How are your company's defenses? Don't forget to tend to them as your run and grow your business!
Tonight I read the 2010 CyberSecurity Watch Survey. "The 2010 CSO CyberSecurity Watch Survey was sponsored by Deloitte and conducted in 2009 in collaboration with CSO Magazine, the U.S. Secret Service, and the CERT Coordination Center at Carnegie Mellon."
The report hit close to home because in the past 30 days we have:
begun projects with several firms that have had web sites targeted and attacked;
assisted a firm manage an longstanding employee out of the organization because he had "quit and stayed", taking an offer from a competitor while continuing to "work", explore available confidential information and download it, and;
developed an incident handling and forensic process for a large Software as a Service (SaaS).
The report is a quick read (16 pages). I suggest you dive into it and then use it to talk to your HR and IT management to make sure you are properly protected.
Understand the common threats to your business and think about how to prevent them, detect them and respond to them before they occur
Threat models are commonly used in information security analysis to
illustrate the potential for risks to impact an organization. The threat model
is used to describe the characteristics of a given threat and the harm it could
to do a vulnerable system.
If we do a project where we identify threats scenarios we’ll go into
detail.At a simple level we’ll identify
the pieces of the threat scenarios including the actor (WHO), the action (HOW),
the motivation (WHY), the vulnerability exploited (think WEAKNESS) and the
potential impact (think DAMAGE).
We do not address the probability of these events occurring which in
most cases is impossible to predict accurately.
Over your morning coffee run through these common scenarios and ask
yourself if you how they would impact you:
A trusted employee decides
to:
·Download
unauthorized software from the Internet which contains a Trojan horse or other
malicious software.
·Disable
antivirus scanning prior to the download of an emailed MS Office document.
·Transfer
information from a third-party computer to their work computer bringing in a
virus or other malicious software into the company.
·With any
number of portable memory devices data is copied from the network and is stolen
undetected.
A disgruntled employee
decides to retaliate against your company:
·With
knowledge of the backup tape courier routine the tape drop off is intercepted
and the information contained on the tapes are used to attack your company’s
reputation or are used for material gain.
·With any
number of portable memory devices data is copied from the network and is stolen
undetected.
A former employee decides to
retaliate against your company:
·With a
haphazard termination process the former employee uses his/her still active
network access and credentials to damage or steal information from an outside
location.
·With a
haphazard termination process the former employee gains access to a company
facility and uses his/her still active network credentials to damage or steal
information from an outside location.
An authorized visitor or an unauthorized visitor or intruder
penetrates one of your company’s facilities and:
·Unchallenged
as they walk the floors of the facility they exploit targets of opportunity
such as unlocked, unattended systems, backup tapes set unsecured waiting for
courier pickup, etc.
A third party caretaker of your
company information has a security incident.While that incident may not impact your company network, your company
has no controls to prevent that incident from impacting your company at a
business level.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=7ed99951-a1cf-4224-88f2-d39e527c79ec)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=9c826844-be73-4e29-89dd-3da52a8fe1cb)
