Submit Search
Upload
Top 10 steps towards eliminating inside threats by paresh thakkar
•
Download as PPTX, PDF
•
0 likes
•
597 views
Paresh Thakkar
Follow
Information security, Insider threats, IT infrastructure management, CIO, CTO
Read less
Read more
Business
Technology
Report
Share
Report
Share
1 of 16
Download now
Recommended
Data Recovery Best Practices - Survival of the Fittest
Data Recovery Best Practices - Survival of the Fittest
Net at Work
Netreo whitepaper 5 ways to avoid it management becoming shelfware
Netreo whitepaper 5 ways to avoid it management becoming shelfware
Peter Reynolds
How to Close the SecOps Gap
How to Close the SecOps Gap
BMC Software
Why SMBs Outsource IT to MSPs
Why SMBs Outsource IT to MSPs
The TNS Group
Fulcrum Group- Layer Your DR/BC
Fulcrum Group- Layer Your DR/BC
Steve Meek
V mware quick start guide to disaster recovery
V mware quick start guide to disaster recovery
VMware_EMEA
Dpa sam ltrk-marts2013_arturs_lazdekalns
Dpa sam ltrk-marts2013_arturs_lazdekalns
ebuc
Advantages and disadvantages of cloud based manufacturing software
Advantages and disadvantages of cloud based manufacturing software
MRPeasy
Recommended
Data Recovery Best Practices - Survival of the Fittest
Data Recovery Best Practices - Survival of the Fittest
Net at Work
Netreo whitepaper 5 ways to avoid it management becoming shelfware
Netreo whitepaper 5 ways to avoid it management becoming shelfware
Peter Reynolds
How to Close the SecOps Gap
How to Close the SecOps Gap
BMC Software
Why SMBs Outsource IT to MSPs
Why SMBs Outsource IT to MSPs
The TNS Group
Fulcrum Group- Layer Your DR/BC
Fulcrum Group- Layer Your DR/BC
Steve Meek
V mware quick start guide to disaster recovery
V mware quick start guide to disaster recovery
VMware_EMEA
Dpa sam ltrk-marts2013_arturs_lazdekalns
Dpa sam ltrk-marts2013_arturs_lazdekalns
ebuc
Advantages and disadvantages of cloud based manufacturing software
Advantages and disadvantages of cloud based manufacturing software
MRPeasy
It msp white paper
It msp white paper
Imaging Network Technology, LLC
How to Calculate ROI for Network Management & Monitoring
How to Calculate ROI for Network Management & Monitoring
SolarWinds
Cloud vs on premise guide
Cloud vs on premise guide
Kaizenlogcom
Advanced 365 SME - Disaster recovery
Advanced 365 SME - Disaster recovery
Lee Power
managed-it-services
managed-it-services
www.itcorp.com.au
BOSS deploy presentation
BOSS deploy presentation
Sue Baxter
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...
Amazon Web Services
Project Proposal - Improving Employee Efficiency
Project Proposal - Improving Employee Efficiency
Megan B. McDaniel
Level Up to a Seamless End-User Experience
Level Up to a Seamless End-User Experience
VMware
Fixes that fail: Decommissioning
Fixes that fail: Decommissioning
Systems Thinking IT
Business Continuation The Basics
Business Continuation The Basics
guest13df88e8
Group 4 Networks Assessment Outline
Group 4 Networks Assessment Outline
dgrubisa
Expetec Company Overview
Expetec Company Overview
expetec
Ch01
Ch01
Raja Waseem Akhtar
The Five Myths of Cloud-Based Disaster Recovery
The Five Myths of Cloud-Based Disaster Recovery
Axcient
Executive Primer on Business Continuity Planning
Executive Primer on Business Continuity Planning
RickMark
On designing and deploying internet scale services
On designing and deploying internet scale services
billowqiu
Power of the Platform: Andy Walker, BMC Software
Power of the Platform: Andy Walker, BMC Software
BMC Software
NiTO Ebook
NiTO Ebook
NiTOROMInc
Silver_Pro_Active_email
Silver_Pro_Active_email
Jeff Stoodley
AG Resume 2015
AG Resume 2015
Goll Sirleaf
Cyber Security
Cyber Security
viimsikool
More Related Content
What's hot
It msp white paper
It msp white paper
Imaging Network Technology, LLC
How to Calculate ROI for Network Management & Monitoring
How to Calculate ROI for Network Management & Monitoring
SolarWinds
Cloud vs on premise guide
Cloud vs on premise guide
Kaizenlogcom
Advanced 365 SME - Disaster recovery
Advanced 365 SME - Disaster recovery
Lee Power
managed-it-services
managed-it-services
www.itcorp.com.au
BOSS deploy presentation
BOSS deploy presentation
Sue Baxter
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...
