SlideShare une entreprise Scribd logo

SharePoint Security Playbook [eBook]

Imperva
Imperva

The SharePoint Security Playbook [eBook] outlines the five lines of defense you need to secure your SharePoint environment from both internal and external threats.

TechnologieActualités & Politique
1  sur  15
Télécharger pour lire hors ligne
SharePoint Security Playbook 5 Lines of Defense You Need to Secure Your SharePoint Environment SharePoint Security Resource Kit
Contents IT’S TIME TO THINK ABOUT SHAREPOINT SECURITY Challenge 1: Ensure access rights remain aligned with business needs Challenge 2: Address compliance mandates Challenge 3: Respond to suspicious activity in real time Challenge 4: Protect Web applications from attack Challenge 5: Take control when migrating data Conclusion: SharePoint Security Checklist ABOUT IMPERVA SharePoint Security Resource Kit
It’s Time to Think about SharePoint Security The increasing use of Microsoft SharePoint to store sensitive business data and extend access and collaboration to partners, customers, and suppliers has outpaced native SharePoint security capabilities. More and more organizations are storing and accessing sensitive, regulated information through this platform. To improve business security, organizations must invest in organizing, managing, and protecting these valuable assets. By implementing the five lines of defense outlined in this playbook, you will be able to overcome operational challenges and protect your SharePoint deployments against both internal and external threats. SharePoint Security Resource Kit
CHALLENGE #1 Ensure access rights remain aligned with business needs. “ Unstructured data now accounts for SharePoint Security Gap Without an aggregated, centralized system to view rights information, SharePoint permissions for each site collection must first be extracted to an Excel spreadsheet and then more than 90% of combined by hand to analyze. And, that analysis must be ” done manually within Excel or exported – yet again – to a the Digital Universe. third-party analytics platform. -IDC 2011 SharePoint Security Resource Kit
CHALLENGE #1 Ensure access rights remain aligned with business needs. The Play The Advantage Aggregate permissions across the entire SharePoint deployment and - Understand who has access to what data or, conversely, what data any given automate the review process to keep rights aligned with business needs. user or group can access, and how that access was assigned or inherited. - Simplify the process of identifying where excessive access rights have been granted, if there are dormant users, and who owns each item and document. - Help administrators and data owners establish a baseline snapshot of access rights and conduct rights reviews. SharePoint Security Resource Kit
CHALLENGE #2 Address compliance mandates. “ 60% of organizations have yet to bring SharePoint SharePoint Security Gap Native SharePoint activity monitoring lacks an intuitive, easy-to-use interface for reporting and analytics. Without a third-party solution, businesses must first decode into line with existing data SharePoint’s internal representation of log data before ” they can access meaningful information. compliance policies. -AIIM 2011 SharePoint Security Resource Kit
CHALLENGE #2 Address compliance mandates. The Play The Advantage Use enterprise-class technology that combines permissions and activity - Generate compliance reports on-time and tailored to each recipient’s needs. details to automate compliance reporting. - Drill down, filter, and organize data. - Enrich native data with relevant information, such as type of data, department, and data owner. SharePoint Security Resource Kit
CHALLENGE #3 Respond to suspicious activity in real time. “ 96% of breaches were avoidable through SharePoint Security Gap Native SharePoint activity auditing does not provide the ability to automatically analyze access activity and respond with an alert or block. simple or intermediate controls. ” -Verizon Data Breach Report 2011 SharePoint Security Resource Kit
CHALLENGE #3 Respond to suspicious activity in real time. ?! The Play The Advantage Use a policy framework to build rules across SharePoint’s Web, - Monitor, control, and respond to suspicious activity in real time. file, and database components to identify suspicious behavior and - Balance the need for trust and openness with security concerns. complement native access controls. SharePoint Security Resource Kit
CHALLENGE #4 Protect Web applications from attack. “ 31% of organizations are using SharePoint for externally facing SharePoint Security Gap Native SharePoint does not include Web application firewall protection. Web sites, and another 47% are planning to do so. ” -Forrester Research, Inc. 2011 SharePoint Security Resource Kit
CHALLENGE #4 Protect Web applications from attack. Keep Out (PLEASE) ADMIN DATABASE SharePoint The Play The Advantage Deploy a proven Web application firewall (WAF) technology. - Provide a powerful defense against common attacks, such as SQL injection and cross-site scripting. - Streamline and automate regulatory compliance. - Mitigate data risk. SharePoint Security Resource Kit
CHALLENGE #5 Take control when migrating data. “ SharePoint 2010 deployments grew SharePoint Security Gap SharePoint enforces access controls for files using Access Control Lists (ACLs). What makes native permissions challenging, however, is that SharePoint 5x in the past lacks an automated way to ensure that ACLs remain ” aligned with business needs. six months. -Global 360 2011 SharePoint Security Resource Kit
CHALLENGE #5 Take control when migrating data. The Play The Advantage Identify where excessive access rights have been granted, and use file - Keep rights aligned with business needs. activity monitoring to locate stale data that can be archived or deleted. - Free up storage space and reduce the amount of data that must be actively managed. SharePoint Security Resource Kit
SharePoint Security Checklist Jump start your Microsoft SharePoint security efforts with this quick reference guide Get ahead of all SharePoint deployments Protect Web sites from external attack Implement a SharePoint governance policy Identify SharePoint Web applications that work with sensitive data Put security requirements in place when SharePoint instances go live Deploy a Web application firewall to monitor and protect sensitive SharePoint Look beyond native SharePoint security features Web sites, portals, and intranets Specify what kind of information can be put on SharePoint Respond to suspicious activity such as external users accessing admin pages Concentrate on business-critical assets first Enable auditing for compliance and forensics Start with regulated, employee, or proprietary data, Who owns this data? and intellectual property Who accessed this data? Streamline access to a “business need-to-know” level When and what did they access? Identify and clean up dormant users and stale data Have there been repeated failed login attempts? Alert on unauthorized access Establish a regular review cycle for dormant users, stale data, and excessive rights Work with data owners to manage user access Locate data owners Create permission reports so data owners have visibility into who can access their data Validate with owners that access to data is legitimate Create usage reports so owners can see who is accessing their data SharePoint Security Resource Kit
About Imperva Imperva data security solutions provide visibility and control of high-value business data across critical systems within the data center. Imperva SecureSphere includes database, file, and Web application security solutions that prioritize and mitigate risks to business data, protect against hackers and malicious insiders, and streamline regulatory compliance. Find Us on the Web | Contact Us Direct | Read our Blog | Facebook | Twitter | SlideShare | YouTube Imperva Headquarters 3400 Bridge Parkway, Suite 200 Redwood Shores, CA 94065 Tel: +1-650-345-9000 Fax: +1-650-345-9004 Toll Free (U.S. only): +1-866-926-4678 www.imperva.com SharePoint Security Resource Kit © Copyright 2012 Imperva, Inc. All rights reserved. Imperva, the Imperva logo and SecureSphere are trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.

