mit itigating leakage of organizational information in in
play

Mit itigating Leakage of Organizational Information in In in the - PowerPoint PPT Presentation

Research Symposiu ium 21 November 2019 Mit itigating Leakage of Organizational Information in In in the Hyper-Connected Era: From the Perspectives of Managers and Employees Dr Dr. Nurul Nuha Abdul l Mol olok, Ph.D., LA LA27001, CC CCDA


  1. Research Symposiu ium 21 November 2019 Mit itigating Leakage of Organizational Information in In in the Hyper-Connected Era: From the Perspectives of Managers and Employees Dr Dr. Nurul Nuha Abdul l Mol olok, Ph.D., LA LA27001, CC CCDA He Head De Dept. of of In Information Systems Faculty of of In Information & Co Communication Tech chnology (ICT (ICT) In International Isla Islamic Univ iversit ity Mala laysia

  2. Outline From the News Information leakage cases Organizational information to be protected Insider threats Inadvertent information leakage Mitigating inadvertent information leakage

  3. From the News

  4. What would happen when 5G comes?

  5. In Information Leakage • “ a breach of the confidentiality of information, typically originating from staff inside an organisation and usually resulting in internal information being disclosed into the public domain ” (ISF, 2007, p.2) across organisational boundaries • May be intentional and unintentional • May be malicious and non-malicious (but inappropriate)

  6. Im Impacts of f Leakage • loss of competitive advantage, reputation and revenue • penalties from breaches of confidentiality agreements • malicious hackers will identify pathways into organizations

  7. Our Research Findings: What do employees disclose on social media? • Communicating with colleagues • Generally, participants communicated with colleagues about meetings, tasks, celebrations, commiserations and frustrations. • Employees posted about frustrations at work typically expressing their dissatisfactions with the boss, colleagues, workloads and clients

  8. Our Research Findings: What do employees disclose on social media • Types of organizational information disclosed on Facebook • Information about the organization • Information about bosses and supervisors • Information about colleagues • Information about job description, meetings or tasks • Information about company events • Information about clients • Information about other stakeholders

  9. Our Research Findings: Feedback fr from the industry ry • Risky OSN Behaviour • Security Impacts • Posting information that • Information or intelligence might be sensitive to the gathering organization • Reputational risk • Having a social media profile • Malware distribution that is not protected • Identity theft • Accepting friends’ requests • Network performance issue from unknown people • Employees’ productivity • Playing games and using level third party applications • Clicking external links Garde den n of Knowledg wledge e and Virtue tue

  10. Strategies to mitigate in information le leakage Garde den n of Knowledg wledge e and Virtue tue

  11. ICT ICT Security Policies • Information security policy (ISP) • clear classification of confidential and sensitive information • Acceptable use policy of the Internet and social media • aligned with business processes and job requirement • Must be designed, implemented, enforced and reviewed to ensure effectiveness (ISO/IEC, 2013) • Communicated with and understood by employees • Requires employees’ deep understanding and beliefs about the severity of security breaches Garde den n of Knowledg wledge e and Virtue tue

  12. Security Education, Training & Awareness • Improves employee security behaviour by: • (1) building in-depth knowledge to design, implement, or operate information security programs for organisations and systems through security education for employees with information security responsibilities; • ( 2) developing employees’ skills to perform their jobs while using IS more securely through security training , and • ( 3) improving employees’ awareness to protect IS resources against risks through security awareness programs. • Tailored awareness programs in accordance to management levels Garde den n of Knowledg wledge e and Virtue tue

  13. Technical Controls • Data leakage/loss prevention/protection (DLP) systems • as the control mechanism for unintentional information leakage among employees that may happen through any leakage platforms including email and social media • Web filtering systems • Unified Threat Management (UTM) • all-in-one security appliances include firewall, IDS/IPS, DLP, antivirus, VPN capabilities, antispam, malicious web traffic filtering, antispyware, content filtering, traffic shaping

  14. Our Research Fin indings: Mit itigating in inadvertent in information le leakage • The strategy was influenced by • Management’s perception of security impacts of employees’ behaviour • The security managers’ perception of the security issue had a huge impact on what security strategy they chose • Management’s commitment to security initiatives • Assignment of security responsibility • Employees’ b ehaviour • Maturity framework to mitigate sensitive information leakage through social media Garde den n of Knowledg wledge e and Virtue tue

  15. nurulnuha@iium.edu.my

Recommend


More recommend