SlideShare uma empresa Scribd logo

Ahmed Al Barrak - Staff information security practices - a latent threat

N
nooralmousa
1 de 36
Baixar para ler offline
The 3rd Kuwait Infosecurity Conference Staff Information Security Practices: a latent threat P ti l t t th t Dr. Ahmed Albarrak Associate. Professor of Medical Informatics, Chairman, Medical Informatics Dept. Director, E-learning and knowledge management College of Medicine, King Saud University g , g y The 3rd ksuahmed@yahoo.com Kuwait Infosecurity Conference albarrak@ksu.edu.sa Albarrak@ksu.edu.sa
Agenda • Introduction • Security threats • User behaviors • International findings in security threats • Security study S – Objectives – methods and settings – Results • Conclusions and recommendations The 3rd Kuwait Infosecurity Conference 2 albarrak@ksu.edu.sa
Introduction • Information security is a permanent challenge for any organization especially governmental health and especially, governmental, health, academic organizations • While the risk of external threats can be assessed and accounted for by intrusion detection and other relevant tools • Insider threats are difficult to detect and manage threats, because they primarily emerge from the authorized user malicious practices. The 3rd Kuwait Infosecurity Conference 3 albarrak@ksu.edu.sa
Introduction • The enforcement of strict information security polices therefore has become one of the top p p priorities for organizations to protect data against hacking and unauthorized access • It is well understood that technolog alone cannot ell nderstood technology provide all aspects of information security required by any organizations • Technology can help in preventing security threats and breaches of security in the organization infrastructure, computer system security compromises, and insecure compromises transmission of information The 3rd Kuwait Infosecurity Conference 4 albarrak@ksu.edu.sa
Introduction • But not or little effect in cases due to the unwanted disclosure of information take place in several ways, such as acts of disloyal employees • Due to the nature of the users threats being latent and cannot easily be detected by the ordinary intrusion or access control mechanisms, and because users behaviour is not consistent across different organization, this issue become a subject of many research and investigations. The 3rd Kuwait Infosecurity Conference 5 albarrak@ksu.edu.sa
Introduction • Information security and privacy, and confidentiality of p patients data in healthcare work environment should not regarded as only policies, procedures, and practices • Information security includes culture, mores and should be considered to be part of the healthcare process and y medical ethnicity • Information security of healthcare systems is particularly vital due to the sensitive nature of information stored in these systems as well as the cost associated with the loss of patient’ data patient The 3rd Kuwait Infosecurity Conference 6 albarrak@ksu.edu.sa
Introduction • The loss of sensitive patients’ or students’ data may p y cause a huge damage to the organization reputation • It can reduce customer confidence, undermine the organization reliability and jeopardize its competitiveness in the market • In some cases, can result even in legal consequences, fines and penalties The 3rd Kuwait Infosecurity Conference 7 albarrak@ksu.edu.sa
Security threats • Information damage might take p g g place in many forms y such as: – intrusion into the systems, – thefts of organization data, – fraudulent use of data, – defacement of organizational websites websites, – other forms of information loss or damage. Such damages are caused by hackers virus writers as hackers, writers, well as AUTHORIZED users The 3rd Kuwait Infosecurity Conference 8 albarrak@ksu.edu.sa
Information security and user behavior • Organizations sometimes consider information security g y as something that can be achieved only by enhanced technologies (such as, firewalls and intrusion detection software), software) and well trained IT personals …………… personals, • While ignoring or giving little attention to the role of systems’ users who represent a critical factor in the implementation and protection of the systems and data security The 3rd Kuwait Infosecurity Conference 9 albarrak@ksu.edu.sa
Information security and user behavior y • The utilization of IT in the healthcare delivery, where y, services are provided by multidisciplinary teams of healthcare professionals and trainees in a shared environment, environment has been accompanied by several challenges and threats related to the privacy and confidentiality of patients’ information. Lekkas, 2007 • The breech of electronic patients’ information is particularly associated with unbearable high loss. It does not only lead to financial losses, but it may lead to threatening patients’ safety and jeopardize their lives. The 3rd Kuwait Infosecurity Conference 10 albarrak@ksu.edu.sa
