7 hours 26 minutes

Video Description

This lesson discusses policy enforcement, which is integral in preserving a company's mission and keeping information safe. In order to work, policies must be easily accessible to all and management must also comply. Without management support, a policy will not work.

Video Transcription

so living on two policy enforcement,
you want to ensure that senior management abdicates and forces and compliance with all organizational policies
and then policies that do not have management buying will fail and we're not will not be enforced equally. So we've all been in these organizations where someone provides a lot of lip service, that this policy is important. However, when it comes to them actually abiding by that policy, it doesn't occur.
So bottom line is that management must comply
with the policies so they don't do it. Someone sees them not doing so. Then no one in the organization
but the money's insured management briefs all employees on policies and procedures. Employees, contractors and trusted business partners should sign acceptable use policies upon their hiring that once every year thereafter, it was significant. Change occurs so again, this this is just providing that foundation
or firing someone and or going back
and taking legal action against them, and it also establishes the policies. So you do have some type of indicator to look for
living on ensure that management makes policies for all departments within your organization easily accessible to all boys posting policies on your organization's internal website, facilitate widespread dissemination of documents and ensure that everyone has the latest copy.
I would actually in conjunction with that, make them sign that they have
that way again. When it comes time for termination proceedings or it comes time for legal action. They have a signed document that says that they have read those policies.
Policy enforcement continued, ensure that management makes annual refresher training for all poised mandatory.
So again, this is just providing additional reinforcement of those policies. And again, having someone sign
that they have taken this training
next is ensuring that management forces policies consistently to prevent the appearance of favoritism are injustice. So again that goes back to
equal enforcement policies on adhering to the policies by everyone.
So if someone gets the impression that the policies only applies to certain people, the policy again will not be
so. Where is reporting? This is kind of where we get into identifying some of those indicators. Often times it may not be a IittIe staff find these indicators it may be their employees
are your their co workers that helped identify some of these indicators. So the first part of this is to develop and implement an enterprise wide training program
that discusses various topics related to insider threat.
So just like what we did today, I've given you information on on some of the indicators of what insider threat might look like.
And then next, you would want to train all of poison contractors and security. Where s including insider threat before giving them access to any computer system.
Make sure to include training for employees who may not need to access computer systems daily such a janitorial and maintenance staff.
Those users may require special training program that covers security scenarios. They may encounter
such a social engineering and sensitive documents left out in the open. So going back to this old military guidance is that every soldier is a sensor, and essentially every person is responsible for being a lookout
and a security element within the organization.
So you want to have this training conducted consistently.
But keep in mind the training doesn't have to be classroom for it, that it could be posters, noose letters, alerts, brown bag lunches, something that continually flashes across the monitors in your work environment.
Anything of that such to help reinforce those policies.
And then lastly, you want to establish an anonymous confidential mechanism for reporting the security incidents. And ideally, what you want to do is that you want to encourage people to report things, even if they're nonsense. That way
you get the information to you because often times one of these cases may not be nonsense, and you don't want to discourage people from reporting. But you also want to be confidential to protect that person who's come forward and start to volunteer that information. If you cannot protect that source of them
formation and they
no longer provide you what you're looking for, the next topic is gonna be hiring practices, and we kind of touched on this earlier. So you want to ensure the potential employees have undergone a thorough background investigation which had a minimum should include a formal background credit check.
So whatever standard that you you decide to follow basic criminal background check is in order.
You want to insure employs to report suspicious behavior to appropriate personnel for further investigation,
and you want to investigate document. All issues of suspicious are disruptive behavior
from your voice.
Next, you want to enforce policies and procedures consistently for all boys, so kind of, you know, re rehashing the same idea
and then consider offering employee assistance program. These programs could help employees deal with many personal issues and confidentiality. So if someone maybe having a life crisis, getting them help
could help prevent them from going down that road in being that insider threat.
Next, you want to remove any negative influences that's within your organization. So you want to enhance monitoring of employees with an impending are ongoing personal issue in accordance with organizational policy loss. So those individuals who you know have had habitual problems they could
start to turn out to be that insider threats, additional monitoring of their activities
would be warranted.
And you want to enable additional auditing and monitoring controls outlined in your organization's policies and procedures
and regularly reviewed audit audit logs to detect activities outside of the employees, poison normal scope of work.
And then you want the limit access to these log walk files to an individual individuals that have a need to know
and then, lastly, all levels of management must regularly communicate organizational changes to all boys. This allows for a more transparent organization and boys could better plan for their future so that last one is going to help prevent that negative influence from starting a lot of time. Organization may surprise employees
with these drastic changes, and that caused that negative influence in the life which may start them down the road to being that insider threat.
Uh, no myself. So if you don't know what wrong looks like or you don't know what right looks like, it's hard to separate one from the other.
So the first step in that process is to conduct a physical asset inventory. You want to identify asset owners and the assets functions, and you also want to identify the type of data on that system. That way you know exactly what you have.
You don't know what you have. It's hard to know if it's missing.
Uh, understand what Daddy organization processes by speaking with the data owners and user from across your organization. So especially through the big organization, it's hard to know exactly what goes on all the time, but a disaster does happen. You need to know how to bracket stack,
uh, your triage assistant systems,
then you want to identify and document software configurations of all assets. It's hard to know if something changes if you don't know where it started
and then, lastly, prioritized assets and data to determine the high value targets. So obviously he would want to secure those targets first. And our start your investigation on those targets should an incident.

Up Next

Incident Response and Advanced Forensics

In this course, you will gain an introduction to Incident Response, learn how to develop three important protection plans, perform advanced forensics on the incident, deep dive into insider and malware threats, and commence incident recovery.

Instructed By

Instructor Profile Image
Max Alexander
VP, Cybersecurity Incident Response Planning at JPMorgan