Recommandé

Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Managementn|u - The Open Security Community
 
Patch and Vulnerability Management
Patch and Vulnerability ManagementPatch and Vulnerability Management
Patch and Vulnerability ManagementMarcelo Martins
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)danb02
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 

Recommandé

Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Managementn|u - The Open Security Community
 
Patch and Vulnerability Management
Patch and Vulnerability ManagementPatch and Vulnerability Management
Patch and Vulnerability ManagementMarcelo Martins
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)danb02
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Security Operation Center - Design & Build
Security Operation Center - Design & BuildSecurity Operation Center - Design & Build
Security Operation Center - Design & BuildSameer Paradia
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...EC-Council
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDumindu Pahalawatta
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityEng Hasan Shamroukh CISCO Exams Author
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices Ivanti
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
NIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapNIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapWAJAHAT IQBAL
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesSlideTeam
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK frameworkBhushan Gurav
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
Effective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsEffective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsBSides Delhi
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfParishSummer
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...AlienVault
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Mother always said "Did You Ask?": SharePoint 2010 Permissions
Mother always said "Did You Ask?": SharePoint 2010 PermissionsMother always said "Did You Ask?": SharePoint 2010 Permissions
Mother always said "Did You Ask?": SharePoint 2010 PermissionsRegroove
 