International Findings In Security Threats Th t • In a study by North 2006, of 465 students at Clark y y , Atlanta University, – 23% of students replied that they have used other people’s computers without authorization. l ’ t ith t th i ti • A research conducted by CISCO in 2008, – 2000 users in 10 countries showed that at least one of every 3 employees leave their computers logged on and unlocked when they are away from their desk to t k t take a lunch or go h l h home after working h ft ki hours. The 3rd Kuwait Infosecurity Conference 11 albarrak@ksu.edu.sa
International Findings In Security Threats • In a survey of 381 employees of a medium sized p y p y public sector agency, – 16% of the respondents shared passwords with other people. Woodhouse 2007 l • A survey study of students on password practices and attitudes, it was found that, – 22% of respondents share their webmail password with others. Hart 2008 – Similar conclusion was also reported by CISCO 2008, that 18% of the surveyed employees share passwords with co-workers. co workers. The 3rd Kuwait Infosecurity Conference 12 albarrak@ksu.edu.sa
International Findings In Security Threats • Research and Studies have shown that users are generally reluctant to change their passwords as well. In a survey given to university students at Plattsburgh about their attitudes and practices regarding passwords passwords, – Over than 80% of them rarely change their password. (Hart 2008) – Comparable results were reported in a study by Stanton et al. that 23% of the employees surveyed sometimes disclose their passwords to colleagues and staff members. (Stanton et al. 2004) The 3rd Kuwait Infosecurity Conference 13 albarrak@ksu.edu.sa
International Findings In Security Threats g y • A totally secured system from a technical p y y point of view can become totally insecure by the users’ mal practices. Bardram 2005 • The promotion of security culture to comply with security policies and raising the end-user awareness on security end user issue through education as the best practices to reduce security threats in the working place environment. D’Arcy D’Arc 2007 The 3rd Kuwait Infosecurity Conference 14 albarrak@ksu.edu.sa
Security study • A study examined breaches of information security y y originating from the staff mal practices at KSU College of Medicine and two University Hospitals The bj ti Th objectives of th study were: f the t d • to assess, evaluate, and analyze the security behavior of users at King Saud University Hospitals, Riyadh, Saudi Arabia, • to examines whether such behavior differ across employee categories l t i The 3rd Kuwait Infosecurity Conference 15 albarrak@ksu.edu.sa
Study methods and settings • Data collection was done by a means of a q y questionnaire distributed to a random sample of 2000 employees (220 administrative staff, 380 physicians, 900 nursing staff and 500 allied health and technical staff) • The questions were set to address the security behavior of users and explore their awareness on some basics security and privacy issues. • The (SPSS 16©) was used for all data analysis. Comparison was held statistically significant if (p≤ 0.05). The 3rd Kuwait Infosecurity Conference 16 albarrak@ksu.edu.sa
Results • In total, 554 questionnaires were completed on which , q p analysis was based • Demographics: – 73% females, 27% male – Saudis constituted 18% – age (40 +/ 0 5 yrs; mean+/ SE) age, +/- 0.5 mean+/- – period of employment at the hospitals, (7 +/- 0.3 yrs; mean+/- SE) ) – time since employee started using the hospital IT system, (6 +/- 0.2; mean+/- SE) years. The 3rd Kuwait Infosecurity Conference 17 albarrak@ksu.edu.sa
Results Respondents were distributed between p p professions as follows; • 62 Physicians (consultants, specialists and general practitioners), titi ) • 49 administrative staff, • 354 nursing staff staff, • 84 allied health staff (laboratory, x-ray and other technicians). The 3rd Kuwait Infosecurity Conference 18 albarrak@ksu.edu.sa
Results Respondents ( p (users) access the hospital IT system to ) p y perform at least one of the following tasks; • viewing and editing of medical records and accessing the h th hospital i f it l information system (HIS) (47%) ti t (47%), • investigating laboratory results (LAB system) (15%), • retrieving of x-rays (22%), (22%) • internet and e-mail services (15%). The 3rd Kuwait Infosecurity Conference 19 albarrak@ksu.edu.sa
• 81% of hospital staff use shared computers, and the p p , proportion of nursing and allied health staff using shared computers is significantly higher than in other job categories personal, 19% shared , 81% The 3rd Kuwait Infosecurity Conference 20 albarrak@ksu.edu.sa
Working environment (shared work stations)  100 90 80 70 60 50 Personal  Personal Shared  40 30 20 10 0 Physicians% Administrative% Nursing% Allied health staff% The 3rd Kuwait Infosecurity Conference 21 albarrak@ksu.edu.sa
• 16% of respondents do not sign out applications after p g pp working sessions • Older employees tend to be more aware about such a practice th th i younger counterparts ( 0 01) ti than their t t (p=0.01). • Communication of passwords between office mates and friends was reported by 27% of respondents. More frequent among females than among males (p=0.0001). higher among nursing staff than other job categories (p=0.0001) (p=0 0001) The 3rd Kuwait Infosecurity Conference 22 albarrak@ksu.edu.sa
