The document outlines a risk assessment of various assets including software, databases, hardware, networks, and human factors. It identifies inherent risks and residual risks after compensating controls. It then discusses plans to contain incidents, communicate to stakeholders, address risks through technical and third party means, and revamp employee training. It also outlines current and enhanced network topologies. Finally, it describes a cybersecurity framework taking a "Identify-Protect-Detect-Respond-Recover" approach.
Lecture Data Classification And Data Loss Prevention
Insider Threat Final Powerpoint Prezi
1.
2.
3.
4. • STAKEHOLDERS
• Internal
• External
• RISK ASSESSMENT
Assets Probability
(P)
Impact
(I)
Inherent
Risk = P x I
Compensating
Controls
Residual
Risk
Software Medium High High • Patch Management
• White Listing
Medium
Databases Medium High High • Encryption Medium
Hardware Low Medium Medium • Blocking External
Devices
Low
Network Medium Medium Medium • Monitoring Low
Human
Factor
Medium High High • Training & Awareness
• Reporting Structure
• Anti-Retaliation Policy
• Open-Door Policy
Medium
Access
Control
Medium High High • Least User Privileges Medium
6. • Background Checks/Ongoing Employee Screening
• Cyber Vetting
• Monitoring user activity
• Unauthorized use of personal devices
• Security Information and Event Management
• Policies on Confidential Reporting
• Anti-retaliation Policy
• Open-door Policy
7. Plan and Protect
• Create an Incident
Response Team
Containing the Incident
• Isolate affected files or
networks
• Backup files on servers and
hard drives
• Remove access upon
termination
Communication to Stakeholders
• Internal Stakeholders
• Business Operations
• Oversight
• Board of Directors
• External Stakeholders
• Law Enforcement
• Regulatory Agencies
8. Technical Aspect:
• Encryption
• New Intrusion Prevention Systems
• Anti-malware tools
Third Party Involvement:
• Legal and Insurance Assessments
• Notifications of Incidents to:
• S&E, FTC, FBI
Behavioral:
• Revamped Employee Training
Modules
Press Involvement:
• Press Statements
• Maintains the integrity of the
company
Looking Towards The Future!