SlideShare une entreprise Scribd logo
1  sur  21
Télécharger pour lire hors ligne
Millie Law  ACC626
[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Contenu connexe

Tendances

The Information Disruption Industry and the Operational Environment of the Fu...
The Information Disruption Industry and the Operational Environment of the Fu...The Information Disruption Industry and the Operational Environment of the Fu...
The Information Disruption Industry and the Operational Environment of the Fu...Vincent O'Neil
 
Cyber security rule of use internet safely
Cyber security rule of use internet safelyCyber security rule of use internet safely
Cyber security rule of use internet safelyAlexander Decker
 
Gebm os presentation final
Gebm os presentation finalGebm os presentation final
Gebm os presentation finalsunnyjoshi88
 
Session#7; securing information systems
Session#7;  securing information systemsSession#7;  securing information systems
Session#7; securing information systemsOmid Aminzadeh Gohari
 
McNair_Paper_Hill
McNair_Paper_HillMcNair_Paper_Hill
McNair_Paper_HillDennis Hill
 
Kaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksKaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksConstantin Cocioaba
 
Top cited managing information technology articles
Top cited managing information technology articlesTop cited managing information technology articles
Top cited managing information technology articlesIJMIT JOURNAL
 
Julius Clark is Making Criminal Hackers Miserable
Julius Clark is Making Criminal Hackers MiserableJulius Clark is Making Criminal Hackers Miserable
Julius Clark is Making Criminal Hackers MiserableJulius Clark, CISSP, CISA
 
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALINCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALIJNSA Journal
 
8 - Securing Info Systems
8 - Securing Info Systems8 - Securing Info Systems
8 - Securing Info SystemsHemant Nagwekar
 
IRJET- Security Risk Assessment on Social Media using Artificial Intellig...
IRJET-  	  Security Risk Assessment on Social Media using Artificial Intellig...IRJET-  	  Security Risk Assessment on Social Media using Artificial Intellig...
IRJET- Security Risk Assessment on Social Media using Artificial Intellig...IRJET Journal
 
Module0&1 intro-foundations-b
Module0&1 intro-foundations-bModule0&1 intro-foundations-b
Module0&1 intro-foundations-bBbAOC
 
Study and analysis of E-Governance Information Security (InfoSec) in Indian C...
Study and analysis of E-Governance Information Security (InfoSec) in Indian C...Study and analysis of E-Governance Information Security (InfoSec) in Indian C...
Study and analysis of E-Governance Information Security (InfoSec) in Indian C...IOSRjournaljce
 
Ethical Questions of Facial Recognition Technologies by Mika Nieminen
Ethical Questions of Facial Recognition Technologies by Mika Nieminen Ethical Questions of Facial Recognition Technologies by Mika Nieminen
Ethical Questions of Facial Recognition Technologies by Mika Nieminen Mindtrek
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShowAdam Heller
 
DOES DIGITAL NATIVE STATUS IMPACT END-USER ANTIVIRUS USAGE?
DOES DIGITAL NATIVE STATUS IMPACT END-USER ANTIVIRUS USAGE?DOES DIGITAL NATIVE STATUS IMPACT END-USER ANTIVIRUS USAGE?
DOES DIGITAL NATIVE STATUS IMPACT END-USER ANTIVIRUS USAGE?IJCNCJournal
 
Key findings from information security survey at higher education institution...
Key findings from information security survey at higher education institution...Key findings from information security survey at higher education institution...
Key findings from information security survey at higher education institution...MajedahAlkharji
 

Tendances (20)

The Information Disruption Industry and the Operational Environment of the Fu...
The Information Disruption Industry and the Operational Environment of the Fu...The Information Disruption Industry and the Operational Environment of the Fu...
The Information Disruption Industry and the Operational Environment of the Fu...
 
