SlideShare a Scribd company logo

Privileged User Risk Hiperstation Application Audit Reveals Privileged User Risk

Download as PPTX, PDF
Compuware
Compuware

This document discusses the risks posed by privileged users and insiders and how application auditing with Hiperstation can help address those risks. It provides examples of how Hiperstation was used to investigate a fraud case by searching the audit logs, identify inefficient practices to improve employee performance, and help diagnose a system failure. The benefits of application auditing with Hiperstation include deterring fraud, ensuring data security, understanding application usage, providing forensic evidence, and enabling faster issue resolution for customers.

Technology
1 of 38
1 Hiperstation Application Audit: Privileged User or Insider Risk? Steven D Murray and Charlie Foord
2 DATA SECURITY LANDSCAPE Stephen D Murray
3 Privileged Users • Privileged users are employees with high levels of authority over company’s technology • Include: – Database administrators – Developers – Support technicians – Operations individuals – Client-facing personnel – Back office staff – Contractors or other third party partners – And more!
4 • 25% of employees have unnecessary privileged access to company data1 • Typically results from • Membership in group with privileged access; receive authority by default • Role changes; retain access that is no longer required • Unnecessary privileged access can leave companies open to insider risk of data breaches Privileged User Data Access 1 Privileged User Abuse & The Insider Threat Commissioned by Raytheon Company from Ponemon Institute LLC, May 2014
5 Types of Insider Risk 1. Fraudulent use of data – Profits individual committing fraud – Most common type of insider risk 2. Malicious exposure of data – Goal = damage company – Typically committed by disgruntled employees
6 Types of Insider Risk 3. Inappropriate use of data – Information collected without malice but outside of role – Example: employee views famous customer’s shopping habits for amusement 4. Inadvertent data exposure (blagging/pretexting) – Information learned through role, but inadvertently shared with external individuals – Example: employee unintentionally reveals too much internal information to journalist while trying to be helpful
7 The Risk Is Real April 3, 2014 BBC news reports Scottish police officers are being investigated for breaching data protection laws whilst on duty • Six individuals convicted in 2013 • 55 other open cases “It would be a ‘major concern’ if information were passed to criminals” - Labour's Justice spokesman
8 The Risk is Real Nearly 2,500 breaches of confidentiality by NHS each year1 1 According to an investigation by a privacy campaign group. BBC, November 2014. Number of Cases Result 50 Data posted on social media 103 Data lost or stolen 236 Data shared via email, letter or fax 251 Data inappropriately shared with third party EXAMPLES
9 The Threat: Privileged User Abuse Source: Raytheon White Paper
10 Combating the Risk • Limit number of privileged users – More users = higher risk – Avoid blanket rights – Modify rights when roles change • Periodically review security rules and enforcement • Continually educate staff on data protection and risks of exposing information • Insure yourself with Application Auditing
11 • Monitor applications to ensure security and data integrity Application Auditing
12 Application Auditing • Monitors applications to ensure security and data integrity • “Big Brother” connotation, but actually protects employees and company by keeping record of activities
13 Application Auditing • Deters individuals from committing fraud by increasing likelihood of being caught – Decreases malicious risk • Monitors applications to ensure security and data integrity • “Big Brother” connotation, but actually protects employees and company by keeping record of activities
14 • Protects data security Application Auditing • Deters individuals from committing fraud by increasing likelihood of being caught – Decreases malicious risk • Monitors applications to ensure security and data integrity • “Big Brother” connotation, but actually protects employees and company by keeping record of activities
15 Application Auditing Benefits • Provides insight into actual application use – Actual use might differ from IS’s perception – Better design future maintenance and development plans to reflect actual usage
16 • Can provide forensic evidence for court cases if data breach occurs – Logs show what was exposed, by who and when Application Auditing Benefits • Provides insight into actual application use – Actual use might differ from IS’s perception – Better design future maintenance and development plans to reflect actual usage
