NTXISSACSC3 - How Threat Modeling Can Improve Your IAM Solution by John Fehan
Survey - Add IAM to Improve Security
-
Upload
mcollins -
Category
Data & Analytics
-
view
71 -
download
0
description
Transcript of Survey - Add IAM to Improve Security
Survey Results: IT Security Executives
Survey conducted in March 2014 by CourionAt companies of 500+ employees, all geographiesPolled over 4,000 IT security executivesResponse rate of 3 percent
IT Security Executives are Not Getting Much Sleep Lately . . .
78% are Anxious About a Possible Breach . . .
Source: Courion survey of 4,000+ IT security executives conducted in March 2014
With Good Reason: Breaches are on the Rise
Source: Risk Based Security, Open Security Foundation, February 2013
Source: PWC Global State of Information Security Survey, 2014
In Case You Need More Convincing . . .
IT Security Executive Becomes Brand Champion
IT Security Executive: the New Front Line for the Brand
If a breach occurred to your organization, what do you fear most?
Source: Courion survey of 4,000+ IT security executives conducted in March 2014
Aware of Possible Negative Media Fallout from a Breach
They Understand a Breach Could Damage Reputation
And Have a Material Effect on Stock Price
IT Security Executive as Key to Customer Privacy
They Know Job #1 is Protection of Customer Data
What is your #1 goal in addressing a significant security breach?
Source: Courion survey of 4,000+ IT security executives conducted in March 2014
2014 IT Security Priorities:Employee Education + Better Access Management
What do you feel should be the top security priority within your organization in 2014?
Source: Courion survey of 4,000+ IT security executives conducted in March 2014
Research Agrees on Need to Focus on Inside Threat:
Privilege Abuse Cited in 88% of Insider Misuse Cases
Source: Verizon Data Breach Investigatios Report 2014
Top 10 Threat Action Varieties Within Insider Misuse
So While Identity Management is Top of Mind for IT Security
Source: 451 Group
Employee Indifference May be a Challenge
Perhaps Not All Stakeholders Take Security SeriouslyDo you feel each of these stakeholders takes preventing security breaches seriously:
Source: Courion survey of 4,000+ IT security executives conducted in March 2014
Access Privileges Must Be Proactively Controlled,Abandoned Accounts Eliminated
Recommended Controls for Insider & Privilege Misuse - Verizon DBIR 2014
• Know your data and who has access to it• Review user accounts• Watch for data exfiltration• Publish audit results
Source: Verizon Data Breach Investigations Report 2014
So What Can You Do?Make
Identity & Access Managementpart of
Your Security Strategy
Improve Security with Identity & Access Management
Source: SANS.org
Recommendations for Access Control:
Visa Data Security Alert, August 2013
• Create segregation of duties (SoD) policies betweenpayment and non-payment application access
• Apply access controls lists segmenting public facing andbackend database systems
• Assign strong passwords to prevent application modification
• Implement least privileges and access control listson users and applications
• Limit administrative privileges on users and applications
• Use intelligence to analyze and uncover malicious behavior
Source: VISA Data Security Alert August 2013 http://usa.visa.com/download/merchants/Bulletin__Memory_Parser_Update_082013.pdf
Thank You.
To Learn More:866.Courion
Improve Security with Identity & Access Management