PeopleProcessAndTechnology

Document Sample
PeopleProcessAndTechnology Powered By Docstoc
					People, Process
and Technology



Andy Papadopoulos
Fighting Fraud
 Go after low hanging fruit
   – start with the most sensitive data and the
   areas where they are vulnerable
   - then work outwards


 Leverage existing investments in Microsoft
 technologies

 Implement Scorecards and Monitoring
Today‟s Information Challenge
     More than 80% of enterprise's digitized information
     reside in individual hard drives and in personal files
     and 80% of the data is unstructured, not secure nor
     backed up.


     Employees get 50%-75% of their relevant
     information directly from other people


     Individuals hold the key to the knowledge
     economy and most of it is lost when they
     leave the enterprise


                     Source: Gartner Group/CIBC World Markets
  Availability                                            Integrity
Maximize functionality and                              Ensure accuracy of data
         uptime                                           and data processing




                             Trust
                         Confidence to transact


                      Confidentiality
                   Ensure privacy of user information
                           and transmission
  Workplace E-mail Stats

                                                                              Weighted
          Emails per day (%)                 100+       ≥50       31-49
                                                                               Total
Estimate the percentage                         21        18          10            16
email increase in the past
12 months (2002-3)
In your opinion, is email         No                0     27          58            35
communication at your          Potentially      14        20          17            21
workplace out of control?
                                 Yes            86        53          25            44
Should elimination of bad        Yes            90        86          67            78
email habits be a                 No            10            6           3          9
corporate responsibility?
                               Don‟t know           0         7       29            13

                                              Christina Cavanagh
                                              Professor, Richard Ivey School of Business
Keeping it Confidential

  Don‟t add layers …. Users won‟t use them
    Take advantage of tools already in place with
    the interfaces they are already used to



Information Rights Management
Common „problems‟ with data
 Common agreed definitions (shared context)
 lacking
 Inconsistent definitions across applications
 Manual transformations and analysis
 Manual Audit Trails
 Poor Data Quality
 Poor Connectivity from applications to resources
 One Way Data Traffic (errors not corrected at the
 source)
What does FINE mean ?


 “Don‟t worry everything is Fine”

 How do I get the validation I need
   Make use of dashboards and scorecards
Service Level Reporting
The Identity Lifecycle
                     Retire User
                      Delete/Freeze Accounts
                      Delete/Freeze Entitlements




New User
 User ID Creation                                  Password Mgmt
 Credential Issuance                                Strong Passwords
 Access Rights                                      “Lost” Password
                                                     Password Reset


                             Account Changes
                              Promotions
                              Transfers
                              New Privileges
                              Attribute Changes
Identity Business Impact
 24% lower productivity
   End user spends 16 minutes a day logging in to various system
   Provisioning new users take 28 hours longer than business
   requirements
 Increased IT Operational Costs
   Roughly 48% of help desk calls are password resets ($45-$153 each)
   User management consumers 5.25% of all IT productivity
   Most admin tasks (moves, adds, changes) take 10x longer than necessary

 23% additional security risks
   Only 70% of users deleted on departure
   New users provisioned to 16 apps, on departure deleted from 10
   A survey of over 600 organizations concluded that the average cost impact
   of security breaches on each organization alone is over $972K*

                                           Source: Metagroup/PwC Survey 2002, * CSI/FBI Survey
It‟s a Virtual World …
 The fine balance between keeping safe
 and allowing employees to do their jobs.

 Workforce is mobile

 Laptops are everywhere
Mobile Workforce
Why We Need Quarantine

                        VPN Connection
                                                          Internal
 Mobile Laptop                            Remote Access   Network
                    Dialup                   Server

                               Internet
                 Cable Modem
                    or DSL




Home Machine
Internet and PC Usage Policy

 “I didn‟t know I couldn‟t sell stuff on ebay 4
 hours a day ….”

 Put it in writing, keep it current, make it
 part of your HR process.
Microsoft Best Practice Tools
 Microsoft Baseline Security Analyzer
 Exchange Best Practice Analyzer
 SQL Best Practice Analyzer

 Validates that your installation and
 configuration are done to best practice
 guidelines
Microsoft Security Assessment Tool


 Free tool to drive security awareness
 around people, process and technology

 Download from:
     www.securityguidance.com
A Layered Approach to
Compliance
  Engages the entire
  business for            Legislation
  success                   Policies
  Allows for the          Procedures
  allocation of         Physical Controls
  controls outside of      Application
  IT                        Features

                           Inherent
                            System
                          Capabilities
A Layered Approach to Security

            Data             Access controls- data encryption

        Applications          Application hardening, antivirus
                             OS hardening, patch management,
    Desktop and Servers      authentication
      Internal Network       Firewalls, VPN quarantine

         Perimeter            Network segments, Isolation

      Physical Security      Guards, locks, tracking devices
   Policies, Procedures, &
          Awareness          Documented Process and User
                             Education !
Discovery Session Offer
1-2 day offer from Office Systems Team
Makes use of scorecards and collaboration

  Show you how you can use tools to better
  communicate/collaborate/share
  Show accountability to stakeholders

            andy@legendcorp.com
Summary
 Leverage investments already made with
 Microsoft Technology

 Make use of scorecards and monitoring
 systems to ensure things really are FINE