SlideShare a Scribd company logo

2011 SC Magazine Insider Threat Keynote

John D. Johnson
John D. Johnson

Jan 2011 SC Magazine Insider Threat Keynote by Dr. John D. Johnson, CISSP.

1 of 13
Download to read offline
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP
Insider Threat §  The insider is anyone who has been authorized to access internal systems. They originate on internal systems or are permitted special access across the perimeter (i.e. remote access) §  The insider threat is not new, however technology can allow greater access, at a distance, to sensitive data, with potentially less effort and less accountability §  The threat exists for insiders to exploit their authorized access, attack or misuse information systems
Defining The Problem §  Intentional: Economic or Malicious motivations §  Hacking and Malware §  Security Avoidance: Rules not aligned with business objectives §  Mistakes: Insiders try to follow rules §  Ignorance: Insiders don’t know rules
Economic Factors §  Economic factors may motivate individuals to do things they otherwise wouldn’t do §  The economy is just one example of external factors that may drive up incidents §  The economy may reduce security budgets, which may lead to weakened security controls and measures §  Companies that empower their employees and keep them informed may have fewer data breaches
Global, Legal & Cultural Factors §  Many gaps in security practices are exposed when a company expands into new markets/countries §  Data must be managed according to laws in the country in which it resides §  Not all cultures have the same standards when dealing with intellectual property §  The reality of how data is treated in different countries and by different cultures may necessitate new controls and measures
Data Breaches §  According to the Verizon 2009 Data Breach Investigations Report, 285 million records were compromised in 2008. §  All industries suffer from data breaches, although threat vectors may vary significantly §  The growth of financial services companies, and advances in technology put larger sets of personal data at risk §  Historical data shows external hacking, malware or theft (i.e. data tape or laptop) accounts for approximately 80% of data breaches, while the insider threat remains around 20% §  In 2008, nearly all records were compromised from online sources §  Approximately 30% of data breaches implicated business partners Source: Verizon 2009 Data Breach Investigations Report, http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf
Protecting The Data §  Proactive vs. Reactive Responses §  Learn from Past Incidents §  Encryption §  Access Controls & Monitoring §  Segmentation §  Education
Process Improvements §  People §  Pay attention to employee morale, work closely with HR §  Provide security awareness & education that is targeted and measured §  Processes §  Implement processes for managing employee privileges as their role changes §  Review rights quarterly or annually §  Keep concise security policies updated and published for easy access
Technology §  You can’t eliminate all risk, so you need to identify tools that will best address the insider threat based on past incidents at your company §  Risk management helps identify where security dollars are best spent §  Protecting data at rest and in motion is important, and this works best if you can identify the data you want to protect up front §  Most tools exist to keep honest people honest
Survey of Tools §  Data Loss Prevention §  Identity Management §  Centralized Security Logging/Reporting §  Security Event Management §  Web Authentication §  Intrusion Detection/Prevention Systems §  Network Access Controls §  Encryption
The Security Budget §  As the economy and other factors drive up the threat, the security budget needs to be maintained §  Security dollars should be spent where they can have the greatest impact §  Significant results can be had by starting with simple, low cost solutions that target “low-hanging fruit” §  Remember the principle of security in-depth
Measuring Success §  Develop consistent and meaningful metrics for measuring the efficacy of your security controls §  Develop executive dashboards and favor tools that provide real-time access to data and reporting §  Review security processes periodically to ensure they are achieving stated goals, as they legal, cultural and corporate requirements may change
Conclusion §  While the insider threat has always existed, technology magnifies the problem §  It is too late to react when a data breach makes your company front page news, be proactive §  Detecting insider attacks requires layered solutions that leverage people, processes and tools §  Don’t undervalue the impact of user education §  The most expensive solution is not always the best solution!

