Upload
identityautomation
View
86
Download
1
Tags:
Embed Size (px)
Citation preview
Introductions
Troy Moreland - Founder & CTOJosh Orum - MarketingJames Orrange - Enterprise SalesEric Capistran - Enterprise Sales
Mitigation Steps
● Define risks● Prioritize risks● Recommend controls● Prioritize control actions● Select controls● Implement control actions● Review and refine control actions
Identify Threats and Define Controls
(1)Risk
(2)RiskLevel
(3)Recommend
edControls
(4)ActionPriority
(5)SelectedControls
(6)Required
Resources
(7)ResponsibleTeam/Person
(8)Start Date/End Date
(9)MaintenanceRequirement
/Comments
Unauthorized users can telnet to XYZ server and browse sensitive data
High - Disallow inbound telnet- Disallow world access to sensitive company files- Disallow the guest or assign hard-to-guess password
High - Disallow inbound telnet- Disallow world access- Disallow guest
10 hours to reconfigure and test the system
John Doe, XYZ server admin
Jim Smith, firewall admin
9-1-2010 to9-2-2010
- Perform periodic system review and testing to ensure adequate security
“According to a report from the Identity Theft Resource Center the number of data breaches in 2014 increased 27.5 percent over the previous
year.”
“In a recent USA Today article, Michael Bruemmer, vice president of consumer protection at credit
information company Experian Consumer Services, pointed to a relatively unknown breach in Korea
where a worker at the Korea Credit Bureau hacked into a database and stole 27 million records
containing personal and credit card information.”
“JPMorgan Chase & Co., which has racked up more than $36 billion in legal bills since the
financial crisis, is rolling out a program to identify rogue employees before they go
astray, according to Sally Dewar, head of regulatory affairs for Europe, who’s overseeing the
effort. Dozens of inputs, including whether workers skip compliance classes, violate
personal trading rules or breach market-risk limits, will be fed into the software.”
Verizon 2014 Data Breach Investigations Report:
"61% of breaches were direct hacking- Targeting individual accounts (Passwords
hacked, privileges gained for authorized access)"
“18% of incidents were insider misuse:- Inappropriate or malicious use of privileges”
“89% of employees retained access to at least one app from a former employer”
“66% had access to corporate data via cloud apps after they left the company”
“45% retained access to ‘confidential’ or ‘highly confidential’ data”
“49% logged into an account after leaving the company”
Insider Threats Risks● Lack of access governance● Manual identity provisioning/de-
provisioning● Existing access never removed● Access campaigns too cumbersome● Too many passwords and complex
policies● Limited use of multi-factor
authentication● Too many back door accounts● ...
(1)Risk
(2)RiskLevel
(3)Recommend
edControls
(4)ActionPriority
(5)SelectedControls
(6)Required
Resources
(7)ResponsibleTeam/Person
(8)Start Date/End Date
(9)MaintenanceRequirement
/Comments
Manual identity provisioning/de-provisioning
High
Existing access never removed
High
(1)Risk
(2)RiskLevel
(3)Recommended
Controls
(4)ActionPriority
(5)SelectedControls
(6)Required
Resources
(7)ResponsibleTeam/Person
(8)Start Date/End Date
(9)MaintenanceRequirement
/Comments
Manual identity provisioning/ de-provisioning
High - Implement automated identity lifecycle mangement solution
High
Existing access never removed
High - Implement access certification campaigns- Implement time-based access certification
High
...
Profiles Groups
Accounts Self Service
Passwords Integration
Authentication
Federation
Single Sign-On
Entitlements Requests
Roles Certification
Policy Delegation
Access Privileged Intelligence Compliance
Identity Administration
Identity Governance
Text Files
Database
Directory
EmailCloud App APIs
Endpoints
Elevated
Linked
Shared
Reconciliation
Analytics
Correlation
Events
Tracking
Reporting
Risk
Profiles Groups
Accounts Self Service
Passwords Integration
Authentication
Federation
Single Sign-On
Entitlements Requests
Roles Certification
Policy Delegation
Access Privileged Intelligence Compliance
Identity Administration
Identity Governance
Text Files
Database
Directory
EmailCloud App APIs
Endpoints
Elevated
Linked
Shared
Reconciliation
Analytics
Correlation
Events
Tracking
Reporting
Risk
(1)Risk
(2)RiskLevel
(3)Recommended
Controls
(4)ActionPriority
(5)SelectedControls
(6)Required
Resources
(7)Responsi
bleTeam/Person
(8)Start Date/End Date
(9)MaintenanceRequirement
/Comments
Manual identity provisioning/ de-provisioning
High - Implement automated identity lifecycle mangement solution
High - Implement automated identity lifecycle mangement solution
RapidIdentity
- Sysadmins- Identity Specialists
- CSO, CIO
Existing access never removed
High - Implement access certification campaigns- Implement time-based access certification
High - Implement time-based access certification
RapidIdentity
- Sysadmins- Identity Specialists
- CSO, CIO
...
Action Items
Next 30 Days❏ Download this presentation❏ Identify Insider Threats
Next 60 Days ❏ Define Controls to Mitigate Insider Threats
Within 6 Months❏ Implement Control Actions (RapidIdentity)