Amazon Web Services
Project Proposal - Improving Employee Efficiency
Project Proposal - Improving Employee Efficiency
Megan B. McDaniel
Level Up to a Seamless End-User Experience
Level Up to a Seamless End-User Experience
VMware
Fixes that fail: Decommissioning
Fixes that fail: Decommissioning
Systems Thinking IT
Business Continuation The Basics
Business Continuation The Basics
guest13df88e8
Group 4 Networks Assessment Outline
Group 4 Networks Assessment Outline
dgrubisa
Expetec Company Overview
Expetec Company Overview
expetec
Ch01
Ch01
Raja Waseem Akhtar
The Five Myths of Cloud-Based Disaster Recovery
The Five Myths of Cloud-Based Disaster Recovery
Axcient
Executive Primer on Business Continuity Planning
Executive Primer on Business Continuity Planning
RickMark
On designing and deploying internet scale services
On designing and deploying internet scale services
billowqiu
Power of the Platform: Andy Walker, BMC Software
Power of the Platform: Andy Walker, BMC Software
BMC Software
NiTO Ebook
NiTO Ebook
NiTOROMInc
Silver_Pro_Active_email
Silver_Pro_Active_email
Jeff Stoodley
What's hot
(20)
It msp white paper
It msp white paper
How to Calculate ROI for Network Management & Monitoring
How to Calculate ROI for Network Management & Monitoring
Cloud vs on premise guide
Cloud vs on premise guide
Advanced 365 SME - Disaster recovery
Advanced 365 SME - Disaster recovery
managed-it-services
managed-it-services
BOSS deploy presentation
BOSS deploy presentation
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...
The System Administrator Role in the Cloud Era: Better Than Ever (ENT212) | A...
Project Proposal - Improving Employee Efficiency
Project Proposal - Improving Employee Efficiency
Level Up to a Seamless End-User Experience
Level Up to a Seamless End-User Experience
Fixes that fail: Decommissioning
Fixes that fail: Decommissioning
Business Continuation The Basics
Business Continuation The Basics
Group 4 Networks Assessment Outline
Group 4 Networks Assessment Outline
Expetec Company Overview
Expetec Company Overview
Ch01
Ch01
The Five Myths of Cloud-Based Disaster Recovery
The Five Myths of Cloud-Based Disaster Recovery
Executive Primer on Business Continuity Planning
Executive Primer on Business Continuity Planning
On designing and deploying internet scale services
On designing and deploying internet scale services
Power of the Platform: Andy Walker, BMC Software
Power of the Platform: Andy Walker, BMC Software
NiTO Ebook
NiTO Ebook
Silver_Pro_Active_email
Silver_Pro_Active_email
Viewers also liked
AG Resume 2015
AG Resume 2015
Goll Sirleaf
Cyber Security
Cyber Security
viimsikool
Preventing zero day cyber attacks
Preventing zero day cyber attacks
Paresh Thakkar
CismPrepGuide
CismPrepGuide
statisense
Cism course ppt
Cism course ppt
sophiarock123
Fateh Jhang Field Report
Fateh Jhang Field Report
AHMAD GHANI
Ammmmmmmuuuuuullllll
Ammmmmmmuuuuuullllll
vishdhwani
Vet in - Edicion N°3
Vet in - Edicion N°3
Agrovet Market Animal Health
Industry rfid in container yards
Industry rfid in container yards
Paresh Thakkar
Day 4 mansehra balakot road section
Day 4 mansehra balakot road section
kashif008
introducción curso de ozono
introducción curso de ozono
ZONE LIFE/OZONOVET ozonoterapia
William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...
