Tuesday, March 20, 2012

Top 10 Internal Threat CERT 2012

Dawn Cappelli, technical manager at Carnegie Mellon University's CERT Insider Threat Center, spoke at the RSA conference in San Francisco on the best ways to stop insider data breaches.
Create clear security policies such as: "If you get caught, we log everything that everyone does here, and the evidence is going to point to you."
Here are two of Cappelli's top 10 ways to stop insider breaches.
  • Protect crown jewels first
    To put an effective insider-threat program in place, first ask: What's the single most important piece of information in your company? Then secure it, preferably not just with encryption, but also by restricting access, as well as logging and monitoring who touches that data.

  • Train employees to resist recruiters
    Many employees who commit fraud are recruited from outside and insiders often say that they're not committing a crime, but rather just giving data to someone else, who then commits a crime. Alter such thinking by creating clear, related security policies such as: "If you get caught, we log everything that everyone does here, and the evidence is going to point to you.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) 10 Best Ways To Stop Insider Attacks - InformationWeek, March 13, 2012

No comments:

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.