• The practice of NOT changing the p p g g password after being g known to unauthorized persons was stated by 45% of participants • M l are significantly d i b tt concerning thi h bit Males i ifi tl doing better i this habit than females • Nursing staff appears to be the least aware group about changing their passwords when released to others than any other group of staff (p=0.0001) The 3rd Kuwait Infosecurity Conference 23 albarrak@ksu.edu.sa
• 70% of respondents had never changed their default p g system generated passwords. This practice is also more frequent among females compared to males and among nursing staff compared to other professions yes 30% no 70% Changing the password after first being  generated by administrator The 3rd Kuwait Infosecurity Conference 24 albarrak@ksu.edu.sa
Changing the password after first being generated by administrator 80 70 60 50 40 Yes No 30 20 10 0 Physicians% Administrative% Nursing% Allied health staff% The 3rd Kuwait Infosecurity Conference 25 albarrak@ksu.edu.sa
60 53% 50 40 33% 30 20 14% 10 0% 0 Alphabets Digits only Alphabets & Alphabets, only digits digits & symbols Password structure The 3rd Kuwait Infosecurity Conference 26 albarrak@ksu.edu.sa
Parameter Response No. % Use of personal or shared computer Personal 99 19 Shared 418 81 Logging off the application after yes 448 84 work sessions no 83 16 Allowing others to use the account yes 213 40 without giving them the password no 317 60 Allowing office mates and friends yes All i ffi t d f i d 145 27 to know the password no 394 73 Changing the password after being yes 290 55 known to other people no 240 45 Changing the password after first yes 158 30 being generated by administrator no 370 70   The 3rd Kuwait Infosecurity Conference 27 albarrak@ksu.edu.sa
Allowing office mates and friends to know the password 100 90 80 70 60 50 Yes No 40 30 20 10 0 Physicians% Administrative% Nursing% Allied health staff% The 3rd Kuwait Infosecurity Conference 28 albarrak@ksu.edu.sa
Changing the password after being known to others 80 70 60 50 40 Yes No 30 20 10 0 Physicians% Administrative% Nursing% Allied health staff% The 3rd Kuwait Infosecurity Conference 29 albarrak@ksu.edu.sa
Allowing others to use the account without giving them the  password 80 70 60 50 40 Yes No 30 20 10 0 Physicians% Administrative% Nursing% Allied health staff% The 3rd Kuwait Infosecurity Conference 30 albarrak@ksu.edu.sa
Findings • Although sharing of workstations is not a user choice g g and it is more likely attributed to the nature of hospital or work environment, however it represents a latent security threats • It be can argued that compliance with security policies and procedures is very hard in a multiuser shared environment than in other places where each user login to a dedicated personal computer • In such a multiuser environment security practice and environment, awareness of users constitutes the first defense line to safeguard patient data The 3rd Kuwait Infosecurity Conference 31 albarrak@ksu.edu.sa
Findings • Studies have shown that users are generally reluctant to g y change their passwords • Users should be initiated and encouraged to change their th i passwords when f lt f any reasons it b d h felt for become unsafe • Change of password, as a precautionary security measure, is highly recommended, mainly in three situations; after being issued by system administrator, after feeling that it was known by others and after every others, regular time intervals The 3rd Kuwait Infosecurity Conference 32 albarrak@ksu.edu.sa
Findings • This study further reveals that the staff are varying in y y g complying with security measures • Understanding privacy, and security threats and challenges facing organization is essential for building a holistic security process and avoiding loss and threats to patient information • Besides, users should be instructed to strictly comply with policies and procedures th t prevent communication ith li i d d that t i ti of passwords, using others accounts and keeping of p passwords unchanged for long time intervals g g The 3rd Kuwait Infosecurity Conference 33 albarrak@ksu.edu.sa
Recommendations • Organizations should build a sense of information security awareness among all staff to g y g gain their support pp in protecting sensitive data • Continuous educations and evaluation of the security processes are major elements in that context • Other measures such as, auto locking & logging off when are not in use for predefined period. The 3rd Kuwait Infosecurity Conference 34 albarrak@ksu.edu.sa
Conclusions • It is clearly proofed that the technical security measures alone can NOT prevent security breaches. • Insider threats, are difficult to detect and manage because they primarily emerge from the authorized user malicious practices • Which emphasized that awareness training and education of users on information security issues are very i important for achieving a reliable l t tf hi i li bl level of l f information security in any organizations The 3rd Kuwait Infosecurity Conference 35 albarrak@ksu.edu.sa
The 3rd Kuwait Infosecurity Conference 36 albarrak@ksu.edu.sa

