Category: Uncategorized

According to a new study by security vendor McAfee of 1,000 IT decision makers, 41 percent said employee layoffs resulting from the recession represent the greatest threat to their computer security.

Organizations often over-extend their zones of trust to employees since they have a natural inclination to entrust them with privileges until their services are no longer needed or they do something to violate that trust.

For large companies executing mass layoffs—such as the 21,000-plus companies last year did—identity management is a major issue, says Brian Wolfe, co-founder and partner at Laurus Technologies, a solution provider in Itasca, Ill., that—among other things—specializes in security and identity management implementations.

“If you have large layoffs and you don’t have a provisioning system, and you’re going to revoke accounts manually, mistakes will be made,” Wolfe said.

Good identity management platforms—such as those offered by RSA Security, IBM, Courion and BMC Software—are more than just access control and single sign-on (SSO) applications. They create and provision accounts across networks and a broad array of applications based on employees’ specific job functions (role-based) or through group policies, manage accounts through the lifecycle of an account holder’s employment and, when necessary, ensure access rights are properly and thoroughly revoked when the person leaves—voluntary or involuntary—the organization.

Laurus Technologies service a number of enterprise’s identity management needs, and Wolfe says most are reaping the benefits of their investments now that they have to cut their labor forces. “For companies we’ve done implementations for, they’re able to bulk operations; they have a pretty easy time of disposing of a large number of accounts,” Wolfe says.

The situation is critical during a layoff or reduction in force, since an organization needs immediate revocation of network and application privileges to prevent pilfering of data and sabotage of systems.

http://www.channelinsider.com/c/a/Security/During-Layoffs-Superior-ID-Management-is-an-Imperative/

With the world economy in a state of turmoil, markets correcting themselves and employers reducing staff, the pull of illicit insider activity is stronger than ever. It may begin with the “dead wood,” but inevitably some companies are going to have to lay off talented IT and information security professionals. Illegal activities that once seemed unpalatable to out-of-work technologists may seem better than starving: Just as liquor store break-ins and gas n’ go crimes will increase, so will more sophisticated crimes, such as data theft and social engineering. While it may seem hard to imagine, criminal actions are often committed by former employees who rationalize the activity because they’re upset about losing their jobs.

The challenge for identity and access management professionals will be securing data from former employees who know the system from the inside out.

Defense strategies: Proactive IAM processes Locks keep honest people honest, or, in the case of identity and access management, account terminations keep honest people honest. Identity management and information security professionals will need to scrutinize their account-termination processes like never before, because leaving an unauthorized or former employee’s account active and enabling access to sensitive or valuable data could be catastrophic.

IAM and budget cuts: Using frameworks and documentation Another challenge in 2009 will be funding. Budget promises made in 2008 are sure to be forgotten as many companies adjust to the new economic reality. This will initiate an ongoing process that can be refined in the future, perhaps with more sophisticated technology, when finances are better. Personnel reductions may still be mandated, but data can help you make those hard decisions in an unbiased way and set management expectations from the start about the consequences of staff reduction.

Important statistics to keep may include how many accounts are under management, turnaround time for account creation and removal, reporting demands from various departments, and objects under management such as mainframe profiles and Active Directory groups.

Conclusion: In such a troubled economy, external threats will increase as well. It’s still essential to be on guard by making sure the controls for external risk mitigation are assessed as well. It’s clear that 2009 will be drastically different from 2008.

http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1344839_mem1,00.html?mo=1&Offer=SEsswn09IAM119

Following the survey, Clavister has called into question current IT security products and policies and asks what companies can do to address flaws that are integral to us all as human beings.

“The purpose of a security policy is rather simple – to keep malicious users out of a network while monitoring potential risky users within an organization.” Rather than write this off as an issue too broad to address, Clavister has developed a set of six recommendations for companies to consider.

1. Design the policy so that it’s easy to read and understand
2. Educate the users about the policy
3. Enforce consequences
4. Make it easy to do the right thing
5. Dictate a hierarchy of access permissions
6. Monitor & improve

http://www.continuitycentral.com/news04297.html

Speed is vital, so the time may be right to assemble a forensic SWAT team trained to locate high-risk threats, armed with the latest investigative software, and empowered to work directly with legal counsel to report breaches in accordance with policy.

