Mit itigating Leakage of Organizational Information in In in the - - PowerPoint PPT Presentation

mit itigating leakage of organizational information in in
SMART_READER_LITE
LIVE PREVIEW

Mit itigating Leakage of Organizational Information in In in the - - PowerPoint PPT Presentation

Jan 05, 2024 96 likes •281 views

Research Symposiu ium 21 November 2019 Mit itigating Leakage of Organizational Information in In in the Hyper-Connected Era: From the Perspectives of Managers and Employees Dr Dr. Nurul Nuha Abdul l Mol olok, Ph.D., LA LA27001, CC CCDA

slide-1
SLIDE 1

Mit itigating Leakage of Organizational In Information in in the Hyper-Connected Era:

From the Perspectives of Managers and Employees

Dr

  • Dr. Nurul Nuha Abdul

l Mol

  • lok, Ph.D., LA

LA27001, CC CCDA He Head De

  • Dept. of
  • f In

Information Systems Faculty of

  • f In

Information & Co Communication Tech chnology (ICT (ICT) In International Isla Islamic Univ iversit ity Mala laysia Research Symposiu ium 21 November 2019

slide-2
SLIDE 2

Outline

From the News Information leakage cases Insider threats Inadvertent information leakage Organizational information to be protected Mitigating inadvertent information leakage

slide-3
SLIDE 3

From the News

slide-4
SLIDE 4
slide-5
SLIDE 5

What would happen when 5G comes?

slide-6
SLIDE 6

In Information Leakage

  • “a breach of the confidentiality of information, typically originating

from staff inside an organisation and usually resulting in internal information being disclosed into the public domain” (ISF, 2007, p.2) across

  • rganisational boundaries
  • May be intentional and unintentional
  • May be malicious and non-malicious (but inappropriate)
slide-7
SLIDE 7

Im Impacts of f Leakage

  • loss of competitive advantage, reputation and

revenue

  • penalties from breaches of confidentiality

agreements

  • malicious hackers will identify pathways into
  • rganizations
slide-8
SLIDE 8

Our Research Findings: What do employees disclose on social media?

  • Communicating with colleagues
  • Generally, participants communicated with

colleagues about meetings, tasks, celebrations, commiserations and frustrations.

  • Employees posted about frustrations at work

typically expressing their dissatisfactions with the boss, colleagues, workloads and clients

slide-9
SLIDE 9

Our Research Findings: What do employees disclose on social media

  • Types of organizational information disclosed on

Facebook

  • Information about the organization
  • Information about bosses and supervisors
  • Information about colleagues
  • Information about job description, meetings or tasks
  • Information about company events
  • Information about clients
  • Information about other stakeholders
slide-10
SLIDE 10

Our Research Findings: Feedback fr from the industry ry

  • Risky OSN Behaviour
  • Posting information that

might be sensitive to the

  • rganization
  • Having a social media profile

that is not protected

  • Accepting friends’ requests

from unknown people

  • Playing games and using

third party applications

  • Clicking external links
  • Security Impacts
  • Information or intelligence

gathering

  • Reputational risk
  • Malware distribution
  • Identity theft
  • Network performance issue
  • Employees’ productivity

level

Garde den n of Knowledg wledge e and Virtue tue

slide-11
SLIDE 11
slide-12
SLIDE 12

Strategies to mitigate in information le leakage

Garde den n of Knowledg wledge e and Virtue tue

slide-13
SLIDE 13

ICT ICT Security Policies

  • Information security policy (ISP)
  • clear classification of confidential and sensitive information
  • Acceptable use policy of the Internet and social media
  • aligned with business processes and job requirement
  • Must be designed, implemented, enforced and reviewed to ensure

effectiveness (ISO/IEC, 2013)

  • Communicated with and understood by employees
  • Requires employees’ deep understanding and beliefs about the

severity of security breaches

Garde den n of Knowledg wledge e and Virtue tue

slide-14
SLIDE 14

Security Education, Training & Awareness

  • Improves employee security behaviour by:
  • (1) building in-depth knowledge to design, implement, or operate

information security programs for organisations and systems through security education for employees with information security responsibilities;

  • (2) developing employees’ skills to perform their jobs while using IS

more securely through security training, and

  • (3) improving employees’ awareness to protect IS resources against

risks through security awareness programs.

  • Tailored awareness programs in accordance to management levels

Garde den n of Knowledg wledge e and Virtue tue

slide-15
SLIDE 15

Technical Controls

  • Data leakage/loss

prevention/protection (DLP) systems

  • as the control mechanism for

unintentional information leakage among employees that may happen through any leakage platforms including email and social media

  • Web filtering systems
  • Unified Threat Management (UTM)
  • all-in-one security appliances include

firewall, IDS/IPS, DLP, antivirus, VPN capabilities, antispam, malicious web traffic filtering, antispyware, content filtering, traffic shaping

slide-16
SLIDE 16

Our Research Fin indings: Mit itigating in inadvertent in information le leakage

  • The strategy was influenced by
  • Management’s perception of security impacts of employees’

behaviour

  • The security managers’ perception of the security issue had a huge

impact on what security strategy they chose

  • Management’s commitment to security initiatives
  • Assignment of security responsibility
  • Employees’ behaviour
  • Maturity framework to mitigate sensitive information

leakage through social media

Garde den n of Knowledg wledge e and Virtue tue

slide-17
SLIDE 17

nurulnuha@iium.edu.my