2. 2
Defend Within
GlobalAccountant.com
posted that 1/3 of British
accountants breach their
company IT policies.
Over 40% knew about the
policy and yet ignored it.
If 1/3 of your staff is
breaching your IT policy,
what can you do to defend
within?
3. 3
1. Role Based Access
Challenge:
You have hundreds,
even thousands of
users in your system.
How can you provision
everyone with the
correct access in a
timely fashion?
Answer:
Role Based Access
where you are given
permission based on
your role in the
company but can still
request access to
other programs.
4. 4
What is Role Based Access?
This is Joe, a new
developer starting today.
When Joe goes to
request access how does
he know which of the
company’s applications
to choose?
???
5. 5
What is Role Based Access?
With Role Based Access,
Joe will be led to the most
relevant applications for his
role taking the guess work
out and preventing requests
for excessive access or for
programs they don’t need.
6. 6
Why Role Based Access?
Approver saves time by only approving requests outside of
the users role. This limits the rubber stamping effect and
gives better visibility into what is being approved.
User saves time by having his applications
suggested for him rather than having to guess what
he needs and possibly request access to critical
systems he doesn’t.
Company saves time and money with tighter security and
fewer user accounts with privileged access.
7. 7
2. Access Management
What three roles does
every organization
have in common?
1. Joiners
2. Movers
3. Leavers
8. 8
Access Management
Joiners and Movers
need to have access
granted as soon as
possible to enable
them to do their jobs.
Leavers pose the
largest threat to your
system and need to
have access shut off
immediately.
“1 in 5 employees still have
access to internal systems at
their previous jobs” –
SCMagazine.com
9. 9
3. Segregation of Duties
Who wouldn’t love to
set and approve their
own budget?
What about submit
and approve your own
purchase order?
10. 10
Segregation of Duties
In order to uphold
checks and balances
you need segregation
of duties.
This will set
permissions for your
team and put up
barriers to critical
risks.
11. 11
4. Real-Time Monitoring
Auditing is everyone’s
least favorite time of
the year.
However, if you only
audit once a year then
you only see into your
system once a year.
What happens the
other 11 months?
14. 14
5. Build a Security Aware Culture
I know, I said 4 ways so this
one is free.
By building a culture that is
aware of the risks to themselves
and the company, you expand
your security team
exponentially.
When your organization buys in
to your security strategy they
become more aware of risks,
take more precautions against
them and become a new line of
defense against attacks.
15. 15
Are You Ready to Defend Within?
Are you currently monitoring these 4 breach risks?
Have you experienced one of these breaches?
Do you know what risks are currently in your system?
Let Courion help.
With a Quick Scan of your systems, we can show you
where your critical risks lie and how to secure them.
Get My Quick Scan>>