internal risk s and threats

Security BreachesHackers vs Insiders

2005 survey done by the U.S. Secret Service in conjunction with CERT

The survey shows that of the insiders who cause security breaches, 59 percent were former employees or former contractors. Of those, 48 percent had been fired, 38 percent had resigned and 7 percent had been laid off.

Witiger.com> http://itmanagement.earthweb.com/career/article.php/3595456

3Slide 3 of 19Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007

Agenda


What is Internal Threat?

in·ter·nal [in-tur-nl] Pronunciation Key

–adjective 1. situated or existing in the interior of

something; interior


threat (thrět) n. 1. An expression of an intention to

inflict pain, injury, evil, or punishment.

2. An indication of impending danger or harm.

3. One that is regarded as a possible danger; a menace.


Internal + Threat

In terms of business Internal threats expose the business making it vunerable

CAUSE: Active employee Ex-employee Third party


Internal Threats

Not easy to find information and examples makes vulnerabilities public knowledge Weakens investor confidence If deposit taking institution may cause

“run on the bank” Makes the company look bad in the

public eye Negative PR = NOT GOOD


Who is effected?

Customers

The business

Third Party


What can Happen?

Lost profits Lost market share Lost investor confidence Negative PR


Influencing Environments

o Economic Environment o Competitive Environment o Political Environment o Social/Cultural Environment o Technological Environment


Economical and Competitive 3rd party

Outsourcing – cut costs Cut corners

Former Employee Former Employees – economic some employees are enticed,

(sometimes by their new employers) to use their old company passwords and inside information to acquire confidential information) to use their old company


Social and Cultural

Former Employees Who has some grudge against company

(for being laid off or fired maybe) and have malicious intentions in creating a situation adverse to business operations)


Political

Legislature related to client information retention

CSB investors victimized

Sponsorship Scandel


Technological

Hard to keep up with in order to prevent threats

“Vishing”


What are the measures to deal with the risks? Train and educate employees Having a security system Contracts


4. Future Circumstances

Coke will be reviewing its security measures currently in place

Competition is becoming fierce, not all companies can be expected to act like Pepsi and do the right thing


Ability to Handle Internal Threats Spread the info amongst a few

employees Employees are assigned a level based

on their position in the company. All sensitive info is also assigned a level Only high level employee’s can see highly

confidential information. Intranet Removing access (passwords) a day

before termination


Handling Third Parties

Companies have a disclaimer when using a third party. To inform the customer that the offer or

service is from another company


What have we learned?

internal risk s and threats

Documents

student project

confidential information

internal threatsnot

business operationsslide

old company passwords

security systemcontractsslide

political legislature

old companyslide