Survey - Add IAM to Improve Security
-
Upload
mcollins -
Category
Data & Analytics
-
view
71 -
download
0
description
Transcript of Survey - Add IAM to Improve Security
![Page 1: Survey - Add IAM to Improve Security](https://reader036.fdocuments.in/reader036/viewer/2022062405/555ed232d8b42af67f8b5955/html5/thumbnails/1.jpg)
Survey Results: IT Security Executives
Survey conducted in March 2014 by CourionAt companies of 500+ employees, all geographiesPolled over 4,000 IT security executivesResponse rate of 3 percent
![Page 2: Survey - Add IAM to Improve Security](https://reader036.fdocuments.in/reader036/viewer/2022062405/555ed232d8b42af67f8b5955/html5/thumbnails/2.jpg)
IT Security Executives are Not Getting Much Sleep Lately . . .
![Page 3: Survey - Add IAM to Improve Security](https://reader036.fdocuments.in/reader036/viewer/2022062405/555ed232d8b42af67f8b5955/html5/thumbnails/3.jpg)
78% are Anxious About a Possible Breach . . .
Source: Courion survey of 4,000+ IT security executives conducted in March 2014
![Page 4: Survey - Add IAM to Improve Security](https://reader036.fdocuments.in/reader036/viewer/2022062405/555ed232d8b42af67f8b5955/html5/thumbnails/4.jpg)
With Good Reason: Breaches are on the Rise
Source: Risk Based Security, Open Security Foundation, February 2013
![Page 5: Survey - Add IAM to Improve Security](https://reader036.fdocuments.in/reader036/viewer/2022062405/555ed232d8b42af67f8b5955/html5/thumbnails/5.jpg)
Source: PWC Global State of Information Security Survey, 2014
In Case You Need More Convincing . . .
![Page 6: Survey - Add IAM to Improve Security](https://reader036.fdocuments.in/reader036/viewer/2022062405/555ed232d8b42af67f8b5955/html5/thumbnails/6.jpg)
IT Security Executive Becomes Brand Champion
![Page 7: Survey - Add IAM to Improve Security](https://reader036.fdocuments.in/reader036/viewer/2022062405/555ed232d8b42af67f8b5955/html5/thumbnails/7.jpg)
IT Security Executive: the New Front Line for the Brand
If a breach occurred to your organization, what do you fear most?
Source: Courion survey of 4,000+ IT security executives conducted in March 2014
![Page 8: Survey - Add IAM to Improve Security](https://reader036.fdocuments.in/reader036/viewer/2022062405/555ed232d8b42af67f8b5955/html5/thumbnails/8.jpg)
Aware of Possible Negative Media Fallout from a Breach
![Page 9: Survey - Add IAM to Improve Security](https://reader036.fdocuments.in/reader036/viewer/2022062405/555ed232d8b42af67f8b5955/html5/thumbnails/9.jpg)
They Understand a Breach Could Damage Reputation
![Page 10: Survey - Add IAM to Improve Security](https://reader036.fdocuments.in/reader036/viewer/2022062405/555ed232d8b42af67f8b5955/html5/thumbnails/10.jpg)
And Have a Material Effect on Stock Price
![Page 11: Survey - Add IAM to Improve Security](https://reader036.fdocuments.in/reader036/viewer/2022062405/555ed232d8b42af67f8b5955/html5/thumbnails/11.jpg)
IT Security Executive as Key to Customer Privacy
![Page 12: Survey - Add IAM to Improve Security](https://reader036.fdocuments.in/reader036/viewer/2022062405/555ed232d8b42af67f8b5955/html5/thumbnails/12.jpg)
They Know Job #1 is Protection of Customer Data
What is your #1 goal in addressing a significant security breach?
Source: Courion survey of 4,000+ IT security executives conducted in March 2014
![Page 13: Survey - Add IAM to Improve Security](https://reader036.fdocuments.in/reader036/viewer/2022062405/555ed232d8b42af67f8b5955/html5/thumbnails/13.jpg)
2014 IT Security Priorities:Employee Education + Better Access Management
What do you feel should be the top security priority within your organization in 2014?
Source: Courion survey of 4,000+ IT security executives conducted in March 2014
![Page 14: Survey - Add IAM to Improve Security](https://reader036.fdocuments.in/reader036/viewer/2022062405/555ed232d8b42af67f8b5955/html5/thumbnails/14.jpg)
Research Agrees on Need to Focus on Inside Threat:
Privilege Abuse Cited in 88% of Insider Misuse Cases
Source: Verizon Data Breach Investigatios Report 2014
Top 10 Threat Action Varieties Within Insider Misuse
![Page 15: Survey - Add IAM to Improve Security](https://reader036.fdocuments.in/reader036/viewer/2022062405/555ed232d8b42af67f8b5955/html5/thumbnails/15.jpg)
So While Identity Management is Top of Mind for IT Security
Source: 451 Group
![Page 16: Survey - Add IAM to Improve Security](https://reader036.fdocuments.in/reader036/viewer/2022062405/555ed232d8b42af67f8b5955/html5/thumbnails/16.jpg)
Employee Indifference May be a Challenge
![Page 17: Survey - Add IAM to Improve Security](https://reader036.fdocuments.in/reader036/viewer/2022062405/555ed232d8b42af67f8b5955/html5/thumbnails/17.jpg)
Perhaps Not All Stakeholders Take Security SeriouslyDo you feel each of these stakeholders takes preventing security breaches seriously:
Source: Courion survey of 4,000+ IT security executives conducted in March 2014
![Page 18: Survey - Add IAM to Improve Security](https://reader036.fdocuments.in/reader036/viewer/2022062405/555ed232d8b42af67f8b5955/html5/thumbnails/18.jpg)
Access Privileges Must Be Proactively Controlled,Abandoned Accounts Eliminated
Recommended Controls for Insider & Privilege Misuse - Verizon DBIR 2014
• Know your data and who has access to it• Review user accounts• Watch for data exfiltration• Publish audit results
Source: Verizon Data Breach Investigations Report 2014
![Page 19: Survey - Add IAM to Improve Security](https://reader036.fdocuments.in/reader036/viewer/2022062405/555ed232d8b42af67f8b5955/html5/thumbnails/19.jpg)
So What Can You Do?Make
Identity & Access Managementpart of
Your Security Strategy
![Page 20: Survey - Add IAM to Improve Security](https://reader036.fdocuments.in/reader036/viewer/2022062405/555ed232d8b42af67f8b5955/html5/thumbnails/20.jpg)
Improve Security with Identity & Access Management
Source: SANS.org
![Page 21: Survey - Add IAM to Improve Security](https://reader036.fdocuments.in/reader036/viewer/2022062405/555ed232d8b42af67f8b5955/html5/thumbnails/21.jpg)
Recommendations for Access Control:
Visa Data Security Alert, August 2013
• Create segregation of duties (SoD) policies betweenpayment and non-payment application access
• Apply access controls lists segmenting public facing andbackend database systems
• Assign strong passwords to prevent application modification
• Implement least privileges and access control listson users and applications
• Limit administrative privileges on users and applications
• Use intelligence to analyze and uncover malicious behavior
Source: VISA Data Security Alert August 2013 http://usa.visa.com/download/merchants/Bulletin__Memory_Parser_Update_082013.pdf
![Page 22: Survey - Add IAM to Improve Security](https://reader036.fdocuments.in/reader036/viewer/2022062405/555ed232d8b42af67f8b5955/html5/thumbnails/22.jpg)
Thank You.
To Learn More:866.Courion
Improve Security with Identity & Access Management