Cyber security rule of use internet safely
Cyber security rule of use internet safelyCyber security rule of use internet safely
Cyber security rule of use internet safely
 
Gebm os presentation final
Gebm os presentation finalGebm os presentation final
Gebm os presentation final
 
Session#7; securing information systems
Session#7;  securing information systemsSession#7;  securing information systems
Session#7; securing information systems
 
McNair_Paper_Hill
McNair_Paper_HillMcNair_Paper_Hill
McNair_Paper_Hill
 
Kaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksKaspersky: Global IT Security Risks
Kaspersky: Global IT Security Risks
 
Top cited managing information technology articles
Top cited managing information technology articlesTop cited managing information technology articles
Top cited managing information technology articles
 
Julius Clark is Making Criminal Hackers Miserable
Julius Clark is Making Criminal Hackers MiserableJulius Clark is Making Criminal Hackers Miserable
Julius Clark is Making Criminal Hackers Miserable
 
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALINCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
 
8 - Securing Info Systems
8 - Securing Info Systems8 - Securing Info Systems
8 - Securing Info Systems
 
IRJET- Security Risk Assessment on Social Media using Artificial Intellig...
IRJET-  	  Security Risk Assessment on Social Media using Artificial Intellig...IRJET-  	  Security Risk Assessment on Social Media using Artificial Intellig...
IRJET- Security Risk Assessment on Social Media using Artificial Intellig...
 
Module0&1 intro-foundations-b
Module0&1 intro-foundations-bModule0&1 intro-foundations-b
Module0&1 intro-foundations-b
 
Study and analysis of E-Governance Information Security (InfoSec) in Indian C...
Study and analysis of E-Governance Information Security (InfoSec) in Indian C...Study and analysis of E-Governance Information Security (InfoSec) in Indian C...
Study and analysis of E-Governance Information Security (InfoSec) in Indian C...
 
Ethical Questions of Facial Recognition Technologies by Mika Nieminen
Ethical Questions of Facial Recognition Technologies by Mika Nieminen Ethical Questions of Facial Recognition Technologies by Mika Nieminen
Ethical Questions of Facial Recognition Technologies by Mika Nieminen
 
Cloud computing advances in 2020
Cloud computing advances in 2020Cloud computing advances in 2020
Cloud computing advances in 2020
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small Business
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShow
 
Ijsrp p5211
Ijsrp p5211Ijsrp p5211
Ijsrp p5211
 
DOES DIGITAL NATIVE STATUS IMPACT END-USER ANTIVIRUS USAGE?
DOES DIGITAL NATIVE STATUS IMPACT END-USER ANTIVIRUS USAGE?DOES DIGITAL NATIVE STATUS IMPACT END-USER ANTIVIRUS USAGE?
DOES DIGITAL NATIVE STATUS IMPACT END-USER ANTIVIRUS USAGE?
 
Key findings from information security survey at higher education institution...
Key findings from information security survey at higher education institution...Key findings from information security survey at higher education institution...
Key findings from information security survey at higher education institution...
 

En vedette

Countering insider threat attacks - CDE themed call launch 14 May 2013
Countering insider threat attacks - CDE themed call launch 14 May 2013Countering insider threat attacks - CDE themed call launch 14 May 2013
Countering insider threat attacks - CDE themed call launch 14 May 2013Defence and Security Accelerator
 
Insider Threat – The Visual Conviction - FIRST 2007 - Sevilla
Insider Threat – The Visual Conviction - FIRST 2007 - SevillaInsider Threat – The Visual Conviction - FIRST 2007 - Sevilla
Insider Threat – The Visual Conviction - FIRST 2007 - SevillaRaffael Marty
 
Internal Risk Management
Internal Risk ManagementInternal Risk Management
Internal Risk ManagementBarry Caplin
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRIZivaro Inc
 

En vedette (6)

insider threat research
insider threat researchinsider threat research
insider threat research
 
Countering insider threat attacks - CDE themed call launch 14 May 2013
Countering insider threat attacks - CDE themed call launch 14 May 2013Countering insider threat attacks - CDE themed call launch 14 May 2013
Countering insider threat attacks - CDE themed call launch 14 May 2013
 