Recomendados

Information Security Management in University Campus Using Cognitive Security
Information Security Management in University Campus Using Cognitive SecurityInformation Security Management in University Campus Using Cognitive Security
Information Security Management in University Campus Using Cognitive SecurityCSCJournals
 
Recapitulating the development initiatives of a robust information security s...
Recapitulating the development initiatives of a robust information security s...Recapitulating the development initiatives of a robust information security s...
Recapitulating the development initiatives of a robust information security s...IOSR Journals
 
OCR cybersecurity
OCR cybersecurityOCR cybersecurity
OCR cybersecurityUIUC Corporate Relations
 
Paper Titled Information Security in an organization
Paper Titled Information Security in an organizationPaper Titled Information Security in an organization
Paper Titled Information Security in an organizationMohammed Mahfouz Alhassan
 
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...Investorideas.com
 
VPN security standards - Tareq Hanaysha
VPN security standards - Tareq HanayshaVPN security standards - Tareq Hanaysha
VPN security standards - Tareq HanayshaHanaysha
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligenceijtsrd
 
Fundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest TechnologyFundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest Technologyijtsrd
 

Recomendados

Information Security Management in University Campus Using Cognitive Security
Information Security Management in University Campus Using Cognitive SecurityInformation Security Management in University Campus Using Cognitive Security
Information Security Management in University Campus Using Cognitive SecurityCSCJournals
 
Recapitulating the development initiatives of a robust information security s...
Recapitulating the development initiatives of a robust information security s...Recapitulating the development initiatives of a robust information security s...
Recapitulating the development initiatives of a robust information security s...IOSR Journals
 
OCR cybersecurity
OCR cybersecurityOCR cybersecurity
OCR cybersecurityUIUC Corporate Relations
 
Paper Titled Information Security in an organization
Paper Titled Information Security in an organizationPaper Titled Information Security in an organization
Paper Titled Information Security in an organizationMohammed Mahfouz Alhassan
 
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...Investorideas.com
 
VPN security standards - Tareq Hanaysha
VPN security standards - Tareq HanayshaVPN security standards - Tareq Hanaysha
VPN security standards - Tareq HanayshaHanaysha
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligenceijtsrd
 
Fundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest TechnologyFundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest Technologyijtsrd
 
Mobile Device Users’ Susceptibility To Phishing Attacks
Mobile Device Users’ Susceptibility To Phishing AttacksMobile Device Users’ Susceptibility To Phishing Attacks
Mobile Device Users’ Susceptibility To Phishing AttacksAIRCC Publishing Corporation
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...IOSR Journals
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...Ahmad Sharifi
 
Analytical survey of active intrusion detection techniques in mobile ad hoc n...
Analytical survey of active intrusion detection techniques in mobile ad hoc n...Analytical survey of active intrusion detection techniques in mobile ad hoc n...
Analytical survey of active intrusion detection techniques in mobile ad hoc n...eSAT Publishing House
 