Recommended

ComResource Business Solutions
ComResource Business SolutionsComResource Business Solutions
ComResource Business SolutionsAnthony Dials
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guideMark Bennett
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Ernest Staats
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistancePaul-Charife Allen
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackMekhi Da ‘Quay Daniels
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Avinash Ramineni
 
Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0Satyanandan Atyam
 

Recommended

ComResource Business Solutions
ComResource Business SolutionsComResource Business Solutions
ComResource Business SolutionsAnthony Dials
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guideMark Bennett
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Ernest Staats
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistancePaul-Charife Allen
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackMekhi Da ‘Quay Daniels
 
Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Simplifying the data privacy governance quagmire building automated privacy ...
Simplifying the data privacy governance quagmire building automated privacy ...Avinash Ramineni
 
Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0Cyber Threat Landscape- Security Posture - ver 1.0
Cyber Threat Landscape- Security Posture - ver 1.0Satyanandan Atyam
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider ThreatsLancope, Inc.
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarIntergen
 
ComResource Agency Solutions
ComResource Agency SolutionsComResource Agency Solutions
ComResource Agency SolutionsAnthony Dials
 
The Datacenter Security Continuum
The Datacenter Security ContinuumThe Datacenter Security Continuum
The Datacenter Security ContinuumMartin Hingley
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
insider threat research
insider threat researchinsider threat research
insider threat researchAsma Al-maskaria
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes ObserveIT
 
Unintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeUnintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeDavid Mai, MBA
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chainTarun Gupta,CRISC CISSP CISM CISA BCCE
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessJoel Cardella
 
How to Implement an Insider Threat Program
How to Implement an Insider Threat ProgramHow to Implement an Insider Threat Program
How to Implement an Insider Threat ProgramObserveIT
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider ThreatPECB
 
Managing Insider Threat
Managing Insider Threat Managing Insider Threat
Managing Insider Threat iris_cheung
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threatzhihaochen
 
Symantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISSaazan Shrestha
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk ManagementHamed Moghaddam
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016centralohioissa
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider ThreatMurray Security Services
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsAndrew S. Baker (ASB)
 
Proactive Measures to Mitigate Insider Threat
Proactive Measures to Mitigate Insider ThreatProactive Measures to Mitigate Insider Threat
Proactive Measures to Mitigate Insider ThreatPriyanka Aash
 
Insider Threat_BAH_Turner
Insider Threat_BAH_TurnerInsider Threat_BAH_Turner
Insider Threat_BAH_TurnerBob Turner
 

More Related Content

What's hot

Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider ThreatsLancope, Inc.
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarIntergen
 
ComResource Agency Solutions
ComResource Agency SolutionsComResource Agency Solutions
ComResource Agency SolutionsAnthony Dials
 
The Datacenter Security Continuum
The Datacenter Security ContinuumThe Datacenter Security Continuum
The Datacenter Security ContinuumMartin Hingley
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes ObserveIT
 
Unintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeUnintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeDavid Mai, MBA
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessJoel Cardella
 
How to Implement an Insider Threat Program
How to Implement an Insider Threat ProgramHow to Implement an Insider Threat Program
How to Implement an Insider Threat ProgramObserveIT
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider ThreatPECB
 
Managing Insider Threat
Managing Insider Threat Managing Insider Threat
Managing Insider Threat iris_cheung
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threatzhihaochen
 
Symantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISSaazan Shrestha
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk ManagementHamed Moghaddam
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016centralohioissa
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsAndrew S. Baker (ASB)
 

What's hot (20)

Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider Threats
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
ComResource Agency Solutions
ComResource Agency SolutionsComResource Agency Solutions
ComResource Agency Solutions
 
The Datacenter Security Continuum
The Datacenter Security ContinuumThe Datacenter Security Continuum
The Datacenter Security Continuum
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
 
insider threat research
insider threat researchinsider threat research
insider threat research
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
 
Unintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric ColeUnintentional Insider Threat featuring Dr. Eric Cole
Unintentional Insider Threat featuring Dr. Eric Cole
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chain
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing business
 