centralohioissa
Margalla hills field report
Margalla hills field report
AHMAD GHANI
Self Presentation
Self Presentation
PIYUSH BAJAJ
Soft Skills For Engineers
Soft Skills For Engineers
Dr.Edward Anand.E
Personality of Technical Communicators
Personality of Technical Communicators
Deborah E-S Hemstreet
Location Based Services Verhaert
Location Based Services Verhaert
Verhaert Masters in Innovation
My Thesis
My Thesis
Ehtisham Khursheed
Viewers also liked
(18)
AG Resume 2015
AG Resume 2015
Cyber Security
Cyber Security
Preventing zero day cyber attacks
Preventing zero day cyber attacks
CismPrepGuide
CismPrepGuide
Cism course ppt
Cism course ppt
Fateh Jhang Field Report
Fateh Jhang Field Report
Ammmmmmmuuuuuullllll
Ammmmmmmuuuuuullllll
Vet in - Edicion N°3
Vet in - Edicion N°3
Industry rfid in container yards
Industry rfid in container yards
Day 4 mansehra balakot road section
Day 4 mansehra balakot road section
introducción curso de ozono
introducción curso de ozono
William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...
Margalla hills field report
Margalla hills field report
Self Presentation
Self Presentation
Soft Skills For Engineers
Soft Skills For Engineers
Personality of Technical Communicators
Personality of Technical Communicators
Location Based Services Verhaert
Location Based Services Verhaert
My Thesis
My Thesis
Similar to Top 10 steps towards eliminating inside threats by paresh thakkar
5 Reasons Why IT Managed Services in Washington, DC, Are the Best.pdf
5 Reasons Why IT Managed Services in Washington, DC, Are the Best.pdf
BerryHughes
NLOGIX
NLOGIX
Harsha Pai Reinventing Enterprise Solutions
Best practices-in-lifecycle-management-white-paper-15663
Best practices-in-lifecycle-management-white-paper-15663
dbrea
ISS CAPSTONE TEAM
ISS CAPSTONE TEAM
Jonathan Fuller
Puppet automated config_mgmt
Puppet automated config_mgmt
uNIX Jim
More
More
Alex Badalic
Risk aware query replacement approach for secure databases performance manage...
Risk aware query replacement approach for secure databases performance manage...
LeMeniz Infotech
Brighttalk brining it all together - final
Brighttalk brining it all together - final
Andrew White
NG-Brochure
NG-Brochure
Trevor Gordon
The New Rules For IT Security - SME's
The New Rules For IT Security - SME's
Bright Technology
NARCA Presentation - IT Best Practice
NARCA Presentation - IT Best Practice
Brenda Majewski
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
ThousandEyes
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
ThousandEyes
Ppt Template
Ppt Template
papdev
CMMS Basics and Beyond: How to Get the Most Out of Maintenance Management Sof...
CMMS Basics and Beyond: How to Get the Most Out of Maintenance Management Sof...
