Date post: | 14-Jul-2015 |
Category: |
Technology |
Upload: | infinit-innovationsnetvaerket-for-it |
View: | 68 times |
Download: | 1 times |
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.2
The Insider Threat
• The conscious:
– The disgruntled employee
– The opportunist
– The idealist
– The fundamentalist
• The mindless:
– Want to do their job
– Want to be helpful
– Pure negligence
• The compromised:
– Malware, APT, Virus, exploits etc.
– Social Engineering
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.3
Protection
User & Access
Mgt.
Infrastructure
Content
INFO
Protection
Kilde: Ken Willén
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.4
Management
Execution
CompetenciesProcedures & Processes
Insight
User & Access
Mgt.
Infrastructure
Content
INFO
Protection
Management
Kilde: Ken Willén
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.5
Compliance
Business
Execution
CompetenciesProcedures & Processes
Insight
User & Access
Mgt.
Infrastructure
Content
INFO
Protection
Management
Business
Kilde: Ken Willén
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.6
Protection and Insider Threats
User & Access
Mgt.
Infrastructure
Content
INFO
Protection
Maturity and requirements
Kilde: Ken Willén
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.7
Compliance
What to do?
Execution
CompetenciesProcedures & Processes
Insight
User & Access
Mgt.
Infrastructure
Content
INFO
Protection
Management
Business
Kilde: Ken Willén
12
All types of attacks misuse Identities!
• Insider attacks
• Accidental disclosures
• Hackers
• Targeted Attacks
15
Focus on the basicsIdentity, Access & Security together
Enforce access controls
Monitor user
activity
Minimizerights
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.16
Balanced Risk Appetite
Identity ManagementLeast Privileged
Access ManagementPolicy Enforcement
Security MonitoringUser Control
Minimal Risk Appetite
AcceptedRisk Appetite
This document could include technical inaccuracies or typographical errors. Changes are
periodically made to the information herein. These changes may be incorporated in new
editions of this document. NetIQ Corporation may make improvements in or changes to the
software described in this document at any time.
Copyright © 2014 NetIQ Corporation and its affiliates. All Rights Reserved.
ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, the
cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration
Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy
Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit,
PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite,
Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ
Corporation or its subsidiaries in the United States and other countries.