17 Application Auditing Benefits • Assist customer support reps solve problems faster – No longer need to recreate client’s problem – View log to see issues leading up to and occurring during error • Can provide forensic evidence for court cases if data breach occurs – Logs show what was exposed, by who and when • Provides insight into actual application use – Actual use might differ from IS’s perception – Better design future maintenance and development plans to reflect actual usage
18 • Provides insight into actual application use – Might differ from IS’s perception – Better design future maintenance and development plans that reflect actual usage • Can provide forensic evidence for court cases if data breach occurs – Logs show what was exposed, by who and when • Assist customer support reps solve problems faster – No longer need to recreate client’s problem – View log to see issues leading up to and occurring during error Application Auditing Benefits • Identify patterns by setting up automated search to proactively look for issues before they occur
19 USE CASE: FRAUD Charlie Foord
20 • Charlie (telesales rep) takes phone order – Uses CICS application to enter name, address, product, quantity and credit card details Use Case: Fraud
21 • One day later, police contact company with claim that credit card was used fraudulently • Police know credit card number and that it was used at company • Doug (company security manager) is asked to investigate: – Who took order within company – What details were captured – When order was placed – Any other relevant details available Use Case: Fraud
22 • Doug accesses Hiperstation, which audits all mainframe applications including order processing CICS system Use Case: Fraud
23 • Leverage Hiperstation’s application auditing component to search for specific order by choosing audit file from day that order was placed and entering credit card number into search string Use Case: Fraud
24 Use Case: Fraud • Search shows session that used credit card with exact screen and order details including who placed order and when • Company can also provide audio logos of call from here Session Using Credit Card Number Credit Card Number Employee who took order
25 Use Case: Fraud • Report also shows second session using same credit card number
26 • Second order details show Steven (another telesales rep) used same credit card to process this order • Proved that Charlie was innocent • Information and audio logs for both sessions can be provided to police Use Case: Fraud Second Session Using Credit Card Number
27 • Using Hiperstation, security manager can document sessions Use Case: Fraud
28 • Simple PDF captures all relevant data • Can be leveraged in police investigation and as forensic evidence in court Use Case: Fraud
29 USE CASE: IMPROVING EMPLOYEE EFFICIENCY Charlie Foord
30 • While investigating fraud case, Doug noticed Steven uses twice as many screens as Charlie – Steven’s transactions are more resource intensive and use more CPU than other employees Use Case: Increasing Employee Efficiency
31 • Doug investigates further and sees error messages on each of Steven’s screens prompting him to enter another field • Rather than filling out screen completely and pressing <enter>, Steven uses <enter> like <tab>, increasing required resources to execute transaction • Lazy practices cause extra transactions to run • Doug can now train Steven on how to more efficiently enter orders Use Case: Increasing Employee Efficiency
32 USE CASE: IDENTIFYING AND SOLVING PROBLEMS Charlie Foord
33 • Doug also noticed that Steven experienced system failure • Can set up search on “abend” to locate error Use Case: Identifying and Solving Problems
34 • Results show screens prior to abend and details on what product was being ordered • Can investigate data validity • Helps quickly diagnose problems Use Case: Identifying and Solving Problems Screen prior to Abend
35 Additional Benefits of Hiperstation • Don’t have to be skilled on mainframe to identify issues or gather information within Hiperstation • Didn’t need ISPF or 3270 screens to process initial fraud request • All of these features are inherent functions of Hiperstation
36 • Is not Big Brother • Deters fraud and malicious acts • Ensures data security as breaches can be found and dealt with quickly and effectively, minimizing impact on reputation and finances • Facilitates understanding of actual application usage that can be used to improve user experience and for future development • Provides forensic evidence for court cases as needed • Enables customer support to resolve client issues without recreating problem • Gain information needed to react to events and set up proactive searches for breaches Application Auditing with Hiperstation
37 • Allows companies to protect privileged users and reduce insider risk of data breaches Hiperstation Application Auditing
38

