Add to collection(s) Add to saved
  1. Business
  2. Finance

Network Security Breach From the Internal staff Members Abstract

advertisement 
School of Information Systems, Curtin University of Technology, Western Australia
Network Security Breach
From the Internal staff Members
Prepared by: Sanyoto Gondodiyoto1
Abstract
Enterprises spend millions to protect themselves from the threat of computer sabotage/breach.
Internal staff member is one the potential or can be suspected to be part of the breach problem.
Based on the experience (at least by Bank Central Asia, Indonesia), 70 % of network security
breach is because of procedural aspect. 30% of the attacks are partly technical aspects, such as
the information systems infrastructure, security tools. On the other hand, BCA statistic
represents that 62% was internal attacks and 38% was (1996, when BCA used the intranet),
and after using internet 41% to 59% (2000), and 30% to 70% (2001). Auditing, management
controls and awareness are key points as security building blocks.
1. General Overview
Genuity Inc. had conducted survey throughout 1997 and 1998. Genuity Inc.
(http://www.genuity.com, 2002) mailed surveys to several thousand corporate executives
to learn more about their organizations' preparedness with respect to network security.
The purpose was to gain a preliminary understanding of the relative importance of
Internet security, and to determine the degree of readiness to detect and repel any breach
or attempted breach of network security. During the research, recipients were asked to
register their degree of agreement/disagreement with statements on Internet security,
concerning to:
•
The Internet security policy is critical to business success.
•
The company has a well-defined, complete, and documented Internet security
policy that provides appropriate protection against unauthorized access.
•
The Internet security solution is monitored 24 hours a day, seven days a week,
by competent security experts to assure that any hostile activity is detected and
stopped.
Based on survey conducted by Genuity Inc. (http://www.genuity.com, 2002)
among the key findings are an overwhelming 90% of respondents in the survey agreeing
that Internet security is critical to business success. However, despite strong processes
Drs. Sanyoto Gondodiyoto, SE., Mcomm., Mkom., MMSI., Akuntan
in place, gaping holes still exist, only 33% of responding organizations have a
continuous security monitoring and only 29% routinely assess the financial implications
of a security breach. Computer Security Institute (CSI) and the Federal Bureau of
Investigation (FBI) conducted another research. According to the respected CSI and
FBI Computer Crime and Security Survey on 2002, unauthorized access and misuse of
web resources has grown significantly over the past few years.
2. Breach by Internal Staff
Digital Research Inc., an independent market research company based in
Kennebunk, also had conducted research regarding network security breaches.
According to Digital (webmaster@digitalresearch.com, 2002), one in four survey
participants noted that their company’s network has ever had a breach of security.
Respondents representing companies with 50 or more employees were more likely to
report that a network security breach had occurred. Among those who reported a
network security breach was users accessing resources they shouldn’t be entitled to,
accounts left open after employee has left the company.
Types of security breaches (n=122)
Users accessing resources they shouldn’t be entitled to 57%
Accounts left open after employee has left company 43%
Been the victim of information theft from your network 30%
Access to contractors not terminated upon project completion 27%
Attempted or successful break-in by angry employee 21%
3. The Typical Scenario
Based on Digital Research Inc. research, attempted or successful break-in by
angry employee is about 21%. Indeed, breaches by an internal staff member is one of
the most illegal but very difficult to anticipate breaches. The internal staff members are
assuming familiar with the business model and the computer configuration (may be
including the security and protection mechanism). Firewall used only to protect the
network from external attacks. The internal staff member or ex-staff member may attack
the systems because of several reasons, for example the un-happy staff member (or ex-
1
Sanyoto Gondodiyoto (12455702), student of Curtin University of Technology.
staff member), or no compliance operation. On the other hand it is possible that they
break the systems only by accident, or because of incompetence situation.
Another situation concerning the breaches by internal staff members are:
•
The introverted style of Information Technology staff.
•
The frustrated situation in a project activity, or because of an overloaded.
•
Trust too much to information technology staff so that he or she has the
possibility to conduct a breach.
•
No clear security policy in a company or organization.
•
Password or IDs that are not deleted for ex-staff member.
•
The management controls or the internal audit is not effective.