SharePoint Permissions Overview
SharePoint Permissions OverviewSharePoint Permissions Overview
SharePoint Permissions OverviewFrancois Pienaar
 

Contenu connexe

Tendances

Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...EC-Council
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDumindu Pahalawatta
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices Ivanti
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
NIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapNIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapWAJAHAT IQBAL
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesSlideTeam
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK frameworkBhushan Gurav
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 
Effective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsEffective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsBSides Delhi
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfParishSummer
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...AlienVault
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 

Tendances (20)

Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 
NIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapNIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - Mindmap
 
Cybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation SlidesCybersecurity Incident Management Powerpoint Presentation Slides
Cybersecurity Incident Management Powerpoint Presentation Slides
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK framework
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
Effective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security ControlsEffective Cyber Defense Using CIS Critical Security Controls
Effective Cyber Defense Using CIS Critical Security Controls
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Security operation center
Security operation centerSecurity operation center
Security operation center
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 

En vedette

Mother always said "Did You Ask?": SharePoint 2010 Permissions
Mother always said "Did You Ask?": SharePoint 2010 PermissionsMother always said "Did You Ask?": SharePoint 2010 Permissions
Mother always said "Did You Ask?": SharePoint 2010 PermissionsRegroove
 
SharePoint Permissions Overview
SharePoint Permissions OverviewSharePoint Permissions Overview
SharePoint Permissions OverviewFrancois Pienaar
 
SharePoint Security A to Z
SharePoint Security A to ZSharePoint Security A to Z
SharePoint Security A to ZSteve Goldberg
 
SharePoint Permissions Worst Practices
SharePoint Permissions Worst PracticesSharePoint Permissions Worst Practices
SharePoint Permissions Worst PracticesBobby Chang
 
MOSS2007 Security
MOSS2007 SecurityMOSS2007 Security
MOSS2007 Securitydropkic
 
Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...
Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...
Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...Michael Noel
 
SharePoint 2013 Security (IT Pro)
SharePoint 2013 Security (IT Pro)SharePoint 2013 Security (IT Pro)
SharePoint 2013 Security (IT Pro)fabianmoritz
 
SharePoint Information Architecture Best Practices
SharePoint Information Architecture Best PracticesSharePoint Information Architecture Best Practices
SharePoint Information Architecture Best PracticesStephanie Lemieux
 
Introduction to SharePoint Information Architecture
Introduction to SharePoint Information ArchitectureIntroduction to SharePoint Information Architecture
Introduction to SharePoint Information ArchitectureGregory Zelfond
 
Alles Meta oder was?
Alles Meta oder was?Alles Meta oder was?
Alles Meta oder was?steffen meier
 
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...AntonioMaio2
 
SharePoint 2013 Einführung und Anwenderschulung
SharePoint 2013 Einführung und AnwenderschulungSharePoint 2013 Einführung und Anwenderschulung
SharePoint 2013 Einführung und AnwenderschulungLocatech IT Solutions GmbH
 
Introduction to Information Architecture
Introduction to Information ArchitectureIntroduction to Information Architecture
Introduction to Information ArchitectureMike Crabb
 

En vedette (18)

Mother always said "Did You Ask?": SharePoint 2010 Permissions
Mother always said "Did You Ask?": SharePoint 2010 PermissionsMother always said "Did You Ask?": SharePoint 2010 Permissions
Mother always said "Did You Ask?": SharePoint 2010 Permissions
 
SharePoint Permissions Overview
SharePoint Permissions OverviewSharePoint Permissions Overview
SharePoint Permissions Overview
 
SharePoint Security A to Z
SharePoint Security A to ZSharePoint Security A to Z
SharePoint Security A to Z
 
SharePoint Permissions Worst Practices
SharePoint Permissions Worst PracticesSharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
 
MOSS2007 Security
MOSS2007 SecurityMOSS2007 Security
MOSS2007 Security
 
SharePoint 2007 Security
SharePoint 2007 SecuritySharePoint 2007 Security
SharePoint 2007 Security
 
Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...
Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...
Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...
 
