Slide 1

Download Report

Transcript Slide 1 

INTERNAL RISKS AND THREATS
Security Breaches
Hackers vs Insiders
 2005 survey done by the U.S. Secret Service
in conjunction with CERT
 The survey shows that of the insiders who
cause security breaches, 59 percent were
former employees or former contractors. Of
those, 48 percent had been fired, 38 percent
had resigned and 7 percent had been laid off.
 Witiger.com>
http://itmanagement.earthweb.com/career/a
rticle.php/3595456
Agenda
Identify the
Risk
Influencing
Environment
Measuring
Risks
• Definitions
• Who is effected? What can happen?
• The environments
• How the environments effect the risks?
• What are the measures to deal with the risks?
• How to handle risks and consequences to..
• Customers and 3rd party affiliates
Opinions
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 3 of 19
3
What is Internal Threat?
in·ter·nal [in-tur-nl] Pronunciation Key
–adjective
1. situated or existing in the interior of
something; interior
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 4 of 19
4
threat (thrět)
n.
1. An expression of an intention to inflict pain,
injury, evil, or punishment.
2. An indication of impending danger or harm.
3. One that is regarded as a possible danger; a
menace.
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 5 of 19
5
Internal + Threat
 In terms of business Internal threats expose
the business making it vunerable
 CAUSE:
 Active employee
 Ex-employee
 Third party
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 6 of 19
6
Internal Threats
 Not easy to find information and examples
makes vulnerabilities public knowledge
 Weakens investor confidence
 If deposit taking institution may cause “run on the
bank”
 Makes the company look bad in the public eye
 Negative PR = NOT GOOD
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 7 of 19
7
Who is effected?
 Customers
 The business
 Third Party
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 8 of 19
8
What can Happen?
 Lost profits
 Lost market share
 Lost investor confidence
 Negative PR
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 9 of 19
9
Influencing Environments
o Economic Environment
o Competitive Environment
o Political Environment
o Social/Cultural Environment
o Technological Environment
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 10 of 19
10
Economical and Competitive
 3rd party
 Outsourcing – cut costs
 Cut corners
 Former Employee
 Former Employees – economic
 some employees are enticed, (sometimes by their
new employers) to use their old company
passwords and inside information to acquire
confidential information) to use their old company
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 11 of 19
11
Social and Cultural
 Former Employees
 Who has some grudge against company (for being
laid off or fired maybe) and have malicious
intentions in creating a situation adverse to
business operations)
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 12 of 19
12
Political
 Legislature related to client information
retention
 CSB investors victimized
 Sponsorship Scandel
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 13 of 19
13
Technological
 Hard to keep up with in order to prevent
threats
 “Vishing”
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 14 of 19
14
What are the measures to
deal with the risks?
 Train and educate employees
 Having a security system
 Contracts
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 15 of 19
15
4. Future Circumstances
 Coke will be reviewing its security measures
currently in place
 Competition is becoming fierce, not all
companies can be expected to act like Pepsi
and do the right thing
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 16 of 19
16
Ability to Handle Internal
Threats
 Spread the info amongst a few employees
 Employees are assigned a level based on their
position in the company.
 All sensitive info is also assigned a level
 Only high level employee’s can see highly
confidential information.
 Intranet
 Removing access (passwords) a day before
termination
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 17 of 19
17
Handling Third Parties
 Companies have a disclaimer when using a
third party.
 To inform the customer that the offer or service is
from another company
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 18 of 19
18
What have we learned?
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 19 of 19
19