Download pptx - MS810 Information Security and Ethics Assignment

Transcript
  • 1. OVERVIEW News stories every day exposure of private companyinformation Not advanced technology or genius hackers but Human Beings, Being Human 2

2. RISKS STEMMING FROM A. Careless Use Of E-Mail B. Other Aspects of Human Error 3. A. CARELESS USE OF EMAIL1. Employee Vulnerablility to Spear Phishing AttacksFraudulent email intent on gaining data/information - much more focusedthan traditional PhishingExample: 2008 District Court Subpoena ScamSolutions: Education Messaging Intelligence Phishing Filter Avoiding Embedded Links Increased Sensitivity of Spam Filters4 4. A. CARELESS USE OF EMAIL2. Use of Company Account for Personal Use (and Vice-Versa)Lack of distinction between the company account and personalaccount can lead to embarrassing or disastrous consequencesExample: Anonymous - Sarah Palin, 2008Solutions: Policy of separate accounts for personal andwork use Ban on internal chain mail on companyaccounts If absolutely necessary to use personalaccount for work purposes, encryption mustbe used 5 5. A. CARELESS USE OF EMAIL3. Avoidable Loss of Old E-mailsIts often assumed that once an e-mail is stored in an account that it issafe forever.However e-mail accounts can crash leading to loss of all data whichhasnt been backed up.Example: G-Mail Mishap, 2006Solutions: Manual e-mail backup on cd/storage device withstrict back up schedule. Purchase of automated backup software to takecare of backups automatically6 6. A. CARELESS USE OF EMAIL4. Mis-use of the Reply All ButtonOne of the most common mistakes made by individuals regarding e-mail error which can result in sensitive or embarrassing informationbeing sent to unintended recipients.Example: LA Police Dept. Controversy, 2012Solutions:Many e-mail providers offer a number of preventativemeans,e.g. Outlook: Option to remove Reply All button Option of 30 second lag on all e-mails Option of an alert warning the user that Reply All has been selected 7 7. A. CARELESS USE OF EMAIL5. Over-Dependence on E-mail (especially for discussion ofsensitive info)E-mail is often seen as an easy way out communication tool providing aquick fix. The short term relief, however, does not outweigh the potentialproblems including clogging of internal email systems.Also problematic is the use of e-mail for sensitive corrospondence moresuited to aNavio Computers to face meeting. System,Example: phone call or face Clogged Email2011Solutions: Ban on unnecessary internal e-mails Alternative cloud-based collaboration tools FtF meetings and phone calls to discuss sensitiveinfo Encryption if sensitive info MUST be sent via e-mail 8 8. B. OTHER ASPECTS OF HUMAN ERROR1. Loss Of Laptop/Other Device (Containing Unencrypted Data)Theft/Loss of a computer or other data storage medium made up 35%of all data breaches in 2012. Such theft/loss can cost a companyhugely in monetary terms as well as image, competitive advantage andconsumer trust.Example: Dept. of Veteran Affairs Database Theft, 2006Solutions: Education of employees around device and passwordsecurity Immediate notification of loss or theft Encryption of all sensitive company data/info Device Management Consoles monitor, set , enforcepolices & remotely wipe devices 9 9. B. OTHER ASPECTS OF HUMAN ERROR2. Failure To Erase Data When No Longer Required/PermittedIt is generally good practice to destroy old info/data that is no longerrequired, to free up disk space.More importantly, many sectors are governed by laws prohibiting retentionof certain info after a specific time period.Example: Affinity Health Care Digital Copier Mishap,2010Solutions: Policies regarding deletion of old emails, messages, call logs & files Strict reviews of data on all devices on regular continual basis Education of staff around safe destruction of old data Device Management Consoles (again) for remote wiping of lost/stolen devices10 10. B. OTHER ASPECTS OF HUMAN ERROR3. Sharing of User Account Details and PasswordsPassword sharing - convenient & cost saving in relation to certainsystems.Can widen potential for unauthorised access, especially when peopleleave the company.Example: Lincoln National knowing whoAffiliate into what and whenIt also prohibits mgmt from Securities logged(audit trail).Access, 2010Solutions: Assign usernames and PWs specific to individual users & grant/revoke permissions depending on what these users require Policies demanding strong PWs & mandatory routine for changing PWs PWs should be changed when duties are reassigned or employees leave11 11. B. OTHER ASPECTS OF HUMAN ERROR4. Data Theft By Employees/Former EmployeesEmployees gain access to numerous systems through their employmentincluding email accounts, HR payroll systems, etc.Often Companies do not prioritise the practice of updating user access &privileges when employees leave the company, opening the door to data theft bydisgruntled former employees.Example: Fidelity National Information Services DataTheft, 2007Solutions: Policy of updating access and privileges whenemployees leave the company Purchase of systemsto simplify the userprovisioning process 12 12. B. OTHER ASPECTS OF HUMAN ERROR5. Use of company laptops outside of work / personal laptops in theworkplaceIdeally should never use the same device for both if company laptop MUSTbe used, they should never be left unattended or connected to unsecureExample: Saudi Aramco Virus Infection, 2012networks.Solutions: Separate laptops for home and work except whenabsolutely necessary Password protection & no sharing Deletion of sensitive information when no longerneeded Restrictions of the type of data allowed outside theworkplace Encryption of all sensitive information Restrictions on connection to unprotectednetworks 13 13. B. OTHER ASPECTS OF HUMAN ERROR6. General Simple Human CarelessnessBy our nature, humans will suffer lapses in concentration or oversights.In business, carelessness like failure to double check standards or erroneouspublication of data may have disastrous consequences.Example: AOL Release of Search Data, 2006Solutions: Educationofemployeesabout theirresponsibilities regarding data security and theuse of technology to avoid data breaches Preparation & implementation of data breachpolicies and response plans14 14. CONCLUSION Data breaches not necessarily associated with new technologiesand genius hackers Reality: Many can be associated with human error Ponemon: 78% - human negligence or maliciousness Many breaches can easily be avoided Precautions can be aided by technology butold familiar security fundamentals are key: Training & Education Policies, Revisions & Analysis Data Encryption Common Sense & Sound Judgement 15