How to Implement an Insider Threat Program
How to Implement an Insider Threat ProgramHow to Implement an Insider Threat Program
How to Implement an Insider Threat Program
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
 
Managing Insider Threat
Managing Insider Threat Managing Insider Threat
Managing Insider Threat
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
 
Symantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global Findings
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MIS
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and Tools
 

Viewers also liked

Proactive Measures to Mitigate Insider Threat
Proactive Measures to Mitigate Insider ThreatProactive Measures to Mitigate Insider Threat
Proactive Measures to Mitigate Insider ThreatPriyanka Aash
 
Insider Threat_BAH_Turner
Insider Threat_BAH_TurnerInsider Threat_BAH_Turner
Insider Threat_BAH_TurnerBob Turner
 
Haystax carbon for Insider Threat Management & Continuous Evaluation
Haystax carbon for Insider Threat Management & Continuous EvaluationHaystax carbon for Insider Threat Management & Continuous Evaluation
Haystax carbon for Insider Threat Management & Continuous EvaluationHaystax Technology
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessEric Schiowitz
 
第1回 Build Insider OFFLINE ― Keynote
第1回 Build Insider OFFLINE ― Keynote第1回 Build Insider OFFLINE ― Keynote
第1回 Build Insider OFFLINE ― Keynotebuildinsider
 
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...Phil Legg
 
Insider Threat – The Visual Conviction - FIRST 2007 - Sevilla
Insider Threat – The Visual Conviction - FIRST 2007 - SevillaInsider Threat – The Visual Conviction - FIRST 2007 - Sevilla
Insider Threat – The Visual Conviction - FIRST 2007 - SevillaRaffael Marty
 
Insider threat event presentation
Insider threat event presentationInsider threat event presentation
Insider threat event presentationIISPEastMids
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatMike Saunders
 
【Interop Tokyo 2016】 世界最大級の脅威情報と自社ネットワークの脅威可視化
【Interop Tokyo 2016】 世界最大級の脅威情報と自社ネットワークの脅威可視化【Interop Tokyo 2016】 世界最大級の脅威情報と自社ネットワークの脅威可視化
【Interop Tokyo 2016】 世界最大級の脅威情報と自社ネットワークの脅威可視化シスコシステムズ合同会社
 
Insider Threat Visualization - HackInTheBox 2007
Insider Threat Visualization - HackInTheBox 2007Insider Threat Visualization - HackInTheBox 2007
Insider Threat Visualization - HackInTheBox 2007Raffael Marty
 
Countering insider threat attacks - CDE themed call launch 14 May 2013
Countering insider threat attacks - CDE themed call launch 14 May 2013Countering insider threat attacks - CDE themed call launch 14 May 2013
Countering insider threat attacks - CDE themed call launch 14 May 2013Defence and Security Accelerator
 
Managing insider threat
Managing insider threatManaging insider threat
Managing insider threatmilliemill
 
The Insider's Guide to the Insider Threat
The Insider's Guide to the Insider ThreatThe Insider's Guide to the Insider Threat
The Insider's Guide to the Insider ThreatImperva
 
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...You've caught an Insider Threat, now what? The Human Side of Insider Threat I...
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...ObserveIT
 
Insider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat DetectionInsider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat DetectionObserveIT
 
5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider Threats5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider ThreatsSirius
 
Radicalisation and Insider Threat
Radicalisation and Insider ThreatRadicalisation and Insider Threat
Radicalisation and Insider Threatpradhansushil
 

Viewers also liked (20)

Proactive Measures to Mitigate Insider Threat
Proactive Measures to Mitigate Insider ThreatProactive Measures to Mitigate Insider Threat
Proactive Measures to Mitigate Insider Threat
 
Insider Threat_BAH_Turner
Insider Threat_BAH_TurnerInsider Threat_BAH_Turner
Insider Threat_BAH_Turner
 
Haystax carbon for Insider Threat Management & Continuous Evaluation
Haystax carbon for Insider Threat Management & Continuous EvaluationHaystax carbon for Insider Threat Management & Continuous Evaluation
Haystax carbon for Insider Threat Management & Continuous Evaluation
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat Awareness
 