Recommended

Getting Ready for GDPR
Getting Ready for GDPRGetting Ready for GDPR
Getting Ready for GDPRJessvin Thomas
 
Insider Threat Experiences
Insider Threat ExperiencesInsider Threat Experiences
Insider Threat ExperiencesNapier University
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider ThreatsLancope, Inc.
 
CYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSCYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSScott Suhy
 
Reconnaissance and Social Engineering
Reconnaissance and Social EngineeringReconnaissance and Social Engineering
Reconnaissance and Social EngineeringVarunjeet Singh Rekhi
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3Lancope, Inc.
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityStephen Cobb
 
Cyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCapri Insurance
 

Recommended

Getting Ready for GDPR
Getting Ready for GDPRGetting Ready for GDPR
Getting Ready for GDPRJessvin Thomas
 
Insider Threat Experiences
Insider Threat ExperiencesInsider Threat Experiences
Insider Threat ExperiencesNapier University
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider ThreatsLancope, Inc.
 
CYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSCYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSScott Suhy
 
Reconnaissance and Social Engineering
Reconnaissance and Social EngineeringReconnaissance and Social Engineering
Reconnaissance and Social EngineeringVarunjeet Singh Rekhi
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3Lancope, Inc.
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityStephen Cobb
 
Cyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCapri Insurance
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackMekhi Da ‘Quay Daniels
 
Powerpoint v7
Powerpoint v7Powerpoint v7
Powerpoint v7Veronica Pereira
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider ThreatPECB
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
3.6 legislation and regulations
3.6 legislation and regulations3.6 legislation and regulations
3.6 legislation and regulationsmrmwood
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chainTarun Gupta,CRISC CISSP CISM CISA BCCE
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Asad Zaman
 
Take your SOC Beyond SIEM
Take your SOC Beyond SIEMTake your SOC Beyond SIEM
Take your SOC Beyond SIEMThomas Springer
 
VAPT Infomagnum
VAPT InfomagnumVAPT Infomagnum
VAPT InfomagnumARUN REDDY M
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider ThreatMurray Security Services
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...- Mark - Fullbright
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?CBIZ, Inc.
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatMike Saunders
 
Increasing Challenges in Healthcare Privacy and Security
Increasing Challenges in Healthcare Privacy and SecurityIncreasing Challenges in Healthcare Privacy and Security
Increasing Challenges in Healthcare Privacy and SecurityCynergisTek, Inc.
 
SEC440: Incident Response Plan
SEC440: Incident Response PlanSEC440: Incident Response Plan
SEC440: Incident Response PlanThomas Christopher Ty
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider ThreatLancope, Inc.
 
Unintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeUnintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeDavid Mai, MBA
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Incident response process
Incident response processIncident response process
Incident response processBhupeshkumar Nanhe
 
Top 10 Security Challenges
Top 10 Security ChallengesTop 10 Security Challenges
Top 10 Security ChallengesJorge Sebastiao
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyResilient Systems
 
Are You Prepared For a Data Breach
Are You Prepared For a Data BreachAre You Prepared For a Data Breach
Are You Prepared For a Data BreachBrian Heidelberger
 

More Related Content

What's hot

Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackMekhi Da ‘Quay Daniels
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider ThreatPECB
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
3.6 legislation and regulations
3.6 legislation and regulations3.6 legislation and regulations
3.6 legislation and regulationsmrmwood
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Asad Zaman
 
Take your SOC Beyond SIEM
Take your SOC Beyond SIEMTake your SOC Beyond SIEM
Take your SOC Beyond SIEMThomas Springer
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...- Mark - Fullbright
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?CBIZ, Inc.
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatMike Saunders
 
Increasing Challenges in Healthcare Privacy and Security
Increasing Challenges in Healthcare Privacy and SecurityIncreasing Challenges in Healthcare Privacy and Security
Increasing Challenges in Healthcare Privacy and SecurityCynergisTek, Inc.
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider ThreatLancope, Inc.
 
Unintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeUnintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeDavid Mai, MBA
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Top 10 Security Challenges
Top 10 Security ChallengesTop 10 Security Challenges
Top 10 Security ChallengesJorge Sebastiao
 

What's hot (20)

Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of Attack
 
Powerpoint v7
Powerpoint v7Powerpoint v7
Powerpoint v7
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
 
3.6 legislation and regulations
3.6 legislation and regulations3.6 legislation and regulations
3.6 legislation and regulations
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chain
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1
 
Take your SOC Beyond SIEM
Take your SOC Beyond SIEMTake your SOC Beyond SIEM
Take your SOC Beyond SIEM
 
VAPT Infomagnum
VAPT InfomagnumVAPT Infomagnum
VAPT Infomagnum
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-Threat
 
Increasing Challenges in Healthcare Privacy and Security
Increasing Challenges in Healthcare Privacy and SecurityIncreasing Challenges in Healthcare Privacy and Security
Increasing Challenges in Healthcare Privacy and Security
 
SEC440: Incident Response Plan
SEC440: Incident Response PlanSEC440: Incident Response Plan
SEC440: Incident Response Plan
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
 
Unintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeUnintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric Cole
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Incident response process
Incident response processIncident response process
Incident response process
 
Top 10 Security Challenges
Top 10 Security ChallengesTop 10 Security Challenges
Top 10 Security Challenges
 

Similar to Privileged User Risk Hiperstation Application Audit Reveals Privileged User Risk

Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyResilient Systems
 
Are You Prepared For a Data Breach
Are You Prepared For a Data BreachAre You Prepared For a Data Breach
Are You Prepared For a Data BreachBrian Heidelberger
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15E Andrew Keeney
 