According to Digital (webmaster@digitalresearch.com, 2002), with the Internet
and mobile working playing increasingly important roles in business, connecting to
internal systems is becoming far easier. But that fact rings true for society’s more
malicious elements as well as trustworthy staff members. More than ever, security is
now about keeping information safe while allowing maximum flexibility for employees.
4. Learn from Empiric Internal Breaches
Liestyo (Liestyo, 2002), Head of Consumer Banking Division of the Bank
Central Asia, on a security seminar conducted in Jakarta June 25, 2002, stated:
•
In today’s security systems: the network is open, customer have access to
information for copying, forwarding, traveling to systems (the users are all
the customers).
•
The potential attack, based on BCA experience, are: burglars, braking the
ATM, fooling the ATM, virus/Trojan horse, mirroring eBanking Site,
hacking, employees attacking other sites, and insider attacks.
•
The statistic of the attacks categorized internal and external are 62% to 38%
(1996, when BCA used the intranet), and after using Internet 41% to 59%
(2000), and 30% to 70% (2001).
•
70% of attacks are mostly procedural (security policy & procedures,
information technology policy, un-efficient auditing, low risk management).
30% of the attacks are partly technical aspects, such as the information
systems infrastructure, security tools.
•
Internal staff members (the insider) are one the most potential security
attacks, or at least helping the others to conduct breach.
Internal auditing (quality assurance, surprised audit, audit trails, independent
•
verification) is one the security building blocks for secure e-Commerce
transactions.
Vigilinx Digital Security Solutions Coy. (www.gidancesoftware.com, 2002), the
world leader in providing forensic and enterprise investigation solutions, stated, “Make
sure that you have audit trails in place internally and are able to carry out some form of
internal forensics. Inevitably (even with the best security money can buy) there will the
old breach, but learn from this. Find out what happened, how and why, and move to
ensure that similar breaches do not occur in future. Internal firewall, security gateways
that enforce network traffic policies between different regions of the corporate
network”.
Enterprise response, auditing and discovery solutions provide an integrated
platform to respond to enterprise incidents and threats provide the following benefits:
‰
Accelerate response time to information security breaches.
‰
Empower enterprises to better control corporate assets and infrastructure.
‰
Conduct comprehensive enterprise-wide data investigations and audits.
‰
Reduce the potential liability from misuse of corporate information and assets
‰
Eliminate costly and archaic investigation and auditing procedures
‰
Increase information systems’ reliability and availability by conducting
investigations while systems are online.
It’s no good having a policy or buying security software if it is not [well]
implemented. You need to continuously check that the software you bought is installed
and operating correctly and that the policies you set are being followed. It helps if you
can automate these checks. Computer Associates TM adds that prevention is better than
a cure. Any security strategy must be carried out in layers, with solutions used to
compliment others, e.g. intrusion detection is a good back up for the firewall, in case
anybody is able to breach that level (as inevitably they will if they try hard enough).
Some of the universal dos/don’ts that govern us are:
‰
The road block, or, “do not all eggs in one basket”.
‰
The reactionary, or, shutting the gate once the horse has bolted
‰
The patchwork quilts, or divide and fall. Myth, if you buy the best security
products on the market then you is less likely to suffer a security breach.
‰
The Plate Spinner, or, too much to manage. The key to effective security is vision,
the ability to monitor all areas simultaneously, set up alerts to irregular activity.
‰
The Agoraphobic, or, too paranoid about what’s outside. Fear of external threats is
understandable, but that’s no reason to put all your effort into fending off the wolf
at your door. Most accidents happen in the home; internal users or ex-staff commits
by far the majority of security breaches. A recent Meta report highlighted that, over
the lifecycle of an employee, he or she has 17 user Ids, however, when employees
leave only eleven user Ids are ever deleted.
5. Conclusion
The Internet security policy is critical to business success. However, only 33%
of responding organizations have a continuous security monitoring. Many reasons of
breaches from the insider such as the introverted style of IT staffs, the frustrated
situation in a project activity, overloaded jobs, trust too much to IT staff, no clear
security policy in a company or organization, password or IDs that are not deleted for
ex-staff member, the management controls & awareness or the internal audit is not
effective.
REFERENCES/BIBLIOGRAPHY
Baum M. S, and Ford W. (2001). Secure Electronic Commerce, Second Edition. New
Jersey: Prentice Hall Inc.