第1回 Build Insider OFFLINE ― Keynote
第1回 Build Insider OFFLINE ― Keynote第1回 Build Insider OFFLINE ― Keynote
第1回 Build Insider OFFLINE ― Keynote
 
【Build insider女子部】
【Build insider女子部】【Build insider女子部】
【Build insider女子部】
 
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
 
Insider Threat – The Visual Conviction - FIRST 2007 - Sevilla
Insider Threat – The Visual Conviction - FIRST 2007 - SevillaInsider Threat – The Visual Conviction - FIRST 2007 - Sevilla
Insider Threat – The Visual Conviction - FIRST 2007 - Sevilla
 
Insider threat event presentation
Insider threat event presentationInsider threat event presentation
Insider threat event presentation
 
Insider Threat Experiences
Insider Threat ExperiencesInsider Threat Experiences
Insider Threat Experiences
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-Threat
 
【Interop Tokyo 2016】 世界最大級の脅威情報と自社ネットワークの脅威可視化
【Interop Tokyo 2016】 世界最大級の脅威情報と自社ネットワークの脅威可視化【Interop Tokyo 2016】 世界最大級の脅威情報と自社ネットワークの脅威可視化
【Interop Tokyo 2016】 世界最大級の脅威情報と自社ネットワークの脅威可視化
 
Insider Threat Visualization - HackInTheBox 2007
Insider Threat Visualization - HackInTheBox 2007Insider Threat Visualization - HackInTheBox 2007
Insider Threat Visualization - HackInTheBox 2007
 
Countering insider threat attacks - CDE themed call launch 14 May 2013
Countering insider threat attacks - CDE themed call launch 14 May 2013Countering insider threat attacks - CDE themed call launch 14 May 2013
Countering insider threat attacks - CDE themed call launch 14 May 2013
 
Managing insider threat
Managing insider threatManaging insider threat
Managing insider threat
 
The Insider's Guide to the Insider Threat
The Insider's Guide to the Insider ThreatThe Insider's Guide to the Insider Threat
The Insider's Guide to the Insider Threat
 
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...You've caught an Insider Threat, now what? The Human Side of Insider Threat I...
You've caught an Insider Threat, now what? The Human Side of Insider Threat I...
 
Insider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat DetectionInsider Threat Summit - The Future of Insider Threat Detection
Insider Threat Summit - The Future of Insider Threat Detection
 
5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider Threats5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider Threats
 
Radicalisation and Insider Threat
Radicalisation and Insider ThreatRadicalisation and Insider Threat
Radicalisation and Insider Threat
 

Similar to 2011 SC Magazine Insider Threat Keynote

Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?CBIZ, Inc.
 
Cyber Security and the CEO
Cyber Security and the CEOCyber Security and the CEO
Cyber Security and the CEOMicheal Axelsen
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security BackgroundNicholas Davis
 
Information security background
Information security backgroundInformation security background
Information security backgroundNicholas Davis
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
You Will Be Breached
You Will Be BreachedYou Will Be Breached
You Will Be BreachedMike Saunders
 
You will be breached
You will be breachedYou will be breached
You will be breachedMike Saunders
 
Addressing Future Risks and Legal Challenges of Insider Threats
Addressing Future Risks and Legal Challenges of Insider ThreatsAddressing Future Risks and Legal Challenges of Insider Threats
Addressing Future Risks and Legal Challenges of Insider ThreatsForcepoint LLC
 
01-introductiontosecurity-111122004432-phpapp02.pdf
01-introductiontosecurity-111122004432-phpapp02.pdf01-introductiontosecurity-111122004432-phpapp02.pdf
01-introductiontosecurity-111122004432-phpapp02.pdfRiyaSonawane
 
Business information security requirements
Business information security requirementsBusiness information security requirements
Business information security requirementsgurneyhal
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Business Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer SystemsBusiness Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer Systems- Mark - Fullbright
 
