People, Process and Technology Andy Papadopoulos.
-
Upload
esperanza-parker -
Category
Documents
-
view
220 -
download
0
Transcript of People, Process and Technology Andy Papadopoulos.
People, Process People, Process and Technologyand TechnologyPeople, Process People, Process and Technologyand Technology
Andy PapadopoulosAndy Papadopoulos
Fighting FraudFighting Fraud
Go after low hanging fruit Go after low hanging fruit – – start with the most sensitive data and start with the most sensitive data and the areas where they are vulnerable the areas where they are vulnerable
- then work outwards - then work outwards
Leverage existing investments in Leverage existing investments in Microsoft technologiesMicrosoft technologies
Implement Scorecards and Implement Scorecards and Monitoring Monitoring
More than More than 80%80% of enterprise's digitized of enterprise's digitized information information reside in individual hard drivesreside in individual hard drives and in personal files and 80% of the data is and in personal files and 80% of the data is unstructured, not secure nor backed up.unstructured, not secure nor backed up.
Individuals hold the key to the Individuals hold the key to the knowledge economy and most of it is knowledge economy and most of it is lost when they leave the enterpriselost when they leave the enterprise
Employees get 50%-75% of their Employees get 50%-75% of their relevant information directly from other relevant information directly from other peoplepeople
Today’s Information Today’s Information ChallengeChallenge
Source: Gartner Group/CIBC World Markets
ConfidentialityEnsure privacy of user
information and transmission
IntegrityEnsure accuracy of data
and data processing
AvailabilityMaximize functionality and
uptime
TrustConfidence to transact
Workplace E-mail StatsWorkplace E-mail Stats
Emails per day (%) 100+ ≥50 31-49 Weighted Total
Estimate the percentage email increase in the past 12 months (2002-3)
21 18 10 16
In your opinion, is email communication at your workplace out of control?
No 0 27 58 35Potentially 14 20 17 21
Yes 86 53
25 44
Should elimination of bad email habits be a corporate responsibility?
Yes 90 86 67 78
No 10 6 3 9Don’t know
0 7 29 13Christina CavanaghProfessor, Richard Ivey School of Business
Keeping it ConfidentialKeeping it Confidential
Don’t add layers …. Users won’t use Don’t add layers …. Users won’t use themthem
Take advantage of tools already in place Take advantage of tools already in place with the interfaces they are already used with the interfaces they are already used to to
Information Rights ManagementInformation Rights Management
Common ‘problems’ with Common ‘problems’ with datadata
Common agreed definitions (shared Common agreed definitions (shared context) lackingcontext) lacking
Inconsistent definitions across applicationsInconsistent definitions across applications
Manual transformations and analysisManual transformations and analysis
Manual Audit TrailsManual Audit Trails
Poor Data Quality Poor Data Quality
Poor Connectivity from applications to Poor Connectivity from applications to resourcesresources
One Way Data Traffic (errors not corrected One Way Data Traffic (errors not corrected at the source)at the source)
What does FINE mean ?What does FINE mean ?
““Don’t worry everything is Fine”Don’t worry everything is Fine”
How do I get the validation I need How do I get the validation I need Make use of dashboards and scorecardsMake use of dashboards and scorecards
Service Level ReportingService Level Reporting
The Identity LifecycleThe Identity Lifecycle
New User User ID Creation Credential Issuance Access Rights
Account Changes Promotions Transfers New Privileges Attribute Changes
Password Mgmt Strong Passwords “Lost” Password Password Reset
Retire User Delete/Freeze Accounts Delete/Freeze Entitlements
Identity Business Impact Identity Business Impact
24% lower productivity24% lower productivityEnd user spends 16 minutes a day logging in to various End user spends 16 minutes a day logging in to various systemsystem
Provisioning new users take 28 hours longer than business Provisioning new users take 28 hours longer than business requirementsrequirements
Increased IT Operational CostsIncreased IT Operational CostsRoughly 48% of help desk calls are password resets ($45-$153 Roughly 48% of help desk calls are password resets ($45-$153 each)each)
User management consumers 5.25% of all IT productivityUser management consumers 5.25% of all IT productivity
Most admin tasks (moves, adds, changes) take 10x longer than Most admin tasks (moves, adds, changes) take 10x longer than necessarynecessary
23% additional security risks23% additional security risksOnly 70% of users deleted on departureOnly 70% of users deleted on departure
New users provisioned to 16 apps, on departure deleted from 10New users provisioned to 16 apps, on departure deleted from 10
A survey of over 600 organizations concluded that the average A survey of over 600 organizations concluded that the average cost impact of security breaches on each organization alone is cost impact of security breaches on each organization alone is over $972K*over $972K*
Source: Metagroup/PwC Survey 2002, * CSI/FBI Survey
It’s a Virtual World …It’s a Virtual World …
The fine balance between keeping The fine balance between keeping safe and allowing employees to do safe and allowing employees to do their jobs.their jobs.