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
3rd Party Risk: Practical Considerations for Privacy & Security Due DiligenceResilient Systems
 
Legal Issues Associated with Third-Party Cyber Risk
Legal Issues Associated with Third-Party Cyber RiskLegal Issues Associated with Third-Party Cyber Risk
Legal Issues Associated with Third-Party Cyber RiskShawn Tuma
 
GDPR: The Application Security Twist
GDPR: The Application Security TwistGDPR: The Application Security Twist
GDPR: The Application Security TwistSecurity Innovation
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issuesJagdeepSingh394
 
Data protection within development
Data protection within developmentData protection within development
Data protection within developmentowaspsuffolk
 
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security ProsPrivacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security ProsNicholas Van Exan
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team SportQuarles & Brady
 
Flash Friday: Data Quality & GDPR
Flash Friday: Data Quality & GDPRFlash Friday: Data Quality & GDPR
Flash Friday: Data Quality & GDPRPrecisely
 
Don't panic - cyber security for the faint hearted
Don't panic - cyber security for the faint heartedDon't panic - cyber security for the faint hearted
Don't panic - cyber security for the faint heartedIRIS
 
How to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramHow to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramFinancial Poise
 
IT risk discusion qustion.pdf
IT risk discusion qustion.pdfIT risk discusion qustion.pdf
IT risk discusion qustion.pdfstirlingvwriters
 

Similar to Privileged User Risk Hiperstation Application Audit Reveals Privileged User Risk (20)

Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The Ugly
 
Are You Prepared For a Data Breach
Are You Prepared For a Data BreachAre You Prepared For a Data Breach
Are You Prepared For a Data Breach
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15
 
Cybersecurity Workshop
Cybersecurity Workshop Cybersecurity Workshop
Cybersecurity Workshop
 
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
 
Legal Issues Associated with Third-Party Cyber Risk
Legal Issues Associated with Third-Party Cyber RiskLegal Issues Associated with Third-Party Cyber Risk
Legal Issues Associated with Third-Party Cyber Risk
 
GDPR: The Application Security Twist
GDPR: The Application Security TwistGDPR: The Application Security Twist
GDPR: The Application Security Twist
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
nerfslides.pptx
nerfslides.pptxnerfslides.pptx
nerfslides.pptx
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issues
 
Data protection within development
Data protection within developmentData protection within development
Data protection within development
 
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security ProsPrivacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team Sport
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
 
Isa 2
Isa 2 Isa 2
Isa 2
 
Flash Friday: Data Quality & GDPR
Flash Friday: Data Quality & GDPRFlash Friday: Data Quality & GDPR
Flash Friday: Data Quality & GDPR
 
Don't panic - cyber security for the faint hearted
Don't panic - cyber security for the faint heartedDon't panic - cyber security for the faint hearted
Don't panic - cyber security for the faint hearted
 
How to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramHow to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security Program
 
IT risk discusion qustion.pdf
IT risk discusion qustion.pdfIT risk discusion qustion.pdf
IT risk discusion qustion.pdf
 

More from Compuware

SCM Transformation Challenges and How to Overcome Them
SCM Transformation Challenges and How to Overcome ThemSCM Transformation Challenges and How to Overcome Them
SCM Transformation Challenges and How to Overcome ThemCompuware
 
The Importance of Data for DevOps: How TCF Bank Meets Test Data Challenges
The Importance of Data for DevOps: How TCF Bank Meets Test Data ChallengesThe Importance of Data for DevOps: How TCF Bank Meets Test Data Challenges
The Importance of Data for DevOps: How TCF Bank Meets Test Data ChallengesCompuware
 
Modernize Your COBOL Testing Processes with Compuware and SonarSource [Webcast]
Modernize Your COBOL Testing Processes with Compuware and SonarSource [Webcast]Modernize Your COBOL Testing Processes with Compuware and SonarSource [Webcast]
Modernize Your COBOL Testing Processes with Compuware and SonarSource [Webcast]Compuware
 
Ignite Mainframe Agility: Fast and Accurate Development with Topaz
Ignite Mainframe Agility: Fast and Accurate Development with TopazIgnite Mainframe Agility: Fast and Accurate Development with Topaz
Ignite Mainframe Agility: Fast and Accurate Development with TopazCompuware
 
What's New in ThruPut Manager [On-demand Webcast]
What's New in ThruPut Manager [On-demand Webcast]What's New in ThruPut Manager [On-demand Webcast]
What's New in ThruPut Manager [On-demand Webcast]Compuware
 