A Survey On Data Leakage Detection
A Survey On Data Leakage DetectionA Survey On Data Leakage Detection
A Survey On Data Leakage DetectionIJERA Editor
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
Security Fact & Fiction: Three Lessons from the Headlines
Security Fact & Fiction: Three Lessons from the HeadlinesSecurity Fact & Fiction: Three Lessons from the Headlines
Security Fact & Fiction: Three Lessons from the HeadlinesDuo Security
 
Proactive information security michael
Proactive information security michael Proactive information security michael
Proactive information security michael Priyanka Aash
 

Similar to 2011 SC Magazine Insider Threat Keynote (20)

Accidental Insider Threat - 2018 Version
Accidental Insider Threat - 2018 VersionAccidental Insider Threat - 2018 Version
Accidental Insider Threat - 2018 Version
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?
 
Cyber Security and the CEO
Cyber Security and the CEOCyber Security and the CEO
Cyber Security and the CEO
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
 
Information security background
Information security backgroundInformation security background
Information security background
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
You Will Be Breached
You Will Be BreachedYou Will Be Breached
You Will Be Breached
 
You will be breached
You will be breachedYou will be breached
You will be breached
 
Presentation 10.pptx
Presentation 10.pptxPresentation 10.pptx
Presentation 10.pptx
 
YBB-NW-distribution
YBB-NW-distributionYBB-NW-distribution
YBB-NW-distribution
 
Addressing Future Risks and Legal Challenges of Insider Threats
Addressing Future Risks and Legal Challenges of Insider ThreatsAddressing Future Risks and Legal Challenges of Insider Threats
Addressing Future Risks and Legal Challenges of Insider Threats
 
01-introductiontosecurity-111122004432-phpapp02.pdf
01-introductiontosecurity-111122004432-phpapp02.pdf01-introductiontosecurity-111122004432-phpapp02.pdf
01-introductiontosecurity-111122004432-phpapp02.pdf
 
Business information security requirements
Business information security requirementsBusiness information security requirements
Business information security requirements
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Business Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer SystemsBusiness Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer Systems
 
A Survey On Data Leakage Detection
A Survey On Data Leakage DetectionA Survey On Data Leakage Detection
A Survey On Data Leakage Detection
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 
Security Fact & Fiction: Three Lessons from the Headlines
Security Fact & Fiction: Three Lessons from the HeadlinesSecurity Fact & Fiction: Three Lessons from the Headlines
Security Fact & Fiction: Three Lessons from the Headlines
 
Proactive information security michael
Proactive information security michael Proactive information security michael
Proactive information security michael
 

More from John D. Johnson

Security & Privacy Considerations for Advancing Technology
Security & Privacy Considerations for Advancing TechnologySecurity & Privacy Considerations for Advancing Technology
Security & Privacy Considerations for Advancing TechnologyJohn D. Johnson
 
IoT and the industrial Internet of Things - june 20 2019
IoT and the industrial Internet of Things - june 20 2019IoT and the industrial Internet of Things - june 20 2019
IoT and the industrial Internet of Things - june 20 2019John D. Johnson
 
All The Things: Security, Privacy & Safety in a World of Connected Devices
All The Things: Security, Privacy & Safety in a World of Connected DevicesAll The Things: Security, Privacy & Safety in a World of Connected Devices
All The Things: Security, Privacy & Safety in a World of Connected DevicesJohn D. Johnson
 
Fundamentals of Light and Matter
Fundamentals of Light and MatterFundamentals of Light and Matter
Fundamentals of Light and MatterJohn D. Johnson
 
CERIAS Symposium: John Johnson, Future of Cybersecurity 2050
CERIAS Symposium: John Johnson, Future of Cybersecurity 2050CERIAS Symposium: John Johnson, Future of Cybersecurity 2050
CERIAS Symposium: John Johnson, Future of Cybersecurity 2050John D. Johnson
 