Margeaux Girardin
UnitOnePresentationSlides.pptx
UnitOnePresentationSlides.pptx
BLACKSPAROW
Best practices in networks and infrastructure
Best practices in networks and infrastructure
nicholas njoroge
The Advantages and Pitfalls of Data Centre Consolidation
The Advantages and Pitfalls of Data Centre Consolidation
DAYWATCHER.COM
Zinia managed services brochure
Zinia managed services brochure
David Pereira
MIS.pptx
MIS.pptx
Pradeep Jangra
Similar to Top 10 steps towards eliminating inside threats by paresh thakkar
(20)
5 Reasons Why IT Managed Services in Washington, DC, Are the Best.pdf
5 Reasons Why IT Managed Services in Washington, DC, Are the Best.pdf
NLOGIX
NLOGIX
Best practices-in-lifecycle-management-white-paper-15663
Best practices-in-lifecycle-management-white-paper-15663
ISS CAPSTONE TEAM
ISS CAPSTONE TEAM
Puppet automated config_mgmt
Puppet automated config_mgmt
More
More
Risk aware query replacement approach for secure databases performance manage...
Risk aware query replacement approach for secure databases performance manage...
Brighttalk brining it all together - final
Brighttalk brining it all together - final
NG-Brochure
NG-Brochure
The New Rules For IT Security - SME's
The New Rules For IT Security - SME's
NARCA Presentation - IT Best Practice
NARCA Presentation - IT Best Practice
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
Ppt Template
Ppt Template
CMMS Basics and Beyond: How to Get the Most Out of Maintenance Management Sof...
CMMS Basics and Beyond: How to Get the Most Out of Maintenance Management Sof...
UnitOnePresentationSlides.pptx
UnitOnePresentationSlides.pptx
Best practices in networks and infrastructure
Best practices in networks and infrastructure
The Advantages and Pitfalls of Data Centre Consolidation
The Advantages and Pitfalls of Data Centre Consolidation
Zinia managed services brochure
Zinia managed services brochure
MIS.pptx
MIS.pptx
Recently uploaded
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
Ravindra Nath Shukla
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Dave Litwiller
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Denis Gagné
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
Ravindra Nath Shukla
DEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docx
RodelinaLaud
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
lizamodels9
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Dipal Arora
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
karancommunications
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
anilsa9823
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
Holger Mueller
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
divyansh0kumar0
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Tina Ji
KestrelPro Flyer Japan IT Week 2024 (English)
KestrelPro Flyer Japan IT Week 2024 (English)
Data Analytics Company - 47Billion Inc.
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Dipal Arora
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
Matteo Carbone
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
Andy Lambert
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Lviv Startup Club
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
Call girls in Ahmedabad High profile
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
noida100girls
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
Renandantas16
Recently uploaded
(20)
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
DEPED Work From Home WORKWEEK-PLAN.docx
DEPED Work From Home WORKWEEK-PLAN.docx
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
KestrelPro Flyer Japan IT Week 2024 (English)
KestrelPro Flyer Japan IT Week 2024 (English)
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
Top 10 steps towards eliminating inside threats by paresh thakkar
1.
Compiled by Paresh
Thakkar CISM, MBA Based on an original article in CSO FORUM by Paul Kenyon
2.
Background • Computer networks
are complicated and keeping them secure depends on a multitude of factors. However at the core of these activities are administrative rights that make it possible to fundamentally alter the configuration of the desktop PC, its applications and network linkages • A slight error by an admin can result in malicious code getting installed and running on the company server, potentially compromising the company network. • Once a problem occurs, it often unravels into a downward spiral taking your business and reputation – down with it. 2© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
3.
Why this presentation? •
These 10 steps would help mitigate your organisation’s risk that mostly revolve around taking “Least Privilege” approach, meaning end-users can perform their jobs with ease, but without threatening organisation’s security. • Here are 10 steps that you can take towards making “Least Privilege” a reality 3© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
4.
• Operating systems
work based on certain files and folders that are within the Windows folder, and registry…If these are modified without IT department knowledge, the system can become unstable, and the chances of Data Leakage increase. IT should be made accountable and responsible to control what applications a user can install, or change. • Regular evaluation of security risks, combined with application whitelisting is essential in providing an extra layer of defence. 4© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
5.