Security & Compliance in SharePoint 2010 und SharePoint 2013
Security & Compliance in SharePoint 2010 und SharePoint 2013Security & Compliance in SharePoint 2010 und SharePoint 2013
Security & Compliance in SharePoint 2010 und SharePoint 2013
 
Metadaten und Dokumentation
Metadaten und DokumentationMetadaten und Dokumentation
Metadaten und Dokumentation
 
Webdesign mit SharePoint 2013
Webdesign mit SharePoint 2013Webdesign mit SharePoint 2013
Webdesign mit SharePoint 2013
 
SharePoint 2013 Security (IT Pro)
SharePoint 2013 Security (IT Pro)SharePoint 2013 Security (IT Pro)
SharePoint 2013 Security (IT Pro)
 
SharePoint Information Architecture Best Practices
SharePoint Information Architecture Best PracticesSharePoint Information Architecture Best Practices
SharePoint Information Architecture Best Practices
 
Introduction to SharePoint Information Architecture
Introduction to SharePoint Information ArchitectureIntroduction to SharePoint Information Architecture
Introduction to SharePoint Information Architecture
 
Alles Meta oder was?
Alles Meta oder was?Alles Meta oder was?
Alles Meta oder was?
 
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
 
SharePoint 2013 Einführung und Anwenderschulung
SharePoint 2013 Einführung und AnwenderschulungSharePoint 2013 Einführung und Anwenderschulung
SharePoint 2013 Einführung und Anwenderschulung
 
Introduction to Information Architecture
Introduction to Information ArchitectureIntroduction to Information Architecture
Introduction to Information Architecture
 
2010 09 29 10-00 seffen engeser
2010 09 29 10-00 seffen engeser2010 09 29 10-00 seffen engeser
2010 09 29 10-00 seffen engeser
 

Similaire à SharePoint Security Playbook [eBook]

Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceMarie-Michelle Strah, PhD
 
Smart data platform for SharePoint
Smart data platform for SharePointSmart data platform for SharePoint
Smart data platform for SharePointEmmanuel Perdikis
 
Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceMarie-Michelle Strah, PhD
 
Smart data platform for big data
Smart data platform for big dataSmart data platform for big data
Smart data platform for big dataemmanpks
 
Improving Performance, Efficiency and Information Governance Control of Share...
Improving Performance, Efficiency and Information Governance Control of Share...Improving Performance, Efficiency and Information Governance Control of Share...
Improving Performance, Efficiency and Information Governance Control of Share...Bishop Technologies
 
InfoFusion Overview And Roadmap
InfoFusion Overview And RoadmapInfoFusion Overview And Roadmap
InfoFusion Overview And RoadmapMarten den Haring
 
DSS - ITSEC Conference - Protected-Networks - An Open Door May Tempt a Saint ...
DSS - ITSEC Conference - Protected-Networks - An Open Door May Tempt a Saint ...DSS - ITSEC Conference - Protected-Networks - An Open Door May Tempt a Saint ...
DSS - ITSEC Conference - Protected-Networks - An Open Door May Tempt a Saint ...Andris Soroka
 
CISO's Guide to Securing SharePoint
CISO's Guide to Securing SharePointCISO's Guide to Securing SharePoint
CISO's Guide to Securing SharePointImperva
 
Share point encryption
Share point encryptionShare point encryption
Share point encryptioncsmith2009
 
Security and Privacy in SharePoint 2010: Healthcare
Security and Privacy in SharePoint 2010: HealthcareSecurity and Privacy in SharePoint 2010: Healthcare
Security and Privacy in SharePoint 2010: HealthcareMarie-Michelle Strah, PhD
 
AvePoint Corporate Overview
AvePoint Corporate OverviewAvePoint Corporate Overview
AvePoint Corporate Overviewkimaujla
 