Insider Threat Experiences
Insider Threat ExperiencesInsider Threat Experiences
Insider Threat Experiences
 
Insider Threat – The Visual Conviction - FIRST 2007 - Sevilla
Insider Threat – The Visual Conviction - FIRST 2007 - SevillaInsider Threat – The Visual Conviction - FIRST 2007 - Sevilla
Insider Threat – The Visual Conviction - FIRST 2007 - Sevilla
 
Internal Risk Management
Internal Risk ManagementInternal Risk Management
Internal Risk Management
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRI
 

Similaire à Managing insider threat

Nonprofit Security Matters: It's Not About the Network
Nonprofit Security Matters: It's Not About the NetworkNonprofit Security Matters: It's Not About the Network
Nonprofit Security Matters: It's Not About the NetworkHolly Ross
 
Running Head DATA BREACH .docx
Running Head DATA BREACH                                        .docxRunning Head DATA BREACH                                        .docx
Running Head DATA BREACH .docxtodd271
 
Top 5 Ways You Can Protect Your Privacy On Web
Top 5 Ways You Can Protect Your Privacy On WebTop 5 Ways You Can Protect Your Privacy On Web
Top 5 Ways You Can Protect Your Privacy On WebSheila Guy
 
System Dynamics Based Insider Threats Modeling
System Dynamics Based Insider Threats ModelingSystem Dynamics Based Insider Threats Modeling
System Dynamics Based Insider Threats ModelingIJNSA Journal
 
Windstream Cloud Security Checklist
Windstream Cloud Security Checklist Windstream Cloud Security Checklist
Windstream Cloud Security Checklist Ideba
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceJeff Lemmermann
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
 
Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the newsunnyjoshi88
 
Gebm os presentation final
Gebm os presentation finalGebm os presentation final
Gebm os presentation finalsunnyjoshi88
 
Security Risks And Vulnerabilities Of Mobile Payment...
Security Risks And Vulnerabilities Of Mobile Payment...Security Risks And Vulnerabilities Of Mobile Payment...
Security Risks And Vulnerabilities Of Mobile Payment...Donna Castro
 
Information Leakage & DLP
Information Leakage & DLPInformation Leakage & DLP
Information Leakage & DLPYun Lu
 
Running Head DATA BREACH 1DATA BREACH 3Data Breach Whit.docx
Running Head DATA BREACH 1DATA BREACH 3Data Breach Whit.docxRunning Head DATA BREACH 1DATA BREACH 3Data Breach Whit.docx
Running Head DATA BREACH 1DATA BREACH 3Data Breach Whit.docxtodd271
 
Strategic HRM Plan Grading GuideHRM498 Version 42.docx
Strategic HRM Plan Grading GuideHRM498 Version 42.docxStrategic HRM Plan Grading GuideHRM498 Version 42.docx
Strategic HRM Plan Grading GuideHRM498 Version 42.docxflorriezhamphrey3065
 
Implementing IT Security Controls
Implementing IT Security ControlsImplementing IT Security Controls
Implementing IT Security ControlsThomas Jones
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threatillustro
 
Assessment And Implementation Of Data Security
Assessment And Implementation Of Data SecurityAssessment And Implementation Of Data Security
Assessment And Implementation Of Data SecurityChristina Santos
 
Vulnerability Assessment ( Va )
Vulnerability Assessment ( Va )Vulnerability Assessment ( Va )
Vulnerability Assessment ( Va )Monica Rivera
 
A foundation for breach data analysis
A foundation for breach data analysisA foundation for breach data analysis
A foundation for breach data analysisAlexander Decker
 
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...IJNSA Journal
 

Similaire à Managing insider threat (20)

Forensics
ForensicsForensics
Forensics
 
Nonprofit Security Matters: It's Not About the Network
Nonprofit Security Matters: It's Not About the NetworkNonprofit Security Matters: It's Not About the Network
Nonprofit Security Matters: It's Not About the Network
 