• The proliferation
of personal devices into the workplace has increased complexity and cost of defence for an organisation. Create a balance of personal and corporate devices, and even have role based eligibility model. • If an employee justifies the use of a device, the onus is on the organisation to establish its compliance with company policy, with clear matrix of support responsibility, and business continuity in event of loss of device 5© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
6.
• Lock down
machines so users can only change their desktop config. NOT THE CORE system – this also reduces support calls and costs. • Move to managed services, eg. use Microsoft Group Policy, and Microsoft System Centre. • These enable effective deployment of services such as automated patch management and software distribution/updates 6© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
7.
• Security is
often seen as too limiting for users if not well-planned and implemented. • You can actually improve the user experience and give privilige back to users who were previously excessively limited. • Give users feedback on activities, rather than completely blocking them from resources. This would lower calls to the helpdesk, thereby lowering support costs. 7© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
8.
• Ask yourself
– have I maximised the use of Active directory in my organisation? It can be used very effectively to derive higher efficiencies and productivity of employee time. • More Granular control of user activities is possible, without adversely impacting them, thereby boosting productivity. • Mobile device Management solutions help comply with company policies even with personal devices. Use them to ensure personal devices do not leak corporate data. Have a standard minimum configuration of devices published. 8© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
9.
• Excess admin
privilege == Lost Productivity • User who does not understand how much power his comp+admin rights have, can be a severe threat to your network…think Denial of service, flood of traffic, spambot and what not… • Least privilege environment increases stability of the network as well as quality of traffic on the network 9© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
10.
• Research about
all compliances that your organisation need to comply with. This will reduce regulatory penalties. All compliance directly or indirectly impose the minimum privilige to complete everyday tasks. • Eg. PCI DSS [Payment card Industry Data security standard] states that the organisation must ensure that privileged user IDs are restricted to the least amount of privilege needed to perform their jobs. 10© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
11.
• Help educate
the employee about safe computing and acceptable use policy. • Make public posters about possible threats around them, make them visible in public areas such as the utilities, pantry, canteen etc. • This also helps build customer confidence, increase reputation of the organisation, and goodwill. 11© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
12.
• Simply put,
secure and managed systems are cheaper to support, thus making security a business enabler, rather than a cost/expense • Publish knowledge base, Process, Work-Flows on need to know basis, so panic calls to help desk are avoided. Self Help systems definitely reduce support costs. • Continuous incremental approach to security would see continuous reduction in support costs. 12© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
13.
• As discussed
in Step 1, unauthorised and uncatalogued config changes can be disastrous. As it is, systems are complex. Simplify by removing any local administrative rights, intregate systems in a central active directory, enforce group policy centrally, without which network access is disallowed. • Give flexibility to line of business applications, NOT the core Operating system. • Build a centrally available store of approved applications that can be installed. These can be for all the types of devices in your organisation: Blackberry, Android, Iphone, Windows, Java etc. 13© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
14.
SO, WE REDUCE
INSIDER THREAT BY: 1 • REGULARLY EVALUATE RISKS 2 • MINIMISE DEVICES 3 • MOVE TO MANAGED ENVIRONMENT 4 • IMPROVE END-USER EXPERIENCE 5 • MAXIMISE THE ACTIVE DIRECTORY 6 • IMPROVE NETWORK UPTIME 7 • REGULATORY COMPLIANCE 8 • DEMONSTRATE DUE DELIGENCE 9 • ANALYSE SUPPORT COST 10 • REDUCE COMPLEXITY 14© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
15.
ENDNOTE Organisations need to
leverage least privilege management to achieve a smart balance for an IT environment where everyone can be productive while remaining secure. It all boils down to a logical decision: Do you want the best of both the worlds, productivity and security? 15 PRODUCTIVITY SECURITY © Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
16.
I AM REACHABLE
ON PCTHAKKAR @ GMAIL . COM 16 @pcthakkar/pcthakkar © Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
Download now