Webinar: Take Control of SharePoint Security
Webinar: Take Control of SharePoint SecurityWebinar: Take Control of SharePoint Security
Webinar: Take Control of SharePoint SecurityAntonioMaio2
 
Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceMarie-Michelle Strah, PhD
 
Integrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLCIntegrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLCDATAVERSITY
 
Recommind-AXC-Data-Management-Intelligent-Information-Governance-DS
Recommind-AXC-Data-Management-Intelligent-Information-Governance-DSRecommind-AXC-Data-Management-Intelligent-Information-Governance-DS
Recommind-AXC-Data-Management-Intelligent-Information-Governance-DSrschrader1954
 
Everything Self-Service:Linked Data Applications with the Information Workbench
Everything Self-Service:Linked Data Applications with the Information WorkbenchEverything Self-Service:Linked Data Applications with the Information Workbench
Everything Self-Service:Linked Data Applications with the Information WorkbenchPeter Haase
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanSPS Paris
 
Microsoft Forefront - Protection 2010 for SharePoint
Microsoft Forefront - Protection 2010 for SharePoint Microsoft Forefront - Protection 2010 for SharePoint
Microsoft Forefront - Protection 2010 for SharePointMicrosoft Private Cloud
 

Similaire à SharePoint Security Playbook [eBook] (20)

Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH Compliance
 
Smart data platform for SharePoint
Smart data platform for SharePointSmart data platform for SharePoint
Smart data platform for SharePoint
 
Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH Compliance
 
Smart data platform for big data
Smart data platform for big dataSmart data platform for big data
Smart data platform for big data
 
Improving Performance, Efficiency and Information Governance Control of Share...
Improving Performance, Efficiency and Information Governance Control of Share...Improving Performance, Efficiency and Information Governance Control of Share...
Improving Performance, Efficiency and Information Governance Control of Share...
 
InfoFusion Overview And Roadmap
InfoFusion Overview And RoadmapInfoFusion Overview And Roadmap
InfoFusion Overview And Roadmap
 
DSS - ITSEC Conference - Protected-Networks - An Open Door May Tempt a Saint ...
DSS - ITSEC Conference - Protected-Networks - An Open Door May Tempt a Saint ...DSS - ITSEC Conference - Protected-Networks - An Open Door May Tempt a Saint ...
DSS - ITSEC Conference - Protected-Networks - An Open Door May Tempt a Saint ...
 
CISO's Guide to Securing SharePoint
CISO's Guide to Securing SharePointCISO's Guide to Securing SharePoint
CISO's Guide to Securing SharePoint
 
Share point encryption
Share point encryptionShare point encryption
Share point encryption
 
Security and Privacy in SharePoint 2010: Healthcare
Security and Privacy in SharePoint 2010: HealthcareSecurity and Privacy in SharePoint 2010: Healthcare
Security and Privacy in SharePoint 2010: Healthcare
 
AvePoint Corporate Overview
AvePoint Corporate OverviewAvePoint Corporate Overview
AvePoint Corporate Overview
 
Webinar: Take Control of SharePoint Security
Webinar: Take Control of SharePoint SecurityWebinar: Take Control of SharePoint Security
Webinar: Take Control of SharePoint Security
 
Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH Compliance
 
Integrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLCIntegrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLC
 
Recommind-AXC-Data-Management-Intelligent-Information-Governance-DS
Recommind-AXC-Data-Management-Intelligent-Information-Governance-DSRecommind-AXC-Data-Management-Intelligent-Information-Governance-DS
Recommind-AXC-Data-Management-Intelligent-Information-Governance-DS
 
encase enterprise
encase enterprise encase enterprise
encase enterprise
 
Everything Self-Service:Linked Data Applications with the Information Workbench
Everything Self-Service:Linked Data Applications with the Information WorkbenchEverything Self-Service:Linked Data Applications with the Information Workbench
Everything Self-Service:Linked Data Applications with the Information Workbench
 
Big security for big data
Big security for big dataBig security for big data
Big security for big data
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
 
