Part 8 - Policies and procedures (continued)

Video Activity

This lesson continues the discussion of policies and procedures that can be used to safeguard a company's sensitive information and reduce the chances of an incident. These include: · Social media policy · Close the doors to data exfiltration

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 56 minutes
Difficulty
Advanced
CEU/CPE
7
Video Description

This lesson continues the discussion of policies and procedures that can be used to safeguard a company's sensitive information and reduce the chances of an incident. These include: · Social media policy · Close the doors to data exfiltration

Video Transcription
00:03
>> Social media policy, you want to establish
00:03
a social media policy that defines
00:03
acceptable uses of social media,
00:03
and information that should not be discussed online.
00:03
One of the activities
00:03
or methods that the government was able to start
00:03
looking for individuals is
00:03
that people post a lot
00:03
of data that they shouldn't online.
00:03
I think there was a case where Vice News did
00:03
a study of some of
00:03
the Russian soldiers who were in Crimea.
00:03
Then based on this person's post,
00:03
they were able to determine that this soldier,
00:03
who was a Russian was in Crimea and Vice News
00:03
tracked this guy back to his home in Siberia.
00:03
This all the time was during which Russia
00:03
was saying that they weren't not in Crimea at all.
00:03
Knowing how to use social media,
00:03
could be very important to your organization.
00:03
Hopefully you're not invading Crimea.
00:03
But again, that's just a very extreme example.
00:03
Improved social media awareness training is part of
00:03
the organization's security awareness training program.
00:03
You want to encourage users to report
00:03
suspicious emails or phone calls
00:03
to the information security team,
00:03
who can track those emails to identify
00:03
any patterns in issue alerts to users.
00:03
Then lastly, consider monitoring the use
00:03
of social media across the organization,
00:03
limited to looking in a manner approved by
00:03
legal counsel for postings by employees,
00:03
contractors, and business partners.
00:03
Closing the door to data exfiltration.
00:03
You want to establish a Cloud computing policy.
00:03
You should be aware of what Cloud services are
00:03
operating and how employees can
00:03
use them to exfiltrate data,
00:03
and you want to restrict or monitor
00:03
what employees put into the Cloud.
00:03
Establishing some type of Cloud
00:03
access security broker policy
00:03
to do that is going to be in your benefit.
00:03
You want to monitor the use
00:03
of printers, copiers, scanners,
00:03
fax machines because those are places where
00:03
individuals could abscond with data.
00:03
You want to create a data transfer policy
00:03
and procedure to allow sensitive
00:03
company information to be
00:03
removed from the system only in a controlled way.
00:03
When it's removed, you want to know it's removed.
00:03
You want to establish
00:03
a removable media policy and
00:03
implement technologies to enforce it.
00:03
Some type of DLP technology on your laptops to
00:03
prevent devices from being plugged in.
00:03
Restrict data transfer protocols such as FTP, SFTP,
00:03
or SCP to employees with
00:03
justifiable business name and you want to
00:03
monitor that use so you
00:03
know what's going over the FTP servers.
00:03
Lastly, inventory all connections
00:03
to the organization's enclave.
00:03
Ensure that SLAs and your MOAs are in place.
00:03
You want to verify the connections are
00:03
still in use and have a justified business need.
00:03
Obviously, you want to know what's
00:03
connected to your network, why it's connected.
00:03
If it's something that you don't need,
00:03
I would highly recommend disconnecting.
00:03
Lastly, we will talk about
00:03
the case study of Robert Hanssen.
00:03
He was an insider that was in the FBI.
00:03
He was very trusted.
00:03
Essentially, the FBI hired
00:03
Robert Hanssen in charge of trying to find himself.
00:03
He wasted a lot of time of the FBI trying to do so.
00:03
During the time of his alleged illegal activities,
00:03
Hanssen was assigned to New York and Washington
00:03
DC where he held key counterintelligence positions.
00:03
Those were the individuals who essentially
00:03
looked for spies. But he was one.
00:03
As a result for his assignments,
00:03
Hanssen had direct and legitimate access to
00:03
voluminous information about
00:03
sensitive programs and operations.
00:03
Because he had access to all of that information,
00:03
he was trusted and
00:03
he should not have been trusted and he had
00:03
numerous indicators about him
00:03
that people should have paid attention to.
00:03
He did have massive amounts of
00:03
money in his home
00:03
when it was searched and he was arrested.
00:03
He had numerous security violations.
00:03
He had actually filled up garbage bags,
00:03
full of classified information,
00:03
and walked down of the FBI building with that.
00:03
As part of that information,
00:03
he gave up at least 10 FBI, CIA double agents.
00:03
Possibly he gave up General Polyakov a call,
00:03
and at least three of the individuals
00:03
he gave up were executed.
00:03
The General Polyakov source,
00:03
he was a pretty valued source
00:03
for our government intelligence element.
00:03
He provided many documents such
00:03
as the Continuity of Government planning,
00:03
the National HUMINT Collection Plans,
00:03
over 6,000 pages of documents,
00:03
and the details that the FBI had
00:03
tunneled underneath of the Soviet Embassy.
00:03
He spied for more than eight years and
00:03
the extent of damage that he caused may never be known.
00:03
Currently, he is serving a life in
00:03
prison in a supermax prison in Colorado.
00:03
He will not be executed
00:03
because individuals still have to go and
00:03
interview him and talk to him about
00:03
the extent of the damage that he
00:03
caused the United States government.
00:03
This is again, a very extreme example
00:03
of an insider threat,
00:03
but serves as what can happen
00:03
when these individuals
00:03
>> and these indicators go unchecked.
00:03
>> I know that was a lot of information.
00:03
But again, this is a very important topic and something
00:03
that a lot of organizations may
00:03
not have been focusing on.
00:03
If you're going to do anything in your organization,
00:03
it's very important to understand one,
00:03
what data you have and what makes
00:03
your organization special and then how to protect them.
00:03
Not just protect it from people on the outside,
00:03
but protect it from people on the inside as
00:03
well because oftentimes those are
00:03
going to be more dangerous attacks
00:03
than any external entity can be
00:03
because these individuals that are around
00:03
you have gone through some type of vetting process.
00:03
When someone starts to go off the rails or
00:03
starts to become that insider threat,
00:03
there are different types
00:03
of indicators that we talked about,
00:03
sensors that you can look for and through
00:03
to try and help whittle
00:03
down who might be an insider threat.
00:03
Now again, not everyone who exhibits some of
00:03
those indicators is going to be an insider threat.
00:03
But when you start seeing multiple indicators,
00:03
that would essentially be someone
00:03
who would warrant further suspicion.
00:03
Again, we talked about
00:03
the automated process of
00:03
working through those and how some of
00:03
these technologies can establish
00:03
a rank order of who might
00:03
be an insider threat based on
00:03
all of the data elements that it's going to pull from.
00:03
Then lastly, we talked in-depth on
00:03
creating the policies of how to
00:03
enforce insider threat policies and what to look for,
00:03
how to train your employees,
00:03
and then how to help secure
00:03
your organization and make it more resilient,
00:03
or resistant to those insider threats.
00:03
This will conclude our talk
00:03
>> today about insider threats.
00:03
>> I hope you've enjoyed this.
00:03
If you have any questions,
00:03
please feel free to email
00:03
in any questions that you might have.
00:03
I know this was a long in-depth talk,
00:03
but if there's something that I didn't cover,
00:03
or there's something that you
00:03
want more information about,
00:03
please feel free to let us know.
00:03
Again, I hope you enjoyed the video.
00:03
Thanks for watching and again,
00:03
come back to Cybrary for more exciting classes.
Up Next