Workforce is mobileWorkforce is mobile
Laptops are everywhere Laptops are everywhere
Mobile Workforce Mobile Workforce Why We Need QuarantineWhy We Need Quarantine
Internal NetworkRemote Access
Server
Internet
Mobile Laptop
Home Machine
VPN Connection
Dialup
Cable Modemor DSL
Internet and PC Usage Internet and PC Usage PolicyPolicy
““I didn’t know I couldn’t sell stuff on I didn’t know I couldn’t sell stuff on ebay 4 hours a day ….”ebay 4 hours a day ….”
Put it in writing, keep it current, make Put it in writing, keep it current, make it part of your HR process. it part of your HR process.
Microsoft Best Practice Microsoft Best Practice Tools Tools
Microsoft Baseline Security AnalyzerMicrosoft Baseline Security Analyzer
Exchange Best Practice AnalyzerExchange Best Practice Analyzer
SQL Best Practice AnalyzerSQL Best Practice Analyzer
Validates that your installation and Validates that your installation and configuration are done to best configuration are done to best practice guidelinespractice guidelines
Microsoft Security Assessment Microsoft Security Assessment ToolTool
Free tool to drive security awareness Free tool to drive security awareness around people, process and around people, process and technologytechnology
Download from:Download from:
www.securityguidance.comwww.securityguidance.com
A Layered Approach to A Layered Approach to ComplianceCompliance
Engages the Engages the entire business entire business for successfor success
Allows for the Allows for the allocation of allocation of controls outside controls outside of ITof IT
LegislationLegislation
PoliciesPolicies
ProceduresProcedures
Physical ControlsPhysical Controls
Application Features
Application Features
Inherent System
Capabilities
Inherent System
Capabilities
A Layered Approach to A Layered Approach to SecuritySecurity
Policies, Procedures, & Awareness
Policies, Procedures, & Awareness
OS hardening, patch management, OS hardening, patch management, authenticationauthentication
Firewalls, VPN quarantineFirewalls, VPN quarantine
Guards, locks, tracking devicesGuards, locks, tracking devices
Network segments, IsolationNetwork segments, Isolation
Application hardening, antivirusApplication hardening, antivirus
Access controls- data encryptionAccess controls- data encryption
Documented Process and User Documented Process and User Education !Education !
Physical SecurityPhysical Security
PerimeterPerimeter
Internal NetworkInternal Network
Desktop and Servers
Desktop and Servers
ApplicationsApplications
DataData
Discovery Session OfferDiscovery Session Offer
1-2 day offer from Office Systems 1-2 day offer from Office Systems TeamTeam
Makes use of scorecards and Makes use of scorecards and collaboration collaboration
Show you how you can use tools to Show you how you can use tools to better communicate/collaborate/sharebetter communicate/collaborate/share
Show accountability to stakeholdersShow accountability to stakeholders
[email protected]@legendcorp.com
SummarySummary
Leverage investments already made Leverage investments already made with Microsoft Technologywith Microsoft Technology
Make use of scorecards and Make use of scorecards and monitoring systems to ensure things monitoring systems to ensure things really are FINEreally are FINE