Transcript Slide 1
INTERNAL RISKS AND THREATS
Security Breaches
Hackers vs Insiders
2005 survey done by the U.S. Secret Service
in conjunction with CERT
The survey shows that of the insiders who
cause security breaches, 59 percent were
former employees or former contractors. Of
those, 48 percent had been fired, 38 percent
had resigned and 7 percent had been laid off.
Witiger.com>
http://itmanagement.earthweb.com/career/a
rticle.php/3595456
Agenda
Identify the
Risk
Influencing
Environment
Measuring
Risks
• Definitions
• Who is effected? What can happen?
• The environments
• How the environments effect the risks?
• What are the measures to deal with the risks?
• How to handle risks and consequences to..
• Customers and 3rd party affiliates
Opinions
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 3 of 19
3
What is Internal Threat?
in·ter·nal [in-tur-nl] Pronunciation Key
–adjective
1. situated or existing in the interior of
something; interior
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 4 of 19
4
threat (thrět)
n.
1. An expression of an intention to inflict pain,
injury, evil, or punishment.
2. An indication of impending danger or harm.
3. One that is regarded as a possible danger; a
menace.
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 5 of 19
5
Internal + Threat
In terms of business Internal threats expose
the business making it vunerable
CAUSE:
Active employee
Ex-employee
Third party
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 6 of 19
6
Internal Threats
Not easy to find information and examples
makes vulnerabilities public knowledge
Weakens investor confidence
If deposit taking institution may cause “run on the
bank”
Makes the company look bad in the public eye
Negative PR = NOT GOOD
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 7 of 19
7
Who is effected?
Customers
The business
Third Party
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 8 of 19
8
What can Happen?
Lost profits
Lost market share
Lost investor confidence
Negative PR
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 9 of 19
9
Influencing Environments
o Economic Environment
o Competitive Environment
o Political Environment
o Social/Cultural Environment
o Technological Environment
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 10 of 19
10
Economical and Competitive
3rd party
Outsourcing – cut costs
Cut corners
Former Employee
Former Employees – economic
some employees are enticed, (sometimes by their
new employers) to use their old company
passwords and inside information to acquire
confidential information) to use their old company
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 11 of 19
11
Social and Cultural
Former Employees
Who has some grudge against company (for being
laid off or fired maybe) and have malicious
intentions in creating a situation adverse to
business operations)
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 12 of 19
12
Political
Legislature related to client information
retention
CSB investors victimized
Sponsorship Scandel
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 13 of 19
13
Technological
Hard to keep up with in order to prevent
threats
“Vishing”
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 14 of 19
14
What are the measures to
deal with the risks?
Train and educate employees
Having a security system
Contracts
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 15 of 19
15
4. Future Circumstances
Coke will be reviewing its security measures
currently in place
Competition is becoming fierce, not all
companies can be expected to act like Pepsi
and do the right thing
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 16 of 19
16
Ability to Handle Internal
Threats
Spread the info amongst a few employees
Employees are assigned a level based on their
position in the company.
All sensitive info is also assigned a level
Only high level employee’s can see highly
confidential information.
Intranet
Removing access (passwords) a day before
termination
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 17 of 19
17
Handling Third Parties
Companies have a disclaimer when using a
third party.
To inform the customer that the offer or service is
from another company
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 18 of 19
18
What have we learned?
Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Slide 19 of 19
19