SIA-Q1-2016
SIA-Q1-2016SIA-Q1-2016
SIA-Q1-2016Owais Hassan
 
Bn31437444
Bn31437444Bn31437444
Bn31437444IJERA Editor
 
EMERGENCY RESPONSE COMMUNICATIONS AND ASSOCIATED SECURITY CHALLENGES
EMERGENCY RESPONSE COMMUNICATIONS AND ASSOCIATED SECURITY CHALLENGESEMERGENCY RESPONSE COMMUNICATIONS AND ASSOCIATED SECURITY CHALLENGES
EMERGENCY RESPONSE COMMUNICATIONS AND ASSOCIATED SECURITY CHALLENGESIJNSA Journal
 
Security Issues and Challenges in Internet of Things – A Review
Security Issues and Challenges in Internet of Things – A ReviewSecurity Issues and Challenges in Internet of Things – A Review
Security Issues and Challenges in Internet of Things – A ReviewIJERA Editor
 
Managing Complexity in a World of Surprise David L. Alderson, PhD
Managing Complexity in a World of Surprise David L. Alderson, PhDManaging Complexity in a World of Surprise David L. Alderson, PhD
Managing Complexity in a World of Surprise David L. Alderson, PhDPacificResearchPlatform
 
I0516064
I0516064I0516064
I0516064IOSR Journals
 
Ea3212451252
Ea3212451252Ea3212451252
Ea3212451252IJMER
 
Paper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile worldPaper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile worldWTHS
 
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi KenyaRegional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi KenyaMartin M
 
Securing Cloud Using Fog: A Review
Securing Cloud Using Fog: A ReviewSecuring Cloud Using Fog: A Review
Securing Cloud Using Fog: A ReviewIRJET Journal
 
SECURING THE WEB DOMAIN BASED ON HASHING
SECURING THE WEB DOMAIN BASED ON HASHINGSECURING THE WEB DOMAIN BASED ON HASHING
SECURING THE WEB DOMAIN BASED ON HASHINGAM Publications
 
Cyber Security Isaca Bglr Presentation 24th July
Cyber Security Isaca Bglr Presentation 24th JulyCyber Security Isaca Bglr Presentation 24th July
Cyber Security Isaca Bglr Presentation 24th JulyFiroze Hussain
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1Royalzig Luxury Furniture
 
Paper id 25201417
Paper id 25201417Paper id 25201417
Paper id 25201417IJRAT
 
A Collaborative Intrusion Detection System for Cloud Computing
A Collaborative Intrusion Detection System for Cloud ComputingA Collaborative Intrusion Detection System for Cloud Computing
A Collaborative Intrusion Detection System for Cloud Computingijsrd.com
 
Forensics
ForensicsForensics
ForensicsLaura Aviles
 
APIs, Identity, and Analytics To Fuel Digital Business Innovation
APIs, Identity, and Analytics To Fuel Digital Business InnovationAPIs, Identity, and Analytics To Fuel Digital Business Innovation
APIs, Identity, and Analytics To Fuel Digital Business InnovationWSO2
 
Digital Fuel & Forrester Cloud Computing IT Financial Management
Digital Fuel & Forrester Cloud Computing IT Financial ManagementDigital Fuel & Forrester Cloud Computing IT Financial Management
Digital Fuel & Forrester Cloud Computing IT Financial Managementyisbat
 

Mais conteúdo relacionado

Mais procurados

Mobile Device Users’ Susceptibility To Phishing Attacks
Mobile Device Users’ Susceptibility To Phishing AttacksMobile Device Users’ Susceptibility To Phishing Attacks
Mobile Device Users’ Susceptibility To Phishing AttacksAIRCC Publishing Corporation
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...IOSR Journals
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...Ahmad Sharifi
 
Analytical survey of active intrusion detection techniques in mobile ad hoc n...
Analytical survey of active intrusion detection techniques in mobile ad hoc n...Analytical survey of active intrusion detection techniques in mobile ad hoc n...
Analytical survey of active intrusion detection techniques in mobile ad hoc n...eSAT Publishing House
 