Running Head DATA BREACH .docx
Running Head DATA BREACH                                        .docxRunning Head DATA BREACH                                        .docx
Running Head DATA BREACH .docx
 
Top 5 Ways You Can Protect Your Privacy On Web
Top 5 Ways You Can Protect Your Privacy On WebTop 5 Ways You Can Protect Your Privacy On Web
Top 5 Ways You Can Protect Your Privacy On Web
 
System Dynamics Based Insider Threats Modeling
System Dynamics Based Insider Threats ModelingSystem Dynamics Based Insider Threats Modeling
System Dynamics Based Insider Threats Modeling
 
Windstream Cloud Security Checklist
Windstream Cloud Security Checklist Windstream Cloud Security Checklist
Windstream Cloud Security Checklist
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 Conference
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS Deck
 
Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the new
 
Gebm os presentation final
Gebm os presentation finalGebm os presentation final
Gebm os presentation final
 
Security Risks And Vulnerabilities Of Mobile Payment...
Security Risks And Vulnerabilities Of Mobile Payment...Security Risks And Vulnerabilities Of Mobile Payment...
Security Risks And Vulnerabilities Of Mobile Payment...
 
Information Leakage & DLP
Information Leakage & DLPInformation Leakage & DLP
Information Leakage & DLP
 
Running Head DATA BREACH 1DATA BREACH 3Data Breach Whit.docx
Running Head DATA BREACH 1DATA BREACH 3Data Breach Whit.docxRunning Head DATA BREACH 1DATA BREACH 3Data Breach Whit.docx
Running Head DATA BREACH 1DATA BREACH 3Data Breach Whit.docx
 
Strategic HRM Plan Grading GuideHRM498 Version 42.docx
Strategic HRM Plan Grading GuideHRM498 Version 42.docxStrategic HRM Plan Grading GuideHRM498 Version 42.docx
Strategic HRM Plan Grading GuideHRM498 Version 42.docx
 
Implementing IT Security Controls
Implementing IT Security ControlsImplementing IT Security Controls
Implementing IT Security Controls
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
 
Assessment And Implementation Of Data Security
Assessment And Implementation Of Data SecurityAssessment And Implementation Of Data Security
Assessment And Implementation Of Data Security
 
Vulnerability Assessment ( Va )
Vulnerability Assessment ( Va )Vulnerability Assessment ( Va )
Vulnerability Assessment ( Va )
 
A foundation for breach data analysis
A foundation for breach data analysisA foundation for breach data analysis
A foundation for breach data analysis
 
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
 

Dernier

COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 

Dernier (20)

COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 

Managing insider threat

  • 1. Millie Law ACC626
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.