Davis G.B. (1993). Management Information Systems: Conceptual Foundations,
Structure and Development, Edisi Bahasa Indonesia. Jakarta: PT. Pustaka
Binaman Pressindo,
Laudon, K., C. and Laudon, J., P. (1995). Management Information Systems
Organization and Technology, 5-Edition. New Jersey: McGraw Hill Inc.
Liestyo S. (2002). Head of Consumer Banking Division, Bank Central Asia, Jakarta.
Information Security in Banking. Jakarta: June, 25, 2002.
Schwalbe, Kathy. (2002). Information Technology Project Management, Second
Edition. Course Technology, Thompson Learning.
http://www.comm.toronto.edu
http://www.wirelessethernet.org
http://alpha.fdu.edu/kanoksri/IEEE80211b.html
http://www.entrepreneur.com
http://www.oleran.com/security.htm
http://www.vigilinx.com
http://www.vigilinx.com
http://www.echelonsystems.com
http://www.digitalresearch.com
http://www.guidancesoftware.com
Reference Material:
1. Mainebiz
August 20, 2001 (Reprinted with permission)
Private Matters
Survey says: When it comes to issues of network privacy and security, small firms just
might have a lot to learn from their bigger cousins.
The following are excerpts from a market research rerport on new work security and privacy, conducted
for Sloane & Co. by Kennebunk-based Digital Research, Inc. The results are based on 548 completed
online surveys among a sampling of eWEEK magazine subscribers.
On policies and procedures:
•
One in two respondents reported that their companies have a formal written policy for maintaining
the privacy of information on their network server.
Do They Have Privacy Policy? (n=548)
Yes, formal written policy 54%
Yes, informal internal policy 26%
No privacy policy 15%
Don’t know/Not sure 4%
•
Respondents representing companies with revenues of $500 million or greater were the most likely to
have a formal written policy (87%).
•
The proportion of companies with formal internal policies for maintaining the privacy of information
stored on their networks increases based on the number of employees.
Frequency of privacy policies by company size
Under 50 employees 33%
50 to 499 employees 49%
500 to 4,999 employees 69%
5,000 or more employees 78%
•
Eight in ten respondents reported that their company has established password policies and
procedures. Companies with 50 or more employees were more likely to have established password
policies and procedures.
Do companies have established password polices and procedures?
Yes, have established password policies and procedures
Total Sample (n=548) 83%
Under 50 Employees (n=171) 73%
50 or more Employees (n=365) 88%
No established password policies and procedures
Total Sample (n=548) 15%
Under 50 Employees (n=171) 25%
50 or more Employees (n=365) 10%
Don’t know/Not sure
Total Sample (n=548) 1%
Under 50 Employees (n=171) 1%
50 or more Employees (n=365) 1%
Regarding network security and privacy issues:
Survey participants were asked to indicate how concerned they were about several issues
involving network security and privacy at their company. The options were very concerned, somewhat
concerned, not concerned and no opinion.
•
Among the network security and privacy issues that respondents were asked to evaluate, survey
participants were most concerned about outsiders gaining access to sensitive information by hacking
into our system.
•
Participants were least concerned about insiders having access to more files than they actually need.
What network privacy and security issues are business people concerned about?
Outsiders gaining access to sensitive information by hacking into your
system:
Very Concerned 55%
Somewhat Concerned 32%
Not Concerned 12%
No Opinion 0%
Inappropriate insiders having access to sensitive data residing on your
file servers:
Very Concerned 40%
Somewhat Concerned 37%
Not Concerned 22%
No Opinion 1%
Competitors gaining access to private financial information or strategic
plans:
Very Concerned 40%
Somewhat Concerned 25%
Not Concerned 32%
No Opinion 2%
Insiders having access to more files than they actually need:
Very Concerned 26%
Somewhat Concerned 50%
Not Concerned 24%
No Opinion 0%
The participants’ role in the security decision-making process affected their level of
concern:
Outsiders gaining access to sensitive information by hacking into your system:
Involved in Process (n=473) 57%
Not Involved in Process (n=73) 48%
Inappropriate insiders access to sensitive data residing on your file servers:
Involved in Process (n=473) 41%
Not Involved in Process (n=73) 33%
More participants from small companies indicated they were not concerned about
network and privacy security issues:
Insiders having access to more files than they actually need:
Total Sample (n=548) 24%
Fewer than 10 Employees (n=84) 42%
Inappropriate insiders access to sensitive data residing on your file
servers:
Total Sample (n=548) 22%
Fewer than 10 Employees (n=84) 35%
Regarding network security breaches:
One in four survey participants noted that their company’s computer network has ever had a
breach of security. Respondents representing companies with 50 or more employees were more likely to
report that a network security breach had occurred.