Recommended

Common Assignment 2 LDC Argumentative Essay: What Role ... · Common Assignment 2 LDC Argumentative Essay: What Role Should Ethics Play in Genetic Testing or Bio-Engineering? Table
Common Assignment 2 LDC Argumentative Essay: What Role ... · Common Assignment 2 LDC Argumentative Essay: What Role Should Ethics Play in Genetic Testing or Bio-Engineering? Table Documents
Lexmark MS810 Series Monochrome Laser Printerpublications.lexmark.com/publications/pdfs/2007/ms81x/Product... · Talk about a top performer. With blazing print speeds and multiple
Lexmark MS810 Series Monochrome Laser Printerpublications.lexmark.com/publications/pdfs/2007/ms81x/Product... · Talk about a top performer. With blazing print speeds and multiple Documents
Professional Ethics 14. Assignment Topics with materials ...kgr.ac.in/beta/wp-content/uploads/2018/09/PE-CF.pdfProfessional Ethics C.Deepika, Assistant Professor 14. Assignment Topics
Professional Ethics 14. Assignment Topics with materials ...kgr.ac.in/beta/wp-content/uploads/2018/09/PE-CF.pdfProfessional Ethics C.Deepika, Assistant Professor 14. Assignment Topics Documents
Lexmark MS810 Series Monochrome Laser Printer - CANCOMmedia.cancom.de/attachments/1/8/1835b216-31df-ea4c-a119-5336f659adbe.pdf¹ Average standard page yield value declared in accordance
Lexmark MS810 Series Monochrome Laser Printer - CANCOMmedia.cancom.de/attachments/1/8/1835b216-31df-ea4c-a119-5336f659adbe.pdf¹ Average standard page yield value declared in accordance Documents
FIN 370 Week 2 Team Assignment Ethics and Compliance Paper.docx
FIN 370 Week 2 Team Assignment Ethics and Compliance Paper.docx Documents
MANPOWER-PROFILE.pdfprofessional ethics, honesty and trust. ... POST ASSIGNMENT SERVICE ... AL HUDA CONTRACTING COMPANY LLC. UTCO ALEC PILOG
MANPOWER-PROFILE.pdfprofessional ethics, honesty and trust. ... POST ASSIGNMENT SERVICE ... AL HUDA CONTRACTING COMPANY LLC. UTCO ALEC PILOG Documents
Veteran’s Day Maj. Ian Irmischer Mapping in the US Army Ethics and Mapping Tweetmap assignment
Veteran’s Day Maj. Ian Irmischer Mapping in the US Army Ethics and Mapping Tweetmap assignment Documents
Business Ethics - Pc-Freak...Business Ethics EBEBEH1A.4 “British Petrol” British Petrolium – “Deepwater Horizon oil spoil” Group Assignment, Prepared By: Georgi Georgiev
Business Ethics - Pc-Freak...Business Ethics EBEBEH1A.4 “British Petrol” British Petrolium – “Deepwater Horizon oil spoil” Group Assignment, Prepared By: Georgi Georgiev Documents
Assignment in Ethics
Assignment in Ethics Documents
Assignment Ethics
Assignment Ethics Documents
business ethics assignment
business ethics assignment Documents
Coaching Philosophy & Ethics module · the social media questions. Coaching Philosophy and Ethics Philosophy and Ethics E-Book Assignments. Coaching Philosophy & Ethics!37 Assignment
Coaching Philosophy & Ethics module · the social media questions. Coaching Philosophy and Ethics Philosophy and Ethics E-Book Assignments. Coaching Philosophy & Ethics!37 Assignment Documents
Lecture # 7 Ethics. In Class Assignment #3 Provide 5 Examples of How an Organization Can Act Ethically?
Lecture # 7 Ethics. In Class Assignment #3 Provide 5 Examples of How an Organization Can Act Ethically? Documents
AC4391 Accounting and Business Ethics Assignment 5 Presentation Group 4
AC4391 Accounting and Business Ethics Assignment 5 Presentation Group 4 Documents
Philosophy & Ethics E-Book - NEACA€¦ · Philosophy & Ethics E-Book Assignment 1. Complete ALL of the questions presented in this E-Book. a. Be sure that your coaching philosophy
Philosophy & Ethics E-Book - NEACA€¦ · Philosophy & Ethics E-Book Assignment 1. Complete ALL of the questions presented in this E-Book. a. Be sure that your coaching philosophy Documents
An assignment for Ethics: the Protestantism
An assignment for Ethics: the Protestantism Education
Assignment 2 ethics 16th jan 2013
Assignment 2 ethics 16th jan 2013 Documents
AMERICAN BAR ASSOCIATION COMMISSION ON ETHICS … · an assignment of an interest in ... the American Bar Association Commission on Ethics 20/20 formed a Working Group to study the
AMERICAN BAR ASSOCIATION COMMISSION ON ETHICS … · an assignment of an interest in ... the American Bar Association Commission on Ethics 20/20 formed a Working Group to study the Documents