Enterprise DevOps and the Modern Mainframe Webcast Presentation
Enterprise DevOps and the Modern Mainframe Webcast PresentationEnterprise DevOps and the Modern Mainframe Webcast Presentation
Enterprise DevOps and the Modern Mainframe Webcast PresentationCompuware
 
Detecting Insider Threats with Multi-layered Security Webcast
Detecting Insider Threats with Multi-layered Security Webcast Detecting Insider Threats with Multi-layered Security Webcast
Detecting Insider Threats with Multi-layered Security Webcast Compuware
 
A Day in the Life of Cross-platform, DevOps-enabled Team
A Day in the Life of Cross-platform, DevOps-enabled Team A Day in the Life of Cross-platform, DevOps-enabled Team
A Day in the Life of Cross-platform, DevOps-enabled Team Compuware
 
How Busy Is Too Busy? Automating Your System for Maximum Throughput
How Busy Is Too Busy? Automating Your System for Maximum Throughput How Busy Is Too Busy? Automating Your System for Maximum Throughput
How Busy Is Too Busy? Automating Your System for Maximum Throughput Compuware
 
The Do's and Don'ts of Mainframe Modernization
The Do's and Don'ts of Mainframe ModernizationThe Do's and Don'ts of Mainframe Modernization
The Do's and Don'ts of Mainframe ModernizationCompuware
 
A Day in the Life of an Agile Mainframe Developer: A Naturally Agile Approach...
A Day in the Life of an Agile Mainframe Developer: A Naturally Agile Approach...A Day in the Life of an Agile Mainframe Developer: A Naturally Agile Approach...
A Day in the Life of an Agile Mainframe Developer: A Naturally Agile Approach...Compuware
 
Using Compuware Strobe to Save CPU: 4 Real-life Cases from the Files of CPT G...
Using Compuware Strobe to Save CPU: 4 Real-life Cases from the Files of CPT G...Using Compuware Strobe to Save CPU: 4 Real-life Cases from the Files of CPT G...
Using Compuware Strobe to Save CPU: 4 Real-life Cases from the Files of CPT G...Compuware
 
Building a Millennial Mainframe Powerhouse: 7 Tips to Attract and Retain Mill...
Building a Millennial Mainframe Powerhouse: 7 Tips to Attract and Retain Mill...Building a Millennial Mainframe Powerhouse: 7 Tips to Attract and Retain Mill...
Building a Millennial Mainframe Powerhouse: 7 Tips to Attract and Retain Mill...Compuware
 
See the App Performance Future with Predictive Analytics Webcast
See the App Performance Future with Predictive Analytics WebcastSee the App Performance Future with Predictive Analytics Webcast
See the App Performance Future with Predictive Analytics WebcastCompuware
 
What's New in Strobe? August 2016 Webcast
What's New in Strobe? August 2016 WebcastWhat's New in Strobe? August 2016 Webcast
What's New in Strobe? August 2016 WebcastCompuware
 
Unified Deployment: Including the Mainframe in Enterprise DevOps
Unified Deployment: Including the Mainframe in Enterprise DevOpsUnified Deployment: Including the Mainframe in Enterprise DevOps
Unified Deployment: Including the Mainframe in Enterprise DevOpsCompuware
 
Go Fast, Go Safe, Go on Vacation - Compuware ISPW Webcast
Go Fast, Go Safe, Go on Vacation - Compuware ISPW Webcast Go Fast, Go Safe, Go on Vacation - Compuware ISPW Webcast
Go Fast, Go Safe, Go on Vacation - Compuware ISPW Webcast Compuware
 
A Customer's Journey to Mainstreaming the Mainframe Webcast On-demand Replay
A Customer's Journey to Mainstreaming the Mainframe Webcast On-demand ReplayA Customer's Journey to Mainstreaming the Mainframe Webcast On-demand Replay
A Customer's Journey to Mainstreaming the Mainframe Webcast On-demand ReplayCompuware
 
Don’t Settle for Old-school SCM: Fail Faster? How about Don’t Fail at All?
Don’t Settle for Old-school SCM: Fail Faster? How about Don’t Fail at All?Don’t Settle for Old-school SCM: Fail Faster? How about Don’t Fail at All?
Don’t Settle for Old-school SCM: Fail Faster? How about Don’t Fail at All?Compuware
 
What’s New in Topaz Workbench Webcast
What’s New in Topaz Workbench WebcastWhat’s New in Topaz Workbench Webcast
What’s New in Topaz Workbench WebcastCompuware
 