Have you had a network security breach?
Yes
Total Sample (n=548) 22%
Under 50 Employees (n=171) 10%
50 or more Employees (n=365) 28%
No, Not aware of any
Total Sample (n=548) 66%
Under 50 Employees (n=171) 82%
50 or more Employees (n=365) 59%
Don’t know/Not sure
Total Sample (n=548) 10%
Under 50 Employees (n=171) 8%
50 or more Employees (n=365) 10%
•
Among those who reported a network security breach (122 respondents), the most frequently
mentioned breach was users accessing resources they shouldn’t be entitled to.
•
Another frequently mentioned breach is accounts left open after employee has left the company.
Types of security breaches (n=122)
Users accessing resources they shouldn’t be entitled to 57%
Accounts left open after employee has left company 43%
Been the victim of information theft from your network 30%
Access to contractors not terminated upon project completion 27%
Attempted or successful break-in by angry employee 21%
•
Among survey participants reporting security breaches, three in five reported from 1 to 3 such
breaches occurring during the past 12 months.
Frequency of security breaches in the last year (n=122)
None 16%
1 to 3 61%
4 to 6 11%
7 to 9 2%
10 or more 10%
•
Among companies with fewer than 50 employees reporting a security breach (very small sub-sample
of 17 respondents), 88% reported from 1 to 3 network security breaches in the past 12 months. There
was no mention of anything above three security breaches by companies with fewer than 50
employees.
Digital Research, Inc. is an independent market research company based in Kennebunk.
home | company | services | clients | panel | contact | privacy pledge
©2001 Digital Research, Inc.
201 Lafayette Center, Kennebunk, ME 04043 USA
webmaster@digitalresearch.com
Managed Security Readiness Report
Background
Throughout 1997 and 1998, Genuity mailed surveys to several thousand corporate
executives to learn more about their organizations' preparedness with respect to network
security. The purpose was to gain a preliminary understanding of the relative importance of
Internet security, and to deter-mine the degree of readiness to detect and repel any breach or
attempted breach of network security.
Recipients were asked to register their degree of agreement/disagreement with each of
seven different statements on Internet security:
•
Statement #1:
Internet security policy is critical to our business success.
•
Statement #2:
Our company has a well-defined, complete, and documented Internet security policy
that provides appropriate protection against unauthorized access.
•
Statement #3:
I am confident that every change to our Internet security solution has been documented
and reviewed by our IT management and systems administration staff, prior to
implementation.
•
Statement #4:
I am confident that our administrative staff is aware of and current with all known
security alerts and advisories that may impact our Internet security quality.
•
Statement #5:
We routinely assess the financial impact resulting from a compromise of our Internet
security.
•
Statement #6:
Our Internet security solution is monitored 24 hours a day, seven days a week, by
competent security experts to assure that any hostile activity is detected and stopped.
•
Statement #7:
I consider an intranet to be a possible component of our internal information
infrastructure.
The survey was conducted in three "waves". Wave One was completed in June 1997. A second
Wave was conducted and compiled in November 1997. The third Wave was completed in May
1998. Separated by only a few months, the different results highlight the important trends and
rapid changes occurring in the Internet market in general and Internet security in particular.
Key Findings
An overwhelming majority of organizations continue to recognize the critical nature of
communica-tions and applications. An overwhelming 90% of respondents in Wave Two of the
survey agree that Internet security is critical to business success.
Despite the near-unanimous consensus regarding the importance of Internet security, 43% of
respon-ders (up from 38%) were confident that their organizations were current with and aware
of all known threats that can affect secure protection and prevent unauthorized access to their
data assets.