Notes de l'éditeur

  1. Hi everyone this is Millie Law and today’s topic is managing insider threat
  2. Our agenda is first to introduce and define insider threat Then I will talk about the key risk factors and the according managing strategies I will talk about the current issues facing insider risk management and then I will give the conclusion
  3. Insider threat is defined as attacks from within the organization by individuals who have unintentionally or intentionally caused the loss of organizational assets Insider threat is identified as one of the top three macro security issues today for organizations. insiders were responsible for 69% of database breaches. In the 2010 e-Crime Survey, relative to external breaches, incidents of insider attack are often more costly to organizations. A Sprint employee who cloned customer data using a low-tech breach technique had caused Sprint to lose US$15M and to lay off 80 employees. Additionally, $700M loss was caused by a complex financial fraud committed by an insider in a financial institution
  4. Deloitte UK identified four major areas that are susceptible to insider threat, including (1) Damage and (2) Theft of key assets and critical equipment (3) Massive deleting/corrupting files and records (4) Exposure and leakage of information that is sensitive
  5. Researchers have shown that C-suite executives lack insight and understanding of insider threat and its implications, such as decrease in competitiveness, efficiency, compliance, and security. Mitigation of insider threats is often not a top priority for executives because they see it as a “high impact, very low-frequency issue According to the Secure Computing IT Director Survey, only 35% of the organizations surveyed placed internal security as a priority in planned investment despite the economic downturn. According to a Deloitte survey for Fortune 1000 companies, 9 of 10 executives believed that security and privacy are primarily a technology problem, so they believe the IT department should take full responsibility for finding a solution The technical manager of Computer Emergency Response Team (CERT) exclaimed that it has been difficult to convince the C-suite executives that insider threat is not just an IT problem. This implies that executives do not understand that insider threat pervades the business process and that is not just a technology problem
  6. The Enterprise Security Program (ESP) is an effective system which directs an organization to establish the security tone at the top. The objective of the ESP is the sustainability of a pervasive culture of security in the organization’s beliefs, behaviors, capabilities, and actions. This is achieved by implementing top-level policies and an effective governance structure The executive team sets up top-level security policies, establishes the risk thresholds for the organization, obtains funds for the ESP, and creates the X-team. The X-team comprises of sub-teams which are responsible for day-to-day IT security operations The executive team and the X-team should focus on conducting regular reviews of processes that are governed by the policies described above for their effectiveness and efficiency.
  7. More than 27% of insiders studied stated that they were experiencing financial difficulty when the incident occurred. For instance, a cell phone number is sold for £10.00 each ron the black market according to the FBI. There are four types of data which are quite lucrative and are often stolen by insiders Since individual financial crisis is usually the motivating factor behind insider attacks, organizations should not underestimate the return on investments in employee assistance programs (EAP), according to a study conducted by Deloitte. An effective and well-funded EAP provides guidance and support to employees, emotionally and financially. When an employee who is facing financial crisis is helped by the program provided by the organization, it prevents employees from compromising their organization’s information for financial gain.
  8. Lack of education and awareness remains an obstacle in mitigiting insider risk. The insider risk is introduced by employees that lack the motivation and awareness to vigorously protect the integrity and the privacy of sensitive information of the stakeholders. Information system risks can be caused by unintentional behaviors, such as forgetting to log off a workstation, failure to change passwords regularly, and inappropriately discarding of sensitive information. In 2007, more than 37% organizations experienced leakage of sensitive information through emails. In order to reduce information system risks caused by unintentional behaviors, management is responsible for identifying areas with high risk exposure and providing education. CERT’s 16 Best Practices are defensive measures to prevent or facilitate early detection of insider incidents.
  9. Ineffective identity management, which relates to lack of accountability of access activities, increases insider risk. In order to gather information on insider threat detection pertaining to a specific organization, log collection and event correlation analysis are imperative in identifying high-risk behaviors. Any suspicious behavior, such as above average use of company’s network, should be detected, monitored, reported, and investigated The Federated Model is adopted by many large global corporations to distribute responsibility across the company’s hierarchy, ensuring that people are accountable for the safety and protection of the organization’s assets. This model has a centralized group responsible for setting common standards and coordinating functions, while business units manage ‘local’ executions. However, this model may not be suitable for small businesses, where owner-manager oversight serves as the primary risk mitigation strategy to the insider threat. Smaller organizations can consider using log management techniques with the network monitoring approach, where log files go through logical pairing, followed by log analysis and event correlation
  10. A third of organizations have reported that employees have abused their access rights, either intentionally or accidentally The people paradox states that people within the ‘trusted’ circle of the organization are the primary threat to the organization’s assets. This paradox applies to the fact that employees are trusted by the organization with their access privileges, but many have breached the trust by misusing them.