More from Compuware (20)

SCM Transformation Challenges and How to Overcome Them
SCM Transformation Challenges and How to Overcome ThemSCM Transformation Challenges and How to Overcome Them
SCM Transformation Challenges and How to Overcome Them
 
The Importance of Data for DevOps: How TCF Bank Meets Test Data Challenges
The Importance of Data for DevOps: How TCF Bank Meets Test Data ChallengesThe Importance of Data for DevOps: How TCF Bank Meets Test Data Challenges
The Importance of Data for DevOps: How TCF Bank Meets Test Data Challenges
 
Modernize Your COBOL Testing Processes with Compuware and SonarSource [Webcast]
Modernize Your COBOL Testing Processes with Compuware and SonarSource [Webcast]Modernize Your COBOL Testing Processes with Compuware and SonarSource [Webcast]
Modernize Your COBOL Testing Processes with Compuware and SonarSource [Webcast]
 
Ignite Mainframe Agility: Fast and Accurate Development with Topaz
Ignite Mainframe Agility: Fast and Accurate Development with TopazIgnite Mainframe Agility: Fast and Accurate Development with Topaz
Ignite Mainframe Agility: Fast and Accurate Development with Topaz
 
What's New in ThruPut Manager [On-demand Webcast]
What's New in ThruPut Manager [On-demand Webcast]What's New in ThruPut Manager [On-demand Webcast]
What's New in ThruPut Manager [On-demand Webcast]
 
Enterprise DevOps and the Modern Mainframe Webcast Presentation
Enterprise DevOps and the Modern Mainframe Webcast PresentationEnterprise DevOps and the Modern Mainframe Webcast Presentation
Enterprise DevOps and the Modern Mainframe Webcast Presentation
 
Detecting Insider Threats with Multi-layered Security Webcast
Detecting Insider Threats with Multi-layered Security Webcast Detecting Insider Threats with Multi-layered Security Webcast
Detecting Insider Threats with Multi-layered Security Webcast
 
A Day in the Life of Cross-platform, DevOps-enabled Team
A Day in the Life of Cross-platform, DevOps-enabled Team A Day in the Life of Cross-platform, DevOps-enabled Team
A Day in the Life of Cross-platform, DevOps-enabled Team
 
How Busy Is Too Busy? Automating Your System for Maximum Throughput
How Busy Is Too Busy? Automating Your System for Maximum Throughput How Busy Is Too Busy? Automating Your System for Maximum Throughput
How Busy Is Too Busy? Automating Your System for Maximum Throughput
 
The Do's and Don'ts of Mainframe Modernization
The Do's and Don'ts of Mainframe ModernizationThe Do's and Don'ts of Mainframe Modernization
The Do's and Don'ts of Mainframe Modernization
 
A Day in the Life of an Agile Mainframe Developer: A Naturally Agile Approach...
A Day in the Life of an Agile Mainframe Developer: A Naturally Agile Approach...A Day in the Life of an Agile Mainframe Developer: A Naturally Agile Approach...
A Day in the Life of an Agile Mainframe Developer: A Naturally Agile Approach...
 
Using Compuware Strobe to Save CPU: 4 Real-life Cases from the Files of CPT G...
Using Compuware Strobe to Save CPU: 4 Real-life Cases from the Files of CPT G...Using Compuware Strobe to Save CPU: 4 Real-life Cases from the Files of CPT G...
Using Compuware Strobe to Save CPU: 4 Real-life Cases from the Files of CPT G...
 
Building a Millennial Mainframe Powerhouse: 7 Tips to Attract and Retain Mill...
Building a Millennial Mainframe Powerhouse: 7 Tips to Attract and Retain Mill...Building a Millennial Mainframe Powerhouse: 7 Tips to Attract and Retain Mill...
Building a Millennial Mainframe Powerhouse: 7 Tips to Attract and Retain Mill...
 