Companies are moving swiftly to define and implement documented policies and procedures for
securing their Internet. The number has now soared to more than 72%.
However, despite strong processes in place, gaping holes still exist. Only 33% of responding
organizations have a continuous 24 hour a day, seven days a week security monitoring.
Only 29% routinely assess the financial implications of a security breach.
Commentary
Those companies that are most concerned with network perimeter security are those that are
engaged in commercial business enterprises and are most concerned about the financial (losses
resulting from a security compromise), legal (liability resulting from a security breach), or
confidentiality issues at risk. They know a security breach can happen at any time and know the
value of security plans, policies, management, and 24 x 7 monitoring.
For secure communications to occur, more and more companies have concluded that protection,
detection, and rapid-intervention measures must be implemented. This approach is fine as long
as organizations do not rely too heavily on detection and reaction and pay too little attention to
protection. PDR is used by DISA for U.S. Government security. Firewalls are only a first line of
defense that must be actively managed by trained security personnel in order to be effective.
Both managed perimeter and internal security coverage that employ trained security
professionals are now today's requirement in order to detect, repel, and respond to external and
internal security threats.
Contact Us | Legal | Acceptable Use Policy | Privacy Policy | 1-800-GENUITY
Copyright © 2002 Genuity Inc. All rights reserved.
Internal Audit
Our Audit Team will perform an exhaustive audit of your site security, internal systems and security policies. The audit seeks to expose
key vulnerabilities in your security posture at various levels of privileged access.
Echelon Audit Teams are highly skilled security professionals who have many years of hands-on experience testing corporate security.
These advanced teams are capable of testing physical, internal and Internet systems.
Results and recommendations are presented to your IT staff following the audit. Team members are available to advise clients on
security architecture matters.
Audit Scope
Site Security
Assessment
A Penetration Team will attempt to physically breach your site security and collect sensitive data which
may assist in breaching your network security and data systems. This assessment attempts to expose the
level of security awareness in your staff and facilities.
Zero Privilege
Vulnerability
Assessment
Your security posture is assessed from the "zero privilege" standpoint. We will perform a vulnerability
assessment of internal systems and data assuming network access is available without an authorized
logon. We use "zero-knowledge" techniques to map and exploit network and system vulnerabilities from
the inside similar to those a cracker might use.
User Privilege
Vulnerability
Assessment
We now assume a basic level of privilege has been obtained through exploits of previously discovered
vulnerabilities. Many vulnerabilities allowing high privilege levels are exposed only once some level of
privilege is attained.
This assessment is particularly important as it assesses vulnerabilities available to those with a limited
privilege level.
Administrative Privilege This audit focuses on the vulnerabilities available with higher levels of privileged access. We assume this
privilege level was attained through exploitation of lower level vulnerabilities or through social engineering.
Vulnerability
Since in most systems today there is little protection from the administrator this audit focuses on
Assessment
determining the scope of exposure resulting from attainment of administrative privilege levels.
Configuration Audits
Applications
•
•
•
•
desktop images (95/NT/2k)
•
•
•
•
•
•
public network
email (virus & attachments)
application servers
SQL services (ACL)
Infrastructure
Recommendations
remote connectivity
internet access (outbound)
security policy
best practices
Analyze penetration attempts and recommend corrective actions.
•
•
•
•
•
•
Price
private network
upgrades
patches
configurations
site security
security policy
design review
Price is variable based on complexity of network and number of systems. Contact us for more information.
Internal Audit
Our Audit Team will perform an exhaustive audit of your site security, internal systems and security policies. The audit seeks to expose
key vulnerabilities in your security posture at various levels of privileged access.
Echelon Audit Teams are highly skilled security professionals who have many years of hands-on experience testing corporate security.
These advanced teams are capable of testing physical, internal and Internet systems.
Results and recommendations are presented to your IT staff following the audit. Team members are available to advise clients on
security architecture matters.
Audit Scope
Site Security
Assessment
A Penetration Team will attempt to physically breach your site security and collect sensitive data which may
assist in breaching your network security and data systems. This assessment attempts to expose the level
of security awareness in your staff and facilities.
Zero Privilege
Vulnerability
Assessment
Your security posture is assessed from the "zero privilege" standpoint. We will perform a vulnerability
assessment of internal systems and data assuming network access is available without an authorized logon.