  11. The attribute based model defines insiders based on access attributes. The defined groups are categorized based on access capabilities, and identifies high-risk users to high-risk resources Since the users are grouped by their ability to access organizational resources using the Attributed based model, security personnel can focus on monitoring those that pose the most threat to the organization.
  12. Another approach to mitigate insider threat caused by misused access privileges is “Identity Access Management” (IAM). IAM is the implementation of centralized and automated controls that enforce security policies by monitoring employee and third-party access and use of sensitive data in real time across multiple databases in different locations. IAM uses internal auditing to determine, amongst the stakeholders, the information that needs to be protected the most, and what kind of database application is used for storage. After defining what it means by sensitive data, stakeholders must agree to this common definition. These data are then tagged and consolidated within centralized servers protected by encryption and physical security measures. IAM applies digital rights management technology to control whether this information can be transferred outbound of the server, while balancing the need for employees to complete their job responsibilities
  13. Insiders have significant advantage over external attackers since insiders can bypass physical and logical security measures designed to prevent unauthorized access. Most insider attackers are aware of their insider advantage, such as vulnerabilities in internal controls, systems, and networks. Employees have realized that control mechanisms such as firewalls, intrusion-detection systems, and electronic building-access systems are usually geared towards defending against external threats. The risk of unauthorized access within the organization may be mitigated by the Honey Pot approach, which is a relatively new strategy in dealing with insider threat. Fictitious data such as credit card numbers, social security numbers, and documents are put into this ‘honey pot’ to attract unauthorized access. These unauthorized access attempts are then recorded and would be followed by punitive managerial decisions
  14. According to the “Insider Threat Study”, insiders held different positions in the organization – there was no specific type of high-risk attackers. Contrary to the perception that the IT department is most likely to snoop around confidential information It should be stressed that the insider threat is not exclusive to IT personnel, because employees are now more technologically savvy. The employee screening process should include the best available criminal history records. To ensure accuracy, organizations can standardize the presentation of these records or hire an external agency for screening. However, background checking will not completely remove insider threat, as most attackers come to the organization without a criminal background. Hence, the screening is not a standalone process and is only effective when complemented with other security measures.
  15. However, there are general traits which high-risk employees can identify – but security professionals should not generalize these traits but only use them as a reference source. When hiring, employers should make reference to the characteristics of a Risk-indicator and Risk-mitigator as they show the potential an employee to conduct an insider attack. Organizations should also look for competencies such as accountability and integrity for a secure workforce
  16. Many organizations today have silo’ed physical and information system architecture. It is expensive to integrate and coordinate between physical and cyber infrastructure and assets; hence, companies shy away from this investment which increases the risk of combined fraud and theft of these properties. The risk is further increased when the organizations do not know how much data they have. For instance, only 18% of the 150 IT security professionals surveyed were certain of the exact number of sensitive files in their organizations Since maintaining these data creates significant cost for collection and storage, and carries huge potential costs in legal responsibilities, companies should conduct data inventory projects and modify their systems architecture for leaner data inventory and more efficient architecture for cost and legal liability risk reduction. The recommended data inventory project comprises of the following steps: Take inventory of sensitive files Accurately record their location on the server Keep track of access rights to these files By doing the above, the organization would be able to guard against insider threat by timely detection of the addition, removal, and improper access of these sensitive data. It should be noted that a comprehensive data inventory project must be acted on before an adverse event in order to maximize its benefits.
  17. In addition to the data inventory project, companies should implement the data-centric policy which would focus managers, auditors, and other parties to be involved in securing data under the mobile environment.
  18. The trend for globalization has increased insider risk in multinational operating environments, especially when these environments lack guidance on how to protect against insider threats. Current research studies lack validity in international environments. Also, globalization complicates the issue of trust, and the technology and business process collaboration The insider risk regarding virtual work environment is increased as many organizations still use and rely on policies and manual controls to review user administration, segregation of duties, etc. However, the issue is that there are a lack of tested and practical strategies to minimize insider threat for these ‘cloud-based’ work environments.
  19. Managing insider threat should be a priority, especially for C-suite executives when they are the one responsible to institute a security conscious tone at the top – There are best practicses guidelines and various managing strategies which small to large organizations can use to establish policies and control procedures to address the risk factors. This concludes my presentation Thanks for listening