Managing Enterprise Risk: Why U No Haz Metrics?
Managing Enterprise Risk: Why U No Haz Metrics?Managing Enterprise Risk: Why U No Haz Metrics?
Managing Enterprise Risk: Why U No Haz Metrics?John D. Johnson
 
Presenting Metrics to the Executive Team
Presenting Metrics to the Executive TeamPresenting Metrics to the Executive Team
Presenting Metrics to the Executive TeamJohn D. Johnson
 
Big Data: Big Deal or Big Brother?
Big Data: Big Deal or Big Brother?Big Data: Big Deal or Big Brother?
Big Data: Big Deal or Big Brother?John D. Johnson
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtJohn D. Johnson
 
Cyber Education ISACA 25 April 2017
Cyber Education ISACA 25 April 2017Cyber Education ISACA 25 April 2017
Cyber Education ISACA 25 April 2017John D. Johnson
 
Discovering a Universe Beyond the Cosmic Shore
Discovering a Universe Beyond the Cosmic ShoreDiscovering a Universe Beyond the Cosmic Shore
Discovering a Universe Beyond the Cosmic ShoreJohn D. Johnson
 
AITP Presentation on Mobile Security
AITP Presentation on Mobile SecurityAITP Presentation on Mobile Security
AITP Presentation on Mobile SecurityJohn D. Johnson
 
Security & Privacy in Cloud Computing
Security & Privacy in Cloud ComputingSecurity & Privacy in Cloud Computing
Security & Privacy in Cloud ComputingJohn D. Johnson
 

More from John D. Johnson (14)

Security & Privacy Considerations for Advancing Technology
Security & Privacy Considerations for Advancing TechnologySecurity & Privacy Considerations for Advancing Technology
Security & Privacy Considerations for Advancing Technology
 
IoT and the industrial Internet of Things - june 20 2019
IoT and the industrial Internet of Things - june 20 2019IoT and the industrial Internet of Things - june 20 2019
IoT and the industrial Internet of Things - june 20 2019
 
All The Things: Security, Privacy & Safety in a World of Connected Devices
All The Things: Security, Privacy & Safety in a World of Connected DevicesAll The Things: Security, Privacy & Safety in a World of Connected Devices
All The Things: Security, Privacy & Safety in a World of Connected Devices
 
Fundamentals of Light and Matter
Fundamentals of Light and MatterFundamentals of Light and Matter
Fundamentals of Light and Matter
 
CERIAS Symposium: John Johnson, Future of Cybersecurity 2050
CERIAS Symposium: John Johnson, Future of Cybersecurity 2050CERIAS Symposium: John Johnson, Future of Cybersecurity 2050
CERIAS Symposium: John Johnson, Future of Cybersecurity 2050
 
Managing Enterprise Risk: Why U No Haz Metrics?
Managing Enterprise Risk: Why U No Haz Metrics?Managing Enterprise Risk: Why U No Haz Metrics?
Managing Enterprise Risk: Why U No Haz Metrics?
 
Presenting Metrics to the Executive Team
Presenting Metrics to the Executive TeamPresenting Metrics to the Executive Team
Presenting Metrics to the Executive Team
 
Big Data: Big Deal or Big Brother?
Big Data: Big Deal or Big Brother?Big Data: Big Deal or Big Brother?
Big Data: Big Deal or Big Brother?
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
 
Cyber Education ISACA 25 April 2017
Cyber Education ISACA 25 April 2017Cyber Education ISACA 25 April 2017
Cyber Education ISACA 25 April 2017
 
Discovering a Universe Beyond the Cosmic Shore
Discovering a Universe Beyond the Cosmic ShoreDiscovering a Universe Beyond the Cosmic Shore
Discovering a Universe Beyond the Cosmic Shore
 
AITP Presentation on Mobile Security
AITP Presentation on Mobile SecurityAITP Presentation on Mobile Security
AITP Presentation on Mobile Security
 
Security & Privacy in Cloud Computing
Security & Privacy in Cloud ComputingSecurity & Privacy in Cloud Computing
Security & Privacy in Cloud Computing
 