We use "zero-knowledge" techniques to map and exploit network and system vulnerabilities from the inside
similar to those a cracker might use.
User Privilege
Vulnerability
Assessment
We now assume a basic level of privilege has been obtained through exploits of previously discovered
vulnerabilities. Many vulnerabilities allowing high privilege levels are exposed only once some level of
privilege is attained.
This assessment is particularly important as it assesses vulnerabilities available to those with a limited
privilege level.
Administrative Privilege This audit focuses on the vulnerabilities available with higher levels of privileged access. We assume this
Vulnerability
privilege level was attained through exploitation of lower level vulnerabilities or through social engineering.
Assessment
Since in most systems today there is little protection from the administrator this audit focuses on determining
the scope of exposure resulting from attainment of administrative privilege levels.
Configuration Audits
Applications
Infrastructure
Recommendations
•
desktop images (95/NT/2k)
•
•
•
email (virus & attachments)
•
•
•
•
•
•
public network
SQL services (ACL)
private network
remote connectivity
Internet access (outbound)
security policy
best practices
Analyze penetration attempts and recommend corrective actions.
•
•
•
•
•
•
Price
application servers
upgrades
patches
configurations
site security
security policy
design review
Price is variable based on complexity of network and number of systems. Contact us for more information.
External Audit
Penetration Team engagements are controlled exercises designed to expose potential vulnerabilities resulting from a breach of external
network security.
The Penetration Team operates on a "zero-knowledge" basis, utilizing techniques similar to those a cracker might employ to maximize
his ability to "own" your systems.
Our Penetration Teams are highly skilled security professionals who have many years of hands-on experience testing corporate security.
These advanced teams are capable of testing physical, internal and Internet systems.
Results and recommendations are presented to your IT staff in a briefing session following the engagement. Team members are
available to advise clients on security architecture matters.
The team results are captured in a document and presented to your IT staff in a briefing session following the engagement. Team
members are available to advise clients on security architecture matters.
Penetration Methodology
Reconnaissance
Identifies visible hosts, routers, ISPs, and more from public sources using automated tools and human
expertise.
Target Profiling
Develops a detailed picture of each device identified during reconnaissance. This includes operating system
fingerprinting, software/hardware version and other information.
Vulnerability Mapping
Uses information from the target profile to map known vulnerabilities to individual host.
Target Selection
Selects the ?softest? host through creation of penetration plans for each host.
Host Penetration
Executes the penetration plans) for each host using series of exploits with proprietary and publicly available
tools.
Recommendations
Analyzes penetration attempts and makes corrective recommendations.
Price
Price is variable based on complexity of network and number of systems. Average pricing is $25,000 for a
yearly subscription which includes quarterly vulnerability assessments.
Please contact us for more information.
REFERENCES
1. The Best Time to Implement Network Security Plans - ... vulnerabilities
with Hacking Exposed: Network ... a costly struggle to have internal ... in
entrepreneurial companies where staff ... of just one security breach. ...
http://www.entrepreneur.com/Your_Business/YB_SegArticle/0,4621,300432,00.html
2. OLERAN :: Net Solutions - ... security expertise necessary to manage security
on your Internet network ... most frequent point of breach ... engineer works with your
internal staff ...
http://www.oleran.com/security.htm
3. Genuity-Managed Security-Readiness Reports - ... confident that our
administrative staff ... possible component of our internal ... financial implications of a
security breach ... are most concerned with network ...
http://www.genuity.com/services/security/sitepatrol/readiness.htm
4. Network Security Consulting Services (PDF) - ... of a potential security
breach. ... Our security staff will examine ... A well designed security infrastruc ...