Microsoft Forefront - Protection 2010 for SharePoint
Microsoft Forefront - Protection 2010 for SharePoint Microsoft Forefront - Protection 2010 for SharePoint
Microsoft Forefront - Protection 2010 for SharePoint
 

Plus de Imperva

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyImperva
 
API Security Survey
API Security SurveyAPI Security Survey
API Security SurveyImperva
 
Imperva ppt
Imperva pptImperva ppt
Imperva pptImperva
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountImperva
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Imperva
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesImperva
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchImperva
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecurityImperva
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRImperva
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware Imperva
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged VendorsImperva
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet SophisticationImperva
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made EasyImperva
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceImperva
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyImperva
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR PlanImperva
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataImperva
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityImperva
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationImperva
 

Plus de Imperva (20)

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 Survey
 
API Security Survey
API Security SurveyAPI Security Survey
API Security Survey
 
Imperva ppt
Imperva pptImperva ppt
Imperva ppt
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked account
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to Narratives
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over Lunch
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber Security
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPR
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet Sophistication
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made Easy
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense Report
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat Intelligence
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR Plan
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your Data
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data Security
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
 

Dernier

Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 

Dernier (20)

Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 

SharePoint Security Playbook [eBook]

  • 1. SharePoint Security Playbook 5 Lines of Defense You Need to Secure Your SharePoint Environment SharePoint Security Resource Kit
  • 2. Contents IT’S TIME TO THINK ABOUT SHAREPOINT SECURITY Challenge 1: Ensure access rights remain aligned with business needs Challenge 2: Address compliance mandates Challenge 3: Respond to suspicious activity in real time Challenge 4: Protect Web applications from attack Challenge 5: Take control when migrating data Conclusion: SharePoint Security Checklist ABOUT IMPERVA SharePoint Security Resource Kit
  • 3. It’s Time to Think about SharePoint Security The increasing use of Microsoft SharePoint to store sensitive business data and extend access and collaboration to partners, customers, and suppliers has outpaced native SharePoint security capabilities. More and more organizations are storing and accessing sensitive, regulated information through this platform. To improve business security, organizations must invest in organizing, managing, and protecting these valuable assets. By implementing the five lines of defense outlined in this playbook, you will be able to overcome operational challenges and protect your SharePoint deployments against both internal and external threats. SharePoint Security Resource Kit
  • 4. CHALLENGE #1 Ensure access rights remain aligned with business needs. “ Unstructured data now accounts for SharePoint Security Gap Without an aggregated, centralized system to view rights information, SharePoint permissions for each site collection must first be extracted to an Excel spreadsheet and then more than 90% of combined by hand to analyze. And, that analysis must be ” done manually within Excel or exported – yet again – to a the Digital Universe. third-party analytics platform. -IDC 2011 SharePoint Security Resource Kit
  • 5. CHALLENGE #1 Ensure access rights remain aligned with business needs. The Play The Advantage Aggregate permissions across the entire SharePoint deployment and - Understand who has access to what data or, conversely, what data any given automate the review process to keep rights aligned with business needs. user or group can access, and how that access was assigned or inherited. - Simplify the process of identifying where excessive access rights have been granted, if there are dormant users, and who owns each item and document. - Help administrators and data owners establish a baseline snapshot of access rights and conduct rights reviews. SharePoint Security Resource Kit