See the App Performance Future with Predictive Analytics Webcast
See the App Performance Future with Predictive Analytics WebcastSee the App Performance Future with Predictive Analytics Webcast
See the App Performance Future with Predictive Analytics Webcast
 
What's New in Strobe? August 2016 Webcast
What's New in Strobe? August 2016 WebcastWhat's New in Strobe? August 2016 Webcast
What's New in Strobe? August 2016 Webcast
 
Unified Deployment: Including the Mainframe in Enterprise DevOps
Unified Deployment: Including the Mainframe in Enterprise DevOpsUnified Deployment: Including the Mainframe in Enterprise DevOps
Unified Deployment: Including the Mainframe in Enterprise DevOps
 
Go Fast, Go Safe, Go on Vacation - Compuware ISPW Webcast
Go Fast, Go Safe, Go on Vacation - Compuware ISPW Webcast Go Fast, Go Safe, Go on Vacation - Compuware ISPW Webcast
Go Fast, Go Safe, Go on Vacation - Compuware ISPW Webcast
 
A Customer's Journey to Mainstreaming the Mainframe Webcast On-demand Replay
A Customer's Journey to Mainstreaming the Mainframe Webcast On-demand ReplayA Customer's Journey to Mainstreaming the Mainframe Webcast On-demand Replay
A Customer's Journey to Mainstreaming the Mainframe Webcast On-demand Replay
 
Don’t Settle for Old-school SCM: Fail Faster? How about Don’t Fail at All?
Don’t Settle for Old-school SCM: Fail Faster? How about Don’t Fail at All?Don’t Settle for Old-school SCM: Fail Faster? How about Don’t Fail at All?
Don’t Settle for Old-school SCM: Fail Faster? How about Don’t Fail at All?
 
What’s New in Topaz Workbench Webcast
What’s New in Topaz Workbench WebcastWhat’s New in Topaz Workbench Webcast
What’s New in Topaz Workbench Webcast
 

Recently uploaded

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 

Recently uploaded (20)