DMZ) a computer or network ... the Internet and your internal ...
http://www.unisys.com/common/investors/brochures/Security_Network_Security_Con
sulting_41359506 000.pdf
5. slip sheets (PDF) - ... ports and services * Auditing internal ... Routine security
maintenance by staff ... any type of security breach ... vendor completes a full
security ... on the client's network ...
http://www.macroint.com/css/SamplePrice.pdf
6. 3101 Sec Arch Des (PDF) - ... confidential communications throughout a global
network ... transactions * Incorporate input from internal staff ... there has been a
security breach ...
http://www.vigilinx.com/pdf/SecArchDes.pdf
7. Avatier: Command Your Greatest Asset - ... secure, self service password
reset; Make your internal staff ... REDUCE THREAT OF SECURITY BREACH ... from
breaking into an organization’s network ...
http://www.avatier.com/solutions/verticals/media.htm search within this site
8. Echelon Systems Inc. - Systems that Work! - ... will attempt to physically
breach ... awareness in your staff ... Vulnerability Assessment, Your security ...
vulnerability assessment of internal ... and data assuming network ...
http://www.echelonsystems.com/security.htm
9. Hacker penetrates NY Times' network - Tech News - CNET.com - ... NY
Times' network By Robert Lemos and Margaret Kane Staff ... giant confirmed that the
security of the internal network of ... The security breach is ...
http://news.com.com/2100-1023-846215.html search within this site
10. Madison Gurkha Technology Think-Tank - ... to reduce networking,
operational, and staff ... modem entry points to its internal ... (more...); Network and
System ... Services After a possible security breach ...
http://www.madison-gurkha.com/serv_security.shtml
11. Reaction Remedies - the way it should work (PDF) - ... elements as well as
trustworthy staff ... Where the network is concerned, however ... on this form of
security. ... to be alerted when a breach ... data open to both internal ...
http://www.cai.com/offices/uk/press/aug02/security.pdf search within this site
12. Digital Research, Inc. : Company : News - ... The proportion of companies with
formal internal policies for maintaining ... employees were more likely to report that a
network security breach ...
http://www.digitalresearch.com/digitalresearch/company/art_08202001.html
13. CITY IT & The e.forum - Financial Services 2002 | Conference ... - ... are
relatively sanguine and a security breach ... Better levels of internal network security
were ... Another example was what levels of security ... Internal staff ...
http://www.cityit.co.uk/conference/ttsession.asp?Ref=secure
14. UCD Directives - ... Upon detecting a security breach, the NOC shall ... and
actions and will develop written internal ... The staff had no policy to ... The Permanent
Network Security ...
http://chancellor.ucdavis.edu/Resource/direct/1999/99-016.cfm
15. Intranet Security using Active Net Steward, the Distributed ... - ... that
have suffered a breach ... Internal and external security requirements can ... policy
(identifying breaches of policy, staff ... Computer and Network Security, ...
http://www.online-edge.co.uk/distributed-firewall.html
16. www.activis.com - News Articles - Enemy Within - ... New research shows
that network ... to important business information, internal ... staff, contractors and
staff ... minded hackers can even breach company security ...
http://www.activis.com/en/news/articles/individual_articles/enemy_within.html
17. When the Walls Fall Down: (PDF) - ... steps should be taken when internal staff ...
enterprises can benefit from powerful, network ... 90% of respondents detected
security ... as the result of a breach ...
http://www.guidancesoftware.com/support/downloads/eeewhitepaper.pdf search within
this site
18. InformationWeek > Behind The Numbers > Defenses Mount Against ... ... or more have made the internal ... that admitted to a security breach ... Former
staff members are more ... to be behind a security ... Create Wireless Public-Safety
Network 08 ...
http://www.informationweek.com/story/IWK20020703S0028 search within this site
19. Escrow Consulting Ltd - ... The Full Breach Security Assessment will assist ...
Internal Network/Computer system Vulnerabilities Danger of staff accessing data they
...
http://www.escrowconsulting.com/services/full.html
20. Security Assessments - ... your management and technical staff ... telnet activity;
Remote management; Internal ... detrimental effects of a security breach ... an
understanding of your network ...
http://www.shake.net/assessments.cfm search within this site
Related documents
The legal obligations for leaders - Marta Tomlinson
The legal obligations for leaders - Marta Tomlinson
High Court case Citation Court Procedural History Facts Issue
High Court case Citation Court Procedural History Facts Issue
Interested Industry Participant Registration Form
Interested Industry Participant Registration Form
Word - Salt Lake County
Word - Salt Lake County
Policy No. 3.1009 TITLE: Louisiana Security Breach Notification Law
Policy No. 3.1009 TITLE: Louisiana Security Breach Notification Law
Download
advertisement