  • 6. CHALLENGE #2 Address compliance mandates. “ 60% of organizations have yet to bring SharePoint SharePoint Security Gap Native SharePoint activity monitoring lacks an intuitive, easy-to-use interface for reporting and analytics. Without a third-party solution, businesses must first decode into line with existing data SharePoint’s internal representation of log data before ” they can access meaningful information. compliance policies. -AIIM 2011 SharePoint Security Resource Kit
  • 7. CHALLENGE #2 Address compliance mandates. The Play The Advantage Use enterprise-class technology that combines permissions and activity - Generate compliance reports on-time and tailored to each recipient’s needs. details to automate compliance reporting. - Drill down, filter, and organize data. - Enrich native data with relevant information, such as type of data, department, and data owner. SharePoint Security Resource Kit
  • 8. CHALLENGE #3 Respond to suspicious activity in real time. “ 96% of breaches were avoidable through SharePoint Security Gap Native SharePoint activity auditing does not provide the ability to automatically analyze access activity and respond with an alert or block. simple or intermediate controls. ” -Verizon Data Breach Report 2011 SharePoint Security Resource Kit
  • 9. CHALLENGE #3 Respond to suspicious activity in real time. ?! The Play The Advantage Use a policy framework to build rules across SharePoint’s Web, - Monitor, control, and respond to suspicious activity in real time. file, and database components to identify suspicious behavior and - Balance the need for trust and openness with security concerns. complement native access controls. SharePoint Security Resource Kit
  • 10. CHALLENGE #4 Protect Web applications from attack. “ 31% of organizations are using SharePoint for externally facing SharePoint Security Gap Native SharePoint does not include Web application firewall protection. Web sites, and another 47% are planning to do so. ” -Forrester Research, Inc. 2011 SharePoint Security Resource Kit
  • 11. CHALLENGE #4 Protect Web applications from attack. Keep Out (PLEASE) ADMIN DATABASE SharePoint The Play The Advantage Deploy a proven Web application firewall (WAF) technology. - Provide a powerful defense against common attacks, such as SQL injection and cross-site scripting. - Streamline and automate regulatory compliance. - Mitigate data risk. SharePoint Security Resource Kit
  • 12. CHALLENGE #5 Take control when migrating data. “ SharePoint 2010 deployments grew SharePoint Security Gap SharePoint enforces access controls for files using Access Control Lists (ACLs). What makes native permissions challenging, however, is that SharePoint 5x in the past lacks an automated way to ensure that ACLs remain ” aligned with business needs. six months. -Global 360 2011 SharePoint Security Resource Kit
  • 13. CHALLENGE #5 Take control when migrating data. The Play The Advantage Identify where excessive access rights have been granted, and use file - Keep rights aligned with business needs. activity monitoring to locate stale data that can be archived or deleted. - Free up storage space and reduce the amount of data that must be actively managed. SharePoint Security Resource Kit
  • 14. SharePoint Security Checklist Jump start your Microsoft SharePoint security efforts with this quick reference guide Get ahead of all SharePoint deployments Protect Web sites from external attack Implement a SharePoint governance policy Identify SharePoint Web applications that work with sensitive data Put security requirements in place when SharePoint instances go live Deploy a Web application firewall to monitor and protect sensitive SharePoint Look beyond native SharePoint security features Web sites, portals, and intranets Specify what kind of information can be put on SharePoint Respond to suspicious activity such as external users accessing admin pages Concentrate on business-critical assets first Enable auditing for compliance and forensics Start with regulated, employee, or proprietary data, Who owns this data? and intellectual property Who accessed this data? Streamline access to a “business need-to-know” level When and what did they access? Identify and clean up dormant users and stale data Have there been repeated failed login attempts? Alert on unauthorized access Establish a regular review cycle for dormant users, stale data, and excessive rights Work with data owners to manage user access Locate data owners Create permission reports so data owners have visibility into who can access their data Validate with owners that access to data is legitimate Create usage reports so owners can see who is accessing their data SharePoint Security Resource Kit
  • 15. About Imperva Imperva data security solutions provide visibility and control of high-value business data across critical systems within the data center. Imperva SecureSphere includes database, file, and Web application security solutions that prioritize and mitigate risks to business data, protect against hackers and malicious insiders, and streamline regulatory compliance. Find Us on the Web | Contact Us Direct | Read our Blog | Facebook | Twitter | SlideShare | YouTube Imperva Headquarters 3400 Bridge Parkway, Suite 200 Redwood Shores, CA 94065 Tel: +1-650-345-9000 Fax: +1-650-345-9004 Toll Free (U.S. only): +1-866-926-4678 www.imperva.com SharePoint Security Resource Kit © Copyright 2012 Imperva, Inc. All rights reserved. Imperva, the Imperva logo and SecureSphere are trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.