Insider Threat

1
Insider Threat

• Toronto
• 22 February 2006

2
Problem Statement

• Insider
• Person that works inside an organization
• Employees
• Permanent
• Temporary
• Co-op
• Contractors
• Partners
• Support Personnel

3
Problem Statement

• The Threat
• There is a lot of evil PEOPLE out there and they
  all want to get us
• If they are out there we are OK Inside,
• Security for Real Dummies by Dilbert

4
The Reasonable ThreatPeople

• Glory Seeker
• Vendetta Disgruntled Employees and Others
• The Curious and the Incompetent
• The Greedy
• Management

5
The Carl Bond School of Management
6
Threat

• Threats are meaningless until they are qualified
  as risks
• We know what the story is, why do we care?
• Money
• Time
• Bandwidth
• Image

7
Back to the Problem and the Solutions

• Know the What and Why
• Know your assets
• Network structure, its components
• The geography of your organization
• The nature of the Data and its value
• Know the operational and processing needs
• Know the your legal requirements (PIPEDA, SOX,.)

8
You Will Need to Succeed

• Know your Governance structure and GET MANAGEMENT
  BUY-IN
• WHY
• You will need their Money
• You will need their Support and,
• Most of all you will need somebody to wear the
  unpopular decisions

9
Now you are Ready for Action

• Establish a Usage Policy and publish it
• Start working on the basics while you attack your
  high risk areas
• Use your account management and networking tool
  to organize data access
• Insure logging and proper log review
• Introduce proper entry and departing processes
  for employees
• Insure that standard security measure are in
  place

10
Get more technical

• Introduce data protection for traveling staff
• Encryption
• OTP token
• Introduce end point controls (USB,FW, drives)
• If you have the money, deploy tracking and
  profiling tools

11
Be in the loop

• Dont let your MANAGEMENT leave you behind
• Track the tricks of the trade

12
Elytra Who Are We?
13
Elytra Professional Services
Access Control
Access Authentication
Application Systems Development
Vulnerability Management
Business Continuity
Cryptography
Network Security
Operations Security
Architecture
Security Management Practices
Change Auditing
Law, Investigation Ethics
Intrusion Prevention
Removable Storage Devices
Software Encryption
Hard Drive Encryption
Device Control Auditing
14
Take the 1st Step!!

• Download the Safend Auditor at
• http//www.safend.com/
• Auditor performs a client-less scan of your
  selected domain and generates a report indicating
  what is connected today to the scanned PC(s) or
  has been in the past!
• Its Free!

15
Thanks You for Attending!

• Carl Bond carl.bond_at_elytra.com
• Paul Vaillant paul.vaillant_at_elytra.com
• 613.746.0762