8 hours 6 minutes

Video Description

This lesson continues the discussion of policies and procedures that can be used to safeguard a company's sensitive information and reduce the chances of an incident. These include: · Social media policy · Close the doors to data exfiltration

Video Transcription

social media policy. You want to establish social media policy that finds acceptable uses of social media and information that should not be discussed online.
One of the
activities are methods that the government was able to start looking for individuals is that
people post a lot of data that they shouldn't online. I think the there was a case where vice news did a study of some of the Russian soldier super in Crimea based on this person's post, they were able to determine that this soldier,
uh, who
was a Russian, was in Crimea and vice news track this guy back to his home in Siberia. And this all the timeless was during which Russia was saying that they were not in Crimea at all. So knowing how to use social media could be very important to your organization.
Hopefully, you're not invading Crimea, but again, that's just a very extreme example.
So include social media. Where is training is part of the organisation's security were in his training program,
and you want to encourage users to report suspicious e mails, phone calls to the information Security team who contract those emails to identify any patterns and issue alerts to users
and then lastly, consider monitoring that use of social media across the organization LTD looking in a manner through about legal counsel postings by employees, contractors and business partners.
Closing the door data. Ex filtration. He want to establish a cloud computing policy. You should be aware of what cloud service is our operating, how employees can use them to export trade data. And you want to restrict your monitor what boys put into the cloud. So establishing some type of cloud access security broker
to do that is going to be in your benefit.
You want to monitor the use of critters, copier scanners, fax machines because those are places where individuals could abscond with data.
You want to create a data transfer policy and procedure to allow sensitive company information to be removed from the system only in the control, but when it's removed, you want to know it.
You want to establish a removable media policy and implement technologies to enforce it. So some type of guilty technology on your laptops to prevent
um, devices for being plugged in
restrict data transfer protocols such as FTP, except to pee or SCP to employees with justifiable business. Need one mind through that use. So you know what's going over those FTP server?
Lastly, inventory all connections to the organization
ensure that s L. A S and R. M L. A's air in place. You want to verify the connections, are still in use and have a justified business.
So obviously you want to know what's connected to your network, why it's connected. If it's something that you don't need, I would highly recommend disconnecting.
So lastly, we'll talk about the case study at Robert Hanssen. Hey was an insider. That was in the FBI. He was very trusted. Essentially, the FBI
hired Robert Hanssen in charge of trying to find himself,
and, uh, he wasted a lot of time of the FBI trying to do so. So during the time of his alleged illegal activities, Hansen was assigned to New York and Washington. D. C really helped key counterintelligence positions so that those were the individuals who
who essentially look for spies.
But he was,
as a result of his assignments, Hansen had direct and legitimate access to luminous information about sensitive programs on operations.
So because he had access to all of that information.
He was trusted and, uh, he should not have been trusted. And he had numerous indicators about him
that people should have paid attention to. He did have massive amounts of money
in his home when, when it was searched and he was arrested, he had numerous security violations. He had actually filled with garbage bags
of classified information and walked out of the FBI building with that
and is part of the information. He gave up at least 10 FBI CIA double agents. Possibly he gave up General Pouliot coffin. At least three of individuals he gave up or execute
on the general public off source. He was a pretty valued source for our government intelligence.
He provided many documents, such as the continuity of government planning that national human collection plans and over 6000 pages of documents on the details that the FBI had tunneled underneath of the Soviet Embassy.
He spied for more than eight years,
and the extent of damage that he caused May never be known.
Currently is serving a life in prison at a Supermax prison in Colorado. He will not be executed because individual still have to go and interview him and talk to him about the extent of the damage that he caused to the United States government.
So this is a again, a very extreme example
oven insider threat.
But, uh, serves is kind of what can happen
when these individuals in these indicators go unchecked.
So I know that was a lot of information, But again, this is a very important topic and something that a lot of organizations may not have been focusing on.
And if you're going to do anything in your organization, it's very important to
I kind of understand one what data you have, what makes your organization's special
and then how to protect them
and not just protect it from people on the outside to protect it from people on the inside as well. Because oftentimes those air going to be more dangerous attacks than any external entity can be because these individuals that are around you,
uh, have gone through some type of vetting process.
So when someone starts to go off the rails or starts to become that insider throughout, there are different types of indicators that we talked about sensors that you could look for and through to try and help whittle down who might be an insider threat.
Now again, not everyone who exhibits some of those indicators is going to be an insider threat. But when you start seeing multiple indicators, that would essentially be someone who would weren't further suspicion.
And again, we talked about the the automated process of looking through those how some of these technologies can establish a drink order, uh, who might be an insider threat based on all of the data elements that it's gonna pull from.
And then, lastly, we talked in depth on creating the policies of how to enforce insider threat
policies and what to look for. How to train your employees on how to help superior organization on and make it more resilient are resistant to those insider threats.
So this will conclude our talk today about insider threats. I hope you've enjoyed this.
If you have any questions, please feel free to email in any questions that you might have. No, this was kind of, ah, long and debt talk. But if there's something that I didn't cover, there's something that you want more information about. Please feel free to a lot of snow. So
again, I hope you enjoyed the video. Thanks for watching and again come back to Cyberia. More exciting classes

Up Next

Incident Response and Advanced Forensics

In this course, you will gain an introduction to Incident Response, learn how to develop three important protection plans, perform advanced forensics on the incident, deep dive into insider and malware threats, and commence incident recovery.

Instructed By

Instructor Profile Image
Max Alexander
VP, Cybersecurity Incident Response Planning at JPMorgan