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 

Privileged User Risk Hiperstation Application Audit Reveals Privileged User Risk

  • 1. 1 Hiperstation Application Audit: Privileged User or Insider Risk? Steven D Murray and Charlie Foord
  • 3. 3 Privileged Users • Privileged users are employees with high levels of authority over company’s technology • Include: – Database administrators – Developers – Support technicians – Operations individuals – Client-facing personnel – Back office staff – Contractors or other third party partners – And more!
  • 4. 4 • 25% of employees have unnecessary privileged access to company data1 • Typically results from • Membership in group with privileged access; receive authority by default • Role changes; retain access that is no longer required • Unnecessary privileged access can leave companies open to insider risk of data breaches Privileged User Data Access 1 Privileged User Abuse & The Insider Threat Commissioned by Raytheon Company from Ponemon Institute LLC, May 2014
  • 5. 5 Types of Insider Risk 1. Fraudulent use of data – Profits individual committing fraud – Most common type of insider risk 2. Malicious exposure of data – Goal = damage company – Typically committed by disgruntled employees
  • 6. 6 Types of Insider Risk 3. Inappropriate use of data – Information collected without malice but outside of role – Example: employee views famous customer’s shopping habits for amusement 4. Inadvertent data exposure (blagging/pretexting) – Information learned through role, but inadvertently shared with external individuals – Example: employee unintentionally reveals too much internal information to journalist while trying to be helpful
  • 7. 7 The Risk Is Real April 3, 2014 BBC news reports Scottish police officers are being investigated for breaching data protection laws whilst on duty • Six individuals convicted in 2013 • 55 other open cases “It would be a ‘major concern’ if information were passed to criminals” - Labour's Justice spokesman
  • 8. 8 The Risk is Real Nearly 2,500 breaches of confidentiality by NHS each year1 1 According to an investigation by a privacy campaign group. BBC, November 2014. Number of Cases Result 50 Data posted on social media 103 Data lost or stolen 236 Data shared via email, letter or fax 251 Data inappropriately shared with third party EXAMPLES
  • 9. 9 The Threat: Privileged User Abuse Source: Raytheon White Paper
  • 10. 10 Combating the Risk • Limit number of privileged users – More users = higher risk – Avoid blanket rights – Modify rights when roles change • Periodically review security rules and enforcement • Continually educate staff on data protection and risks of exposing information • Insure yourself with Application Auditing
  • 11. 11 • Monitor applications to ensure security and data integrity Application Auditing
  • 12. 12 Application Auditing • Monitors applications to ensure security and data integrity • “Big Brother” connotation, but actually protects employees and company by keeping record of activities
  • 13. 13 Application Auditing • Deters individuals from committing fraud by increasing likelihood of being caught – Decreases malicious risk • Monitors applications to ensure security and data integrity • “Big Brother” connotation, but actually protects employees and company by keeping record of activities
  • 14. 14 • Protects data security Application Auditing • Deters individuals from committing fraud by increasing likelihood of being caught – Decreases malicious risk • Monitors applications to ensure security and data integrity • “Big Brother” connotation, but actually protects employees and company by keeping record of activities
  • 15. 15 Application Auditing Benefits • Provides insight into actual application use – Actual use might differ from IS’s perception – Better design future maintenance and development plans to reflect actual usage
  • 16. 16 • Can provide forensic evidence for court cases if data breach occurs – Logs show what was exposed, by who and when Application Auditing Benefits • Provides insight into actual application use – Actual use might differ from IS’s perception – Better design future maintenance and development plans to reflect actual usage
  • 17. 17 Application Auditing Benefits • Assist customer support reps solve problems faster – No longer need to recreate client’s problem – View log to see issues leading up to and occurring during error • Can provide forensic evidence for court cases if data breach occurs – Logs show what was exposed, by who and when • Provides insight into actual application use – Actual use might differ from IS’s perception – Better design future maintenance and development plans to reflect actual usage
  • 18. 18 • Provides insight into actual application use – Might differ from IS’s perception – Better design future maintenance and development plans that reflect actual usage • Can provide forensic evidence for court cases if data breach occurs – Logs show what was exposed, by who and when • Assist customer support reps solve problems faster – No longer need to recreate client’s problem – View log to see issues leading up to and occurring during error Application Auditing Benefits • Identify patterns by setting up automated search to proactively look for issues before they occur
  • 20. 20 • Charlie (telesales rep) takes phone order – Uses CICS application to enter name, address, product, quantity and credit card details Use Case: Fraud
  • 21. 21 • One day later, police contact company with claim that credit card was used fraudulently • Police know credit card number and that it was used at company • Doug (company security manager) is asked to investigate: – Who took order within company – What details were captured – When order was placed – Any other relevant details available Use Case: Fraud
  • 22. 22 • Doug accesses Hiperstation, which audits all mainframe applications including order processing CICS system Use Case: Fraud
  • 23. 23 • Leverage Hiperstation’s application auditing component to search for specific order by choosing audit file from day that order was placed and entering credit card number into search string Use Case: Fraud
  • 24. 24 Use Case: Fraud • Search shows session that used credit card with exact screen and order details including who placed order and when • Company can also provide audio logos of call from here Session Using Credit Card Number Credit Card Number Employee who took order
  • 25. 25 Use Case: Fraud • Report also shows second session using same credit card number
  • 26. 26 • Second order details show Steven (another telesales rep) used same credit card to process this order • Proved that Charlie was innocent • Information and audio logs for both sessions can be provided to police Use Case: Fraud Second Session Using Credit Card Number
  • 27. 27 • Using Hiperstation, security manager can document sessions Use Case: Fraud
  • 28. 28 • Simple PDF captures all relevant data • Can be leveraged in police investigation and as forensic evidence in court Use Case: Fraud
  • 30. 30 • While investigating fraud case, Doug noticed Steven uses twice as many screens as Charlie – Steven’s transactions are more resource intensive and use more CPU than other employees Use Case: Increasing Employee Efficiency
  • 31. 31 • Doug investigates further and sees error messages on each of Steven’s screens prompting him to enter another field • Rather than filling out screen completely and pressing <enter>, Steven uses <enter> like <tab>, increasing required resources to execute transaction • Lazy practices cause extra transactions to run • Doug can now train Steven on how to more efficiently enter orders Use Case: Increasing Employee Efficiency
  • 32. 32 USE CASE: IDENTIFYING AND SOLVING PROBLEMS Charlie Foord
  • 33. 33 • Doug also noticed that Steven experienced system failure • Can set up search on “abend” to locate error Use Case: Identifying and Solving Problems
  • 34. 34 • Results show screens prior to abend and details on what product was being ordered • Can investigate data validity • Helps quickly diagnose problems Use Case: Identifying and Solving Problems Screen prior to Abend
  • 35. 35 Additional Benefits of Hiperstation • Don’t have to be skilled on mainframe to identify issues or gather information within Hiperstation • Didn’t need ISPF or 3270 screens to process initial fraud request • All of these features are inherent functions of Hiperstation
  • 36. 36 • Is not Big Brother • Deters fraud and malicious acts • Ensures data security as breaches can be found and dealt with quickly and effectively, minimizing impact on reputation and finances • Facilitates understanding of actual application usage that can be used to improve user experience and for future development • Provides forensic evidence for court cases as needed • Enables customer support to resolve client issues without recreating problem • Gain information needed to react to events and set up proactive searches for breaches Application Auditing with Hiperstation
  • 37. 37 • Allows companies to protect privileged users and reduce insider risk of data breaches Hiperstation Application Auditing
  • 38. 38