Acquiring evidence in a forensically sound manner isn’t difficult with the proper tools and training, but policies and procedures must be put in place that ensure the repeatability, accuracy, completeness, and verifiability of evidence as proscribed by the Federal Rules of Evidence. In addition to clearly written policies, there must be a forensic methodology that’s followed for acquiring, handling, and analyzing evidence.

AccessData, Guidance Software, and Mandiant are at the forefront of producing enterprise versions of robust, collaborative incident-response and forensic tools. Both AccessData’s and Guidance Software’s suites allow for remote access to computers so investigators can retrieve details from running systems. Mandiant’s Intelligent Response has comparable capabilities but is more focused on incident response. Agile’s F-Response product allows investigators to mount Windows hard drives and physical memory remotely and in a read-only manner so they can perform forensically sound “live” analysis of running Windows systems. The remote systems’ hard drives and physical memory appear as normal attached drives to the investigator’s system, allowing IT to use any forensic product for analysis.

Every enterprise forensic tool has added memory imaging capabilities in the past 12 to 18 months, with varying capabilities for in-depth analysis of acquired images.

The Volatility Framework is an open source tool leading the way with its ability to list running processes, open network ports, and files opened and DLLs loaded by each process; it can also extract executables from memory for further analysis.

http://www.informationweek.com/news/security/management/showArticle.jhtml;jsessionid=BRQVSY1YF4EB4QSNDLPCKH0CJUNN2JVN?articleID=211600249

The Verizon report is a collective analysis of some 530 forensic investigations of data breaches that the company has done in large enterprises. It breaks down the causes of the breaches by industry and draws conclusions about the most common types of attacks committed in each.

In financial services, for example, Verizon investigated many sophisticated attacks involving cooperation of insiders and organized outsiders, as well as social engineering. In the food and beverage industry, on the other hand, the attacks were much less sophisticated, and the likelihood of internal attacks was only about 4 percent, while the likelihood of external and partner attacks was 70 percent to 80 percent. “In food and beverage, though, we saw a lot more repeatable, data-compromise-in-a-box sort of attacks — sort of the way…” Verizon found similar differences in the sophistication and approaches used to attack data in other industries, including retail and high technology.

Retail, for example, reported the highest number of breach incidents, but a relatively low level of attack sophistication.

What these results might mean, Sartin says, is that employing a generic risk calculation, such as the likelihood of insider threats, may be a mistake unless industry-specific factors are accounted for.

http://www.darkreading.com/document.asp?doc_id=165107&WT.svl=news2_3

With the Computer Security Institute reporting that 46 percent of computer security professionals have had security incidents in the past year, 26 percent of which have had more than 10, you begin to see the magnitude of the problem.

Sixty-five percent of this cost is the direct result of lost business, including customer termination—a rate that is increasing by 30 percent a year.

All this amounts to an unpleasant picture, one where current practices in breach response are falling short in keeping your customers, and therefore revenue, within your company.

Legal obligation vs. Customer satisfaction Recent research by the Ponemon Institute, the Consumers’ Report Card on Data Breach Notification, has provided some of the most useful information to date to help organizations determine the most effective techniques to minimize the impact of a breach and to retain customers. Large delays in notification signal to your customers that you are hiding something and/or they are not important to you, despite some realities that it takes time to assess the impact of a breach. Although it may not be possible to notify customers within a week, or even several weeks following a breach, your goal should be to notify them as soon as possible, with what reasonable information you can divulge at that time.

Do they have to close their credit card accounts? Many respondents in the Ponemon study found communications to be unbelievable or misleading, failing to reduce their fears about potential harms they faced because of a breach. Although you are the barer of bad news, you also have the opportunity to be the barer of solutions. Lay out for your customers the “next steps” they can or need to take after they are notified. Include information, phone numbers and Web sites on freezing credit files, getting free credit reports and other tips customers might want to know and follow.

At little or no cost to your organization, acting as an educator will not only help your customers recover from the incident, but maintain your organization as a trusted source.

Offering identity protection services has proven to have a positive effect on customer retention, and in many cases, offering such services is more affordable than new customer acquisition strategies. Individuals who receive free or subsidized services, such as credit monitoring, identity theft insurance or identity recovery services, feel less concerned and worried about the breach after it happens.

http://www.csoonline.com/article/451785/How_to_Minimize_the_Impact_of_a_Data_Breach?source=nlt_csoupdate