Mars Talk for IEEE
Mars Talk for IEEEMars Talk for IEEE
Mars Talk for IEEE
 

2011 SC Magazine Insider Threat Keynote

  • 1. Managing Data Against Insider Threats Dr. John D. Johnson, CISSP
  • 2. Insider Threat §  The insider is anyone who has been authorized to access internal systems. They originate on internal systems or are permitted special access across the perimeter (i.e. remote access) §  The insider threat is not new, however technology can allow greater access, at a distance, to sensitive data, with potentially less effort and less accountability §  The threat exists for insiders to exploit their authorized access, attack or misuse information systems
  • 3. Defining The Problem §  Intentional: Economic or Malicious motivations §  Hacking and Malware §  Security Avoidance: Rules not aligned with business objectives §  Mistakes: Insiders try to follow rules §  Ignorance: Insiders don’t know rules
  • 4. Economic Factors §  Economic factors may motivate individuals to do things they otherwise wouldn’t do §  The economy is just one example of external factors that may drive up incidents §  The economy may reduce security budgets, which may lead to weakened security controls and measures §  Companies that empower their employees and keep them informed may have fewer data breaches
  • 5. Global, Legal & Cultural Factors §  Many gaps in security practices are exposed when a company expands into new markets/countries §  Data must be managed according to laws in the country in which it resides §  Not all cultures have the same standards when dealing with intellectual property §  The reality of how data is treated in different countries and by different cultures may necessitate new controls and measures
  • 6. Data Breaches §  According to the Verizon 2009 Data Breach Investigations Report, 285 million records were compromised in 2008. §  All industries suffer from data breaches, although threat vectors may vary significantly §  The growth of financial services companies, and advances in technology put larger sets of personal data at risk §  Historical data shows external hacking, malware or theft (i.e. data tape or laptop) accounts for approximately 80% of data breaches, while the insider threat remains around 20% §  In 2008, nearly all records were compromised from online sources §  Approximately 30% of data breaches implicated business partners Source: Verizon 2009 Data Breach Investigations Report, http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf
  • 7. Protecting The Data §  Proactive vs. Reactive Responses §  Learn from Past Incidents §  Encryption §  Access Controls & Monitoring §  Segmentation §  Education
  • 8. Process Improvements §  People §  Pay attention to employee morale, work closely with HR §  Provide security awareness & education that is targeted and measured §  Processes §  Implement processes for managing employee privileges as their role changes §  Review rights quarterly or annually §  Keep concise security policies updated and published for easy access
  • 9. Technology §  You can’t eliminate all risk, so you need to identify tools that will best address the insider threat based on past incidents at your company §  Risk management helps identify where security dollars are best spent §  Protecting data at rest and in motion is important, and this works best if you can identify the data you want to protect up front §  Most tools exist to keep honest people honest
  • 10. Survey of Tools §  Data Loss Prevention §  Identity Management §  Centralized Security Logging/Reporting §  Security Event Management §  Web Authentication §  Intrusion Detection/Prevention Systems §  Network Access Controls §  Encryption
  • 11. The Security Budget §  As the economy and other factors drive up the threat, the security budget needs to be maintained §  Security dollars should be spent where they can have the greatest impact §  Significant results can be had by starting with simple, low cost solutions that target “low-hanging fruit” §  Remember the principle of security in-depth
  • 12. Measuring Success §  Develop consistent and meaningful metrics for measuring the efficacy of your security controls §  Develop executive dashboards and favor tools that provide real-time access to data and reporting §  Review security processes periodically to ensure they are achieving stated goals, as they legal, cultural and corporate requirements may change
  • 13. Conclusion §  While the insider threat has always existed, technology magnifies the problem §  It is too late to react when a data breach makes your company front page news, be proactive §  Detecting insider attacks requires layered solutions that leverage people, processes and tools §  Don’t undervalue the impact of user education §  The most expensive solution is not always the best solution!