internal risk s and threats
DESCRIPTION
Internal Risk s and threats. Security Breaches Hackers vs Insiders. 2005 survey done by the U.S. Secret Service in conjunction with CERT - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Internal Risk s and threats](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56812af3550346895d8ed91a/html5/thumbnails/1.jpg)
![Page 2: Internal Risk s and threats](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56812af3550346895d8ed91a/html5/thumbnails/2.jpg)
Security BreachesHackers vs Insiders
2005 survey done by the U.S. Secret Service in conjunction with CERT
The survey shows that of the insiders who cause security breaches, 59 percent were former employees or former contractors. Of those, 48 percent had been fired, 38 percent had resigned and 7 percent had been laid off.
Witiger.com> http://itmanagement.earthweb.com/career/article.php/3595456
![Page 3: Internal Risk s and threats](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56812af3550346895d8ed91a/html5/thumbnails/3.jpg)
3Slide 3 of 19Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Agenda
![Page 4: Internal Risk s and threats](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56812af3550346895d8ed91a/html5/thumbnails/4.jpg)
4Slide 4 of 19Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
What is Internal Threat?
in·ter·nal [in-tur-nl] Pronunciation Key
–adjective 1. situated or existing in the interior of
something; interior
![Page 5: Internal Risk s and threats](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56812af3550346895d8ed91a/html5/thumbnails/5.jpg)
5Slide 5 of 19Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
threat (thrět) n. 1. An expression of an intention to
inflict pain, injury, evil, or punishment.
2. An indication of impending danger or harm.
3. One that is regarded as a possible danger; a menace.
![Page 6: Internal Risk s and threats](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56812af3550346895d8ed91a/html5/thumbnails/6.jpg)
6Slide 6 of 19Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Internal + Threat
In terms of business Internal threats expose the business making it vunerable
CAUSE: Active employee Ex-employee Third party
![Page 7: Internal Risk s and threats](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56812af3550346895d8ed91a/html5/thumbnails/7.jpg)
7Slide 7 of 19Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Internal Threats
Not easy to find information and examples makes vulnerabilities public knowledge Weakens investor confidence If deposit taking institution may cause
“run on the bank” Makes the company look bad in the
public eye Negative PR = NOT GOOD
![Page 8: Internal Risk s and threats](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56812af3550346895d8ed91a/html5/thumbnails/8.jpg)
8Slide 8 of 19Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Who is effected?
Customers
The business
Third Party
![Page 9: Internal Risk s and threats](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56812af3550346895d8ed91a/html5/thumbnails/9.jpg)
9Slide 9 of 19Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
What can Happen?
Lost profits Lost market share Lost investor confidence Negative PR
![Page 10: Internal Risk s and threats](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56812af3550346895d8ed91a/html5/thumbnails/10.jpg)
10Slide 10 of 19Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Influencing Environments
o Economic Environment o Competitive Environment o Political Environment o Social/Cultural Environment o Technological Environment
![Page 11: Internal Risk s and threats](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56812af3550346895d8ed91a/html5/thumbnails/11.jpg)
11Slide 11 of 19Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Economical and Competitive 3rd party
Outsourcing – cut costs Cut corners
Former Employee Former Employees – economic some employees are enticed,
(sometimes by their new employers) to use their old company passwords and inside information to acquire confidential information) to use their old company
![Page 12: Internal Risk s and threats](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56812af3550346895d8ed91a/html5/thumbnails/12.jpg)
12Slide 12 of 19Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Social and Cultural
Former Employees Who has some grudge against company
(for being laid off or fired maybe) and have malicious intentions in creating a situation adverse to business operations)
![Page 13: Internal Risk s and threats](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56812af3550346895d8ed91a/html5/thumbnails/13.jpg)
13Slide 13 of 19Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Political
Legislature related to client information retention
CSB investors victimized
Sponsorship Scandel
![Page 14: Internal Risk s and threats](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56812af3550346895d8ed91a/html5/thumbnails/14.jpg)
14Slide 14 of 19Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Technological
Hard to keep up with in order to prevent threats
“Vishing”
![Page 15: Internal Risk s and threats](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56812af3550346895d8ed91a/html5/thumbnails/15.jpg)
15Slide 15 of 19Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
What are the measures to deal with the risks? Train and educate employees Having a security system Contracts
![Page 16: Internal Risk s and threats](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56812af3550346895d8ed91a/html5/thumbnails/16.jpg)
16Slide 16 of 19Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
4. Future Circumstances
Coke will be reviewing its security measures currently in place
Competition is becoming fierce, not all companies can be expected to act like Pepsi and do the right thing
![Page 17: Internal Risk s and threats](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56812af3550346895d8ed91a/html5/thumbnails/17.jpg)
17Slide 17 of 19Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Ability to Handle Internal Threats Spread the info amongst a few
employees Employees are assigned a level based
on their position in the company. All sensitive info is also assigned a level Only high level employee’s can see highly
confidential information. Intranet Removing access (passwords) a day
before termination
![Page 18: Internal Risk s and threats](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56812af3550346895d8ed91a/html5/thumbnails/18.jpg)
18Slide 18 of 19Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
Handling Third Parties
Companies have a disclaimer when using a third party. To inform the customer that the offer or
service is from another company
![Page 19: Internal Risk s and threats](https://reader036.vdocuments.mx/reader036/viewer/2022062516/56812af3550346895d8ed91a/html5/thumbnails/19.jpg)
19Slide 19 of 19Student project in FSM 620; Eric H., Zac H., Rameez H. April 2007
What have we learned?