls are also available. The difficulty of understanding all these options, their benefits and their challenges tends to lead to enterprises using limited subsets of the available tools and having serious gaps in controls and risk mitigation Typical Elements of an Enterprise Data Security Program, Gartner, Aug 2009Page 3 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
    • 4. Key Challenge is the Complexity Click to edit Master title style Technologies Data Expertise & Tools Luxury People Protection ProcessesPage 4 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
    • 5. Accusation against title style Click to edit Master DLP 1.0No user awareness in DLP 1.0Claim 1: Raising user awareness.Claim 2: Control of education efficiency. Mock trialPage 5 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
    • 6. What to userMaster title style Click is edit awareness?User awareness is making users aware of informationsecurity policies, threats, mitigating controls Security education Childhood WorkPage 6 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
    • 7. Why is user awareness required?Click to edit Master title style1. It is required by law See Appendix 1Page 7 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
    • 8. Why is user awareness required?Click to edit Master title style2. To protect the weakest link in security – the humanPage 8 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
    • 9. Why is user awareness required? Evidence 1 Click to edit Master title style Guess what this is: • 12345 • qwerty • 11111 • abc123 • adminPage 9 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
    • 10. Why is user awareness required? Evidence 2Click to edit Master title stylePage 10 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
    • 11. Why is user awareness required? Evidence 3 Click to edit Master title style Security incidents The weakest link in security is human! 100% Target of all 90%successful APTattacks is a user Exploits need a 75% (Mandiant) user interaction (Symantec) Human factor 60% Accidental mistakes (InfoWatch)Page 11 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
    • 12. Why is user awareness required?Click to edit Master title style3. To reduce huge costs! $7,2 billion per data breach in 2010 $56,165 for a lost notebook in 2010 You could buy a yacht like this for one data breachPage 12 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
    • 13. How to raiseMaster title style Click to edit user awareness? Recognize the problemPage 13 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
    • 14. How to raiseMaster title style Click to edit user awareness?Get topmanagementsupportPage 14 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
    • 15. How to raiseMaster title style Click to edit user awareness? Know your dataPage 15 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
    • 16. How to raise user awareness?Click to edit Master title style Prepare clear, simple instructionsPage 16 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
    • 17. What to edit Master title styleClick to teach?1.Security basics2.Corporate policy rules3.Incident responsePage 17 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
    • 18. How to teach?Click to edit Master title style Use different ways See Appendix 2Page 18 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
    • 19. Key Factor 1Master title style Click to edit ExplainPage 19 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
    • 20. Key Factor 2Master title style Click to edit Measure results before and afterPage 20 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
    • 21. Key Factor 3Master title style Click to edit Explain consequences for secure and unsecure behaviorPage 21 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
    • 22. Members of the Jury: Time for ActionClick to edit Master title style Poll of the JuryPage 22 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
    • 23. Courtto edit Master title style Click Decision: VerdictDLP 1.0 must1. Raise user awareness2. Control education efficiencyPage 23 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
    • 24. Click to edit Master title style Humans Are The Weakest Link – How DLP Can Help Thank you! Raise User Awareness!Valery Boronin Vera TrubachevaDirector DLP Research System Analyst, DLP ResearchKaspersky Lab Kaspersky LabValery.Boronin@kaspersky.com Vera.Trubacheva@kaspersky.com+7 495 797 8700 x4200 +7 495 797 8700 x4201
    • 25. Appendix 1 Master title styleClick to editFor compliance with laws and regulations: • Payment Card Industry Data Security Standard (PCI DSS) • Federal Information System Security Managers Act (FISMA) • Health Insurance Portability and Accountability Act (HIPAA) • Gramm-Leach-Bliley Act (GLBA) • Sarbanes-Oxley Act (SOX) • EU Data Protection Directive • National Institute of Standards and Technology (NIST 800-53) • International Organization for Standardization: ISO/IEC 27001 & 27002 • Control Objectives for Information and Related Technology (CoBiT 4.1) • Red Flag Identity Theft Prevention • Personal Information Protection and Electronic Documents Act (PIPEDA) • Management of Federal Information Resources (OMB Circular A-130) • Some state breach notification laws (ie Massachusetts 201 CMR 17.00) • Стандарт Банка России по обеспечению информационной безопасности организаций банковской системы Российской Федерации (СТО БР ИББС)Page 25 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
    • 26. Appendix 2 Master title style Click to edit• Security topics• E-mail etiquette• Social Engineering• Clean Desk• Protecting Sensitive Information• Strong Password• Data owners• Internet• Identity theft• Personal use• Protecting data• Mobile securityPage 26 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012
    • 27. Appendix 3 Master title style Click to editSources of Awareness Material:• CERT• Ponemon Institute• ISSA• The university of Arizona• NIST SP 800-50 and NIST SP 800-16• SANS (presentations, Security Awareness Newsletters, training)• InfoSecurityLab (posters, Wallpapers & Screensavers, Newsletters)Page 27 SAS 2012, DLP Research, Kaspersky Lab February, 3d, 2012

    ×