EMERGENCY RESPONSE COMMUNICATIONS AND ASSOCIATED SECURITY CHALLENGES
EMERGENCY RESPONSE COMMUNICATIONS AND ASSOCIATED SECURITY CHALLENGESEMERGENCY RESPONSE COMMUNICATIONS AND ASSOCIATED SECURITY CHALLENGES
EMERGENCY RESPONSE COMMUNICATIONS AND ASSOCIATED SECURITY CHALLENGESIJNSA Journal
 
Security Issues and Challenges in Internet of Things – A Review
Security Issues and Challenges in Internet of Things – A ReviewSecurity Issues and Challenges in Internet of Things – A Review
Security Issues and Challenges in Internet of Things – A ReviewIJERA Editor
 
Managing Complexity in a World of Surprise David L. Alderson, PhD
Managing Complexity in a World of Surprise David L. Alderson, PhDManaging Complexity in a World of Surprise David L. Alderson, PhD
Managing Complexity in a World of Surprise David L. Alderson, PhDPacificResearchPlatform
 
Ea3212451252
Ea3212451252Ea3212451252
Ea3212451252IJMER
 
Paper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile worldPaper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile worldWTHS
 
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi KenyaRegional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi KenyaMartin M
 
Securing Cloud Using Fog: A Review
Securing Cloud Using Fog: A ReviewSecuring Cloud Using Fog: A Review
Securing Cloud Using Fog: A ReviewIRJET Journal
 
SECURING THE WEB DOMAIN BASED ON HASHING
SECURING THE WEB DOMAIN BASED ON HASHINGSECURING THE WEB DOMAIN BASED ON HASHING
SECURING THE WEB DOMAIN BASED ON HASHINGAM Publications
 
Cyber Security Isaca Bglr Presentation 24th July
Cyber Security Isaca Bglr Presentation 24th JulyCyber Security Isaca Bglr Presentation 24th July
Cyber Security Isaca Bglr Presentation 24th JulyFiroze Hussain
 
Paper id 25201417
Paper id 25201417Paper id 25201417
Paper id 25201417IJRAT
 
A Collaborative Intrusion Detection System for Cloud Computing
A Collaborative Intrusion Detection System for Cloud ComputingA Collaborative Intrusion Detection System for Cloud Computing
A Collaborative Intrusion Detection System for Cloud Computingijsrd.com
 

Mais procurados (20)

Mobile Device Users’ Susceptibility To Phishing Attacks
Mobile Device Users’ Susceptibility To Phishing AttacksMobile Device Users’ Susceptibility To Phishing Attacks
Mobile Device Users’ Susceptibility To Phishing Attacks
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
 
Analytical survey of active intrusion detection techniques in mobile ad hoc n...
Analytical survey of active intrusion detection techniques in mobile ad hoc n...Analytical survey of active intrusion detection techniques in mobile ad hoc n...
Analytical survey of active intrusion detection techniques in mobile ad hoc n...
 
SIA-Q1-2016
SIA-Q1-2016SIA-Q1-2016
SIA-Q1-2016
 
Bn31437444
Bn31437444Bn31437444
Bn31437444
 
EMERGENCY RESPONSE COMMUNICATIONS AND ASSOCIATED SECURITY CHALLENGES
EMERGENCY RESPONSE COMMUNICATIONS AND ASSOCIATED SECURITY CHALLENGESEMERGENCY RESPONSE COMMUNICATIONS AND ASSOCIATED SECURITY CHALLENGES
EMERGENCY RESPONSE COMMUNICATIONS AND ASSOCIATED SECURITY CHALLENGES
 
Security Issues and Challenges in Internet of Things – A Review
Security Issues and Challenges in Internet of Things – A ReviewSecurity Issues and Challenges in Internet of Things – A Review
Security Issues and Challenges in Internet of Things – A Review
 
Managing Complexity in a World of Surprise David L. Alderson, PhD
Managing Complexity in a World of Surprise David L. Alderson, PhDManaging Complexity in a World of Surprise David L. Alderson, PhD
Managing Complexity in a World of Surprise David L. Alderson, PhD
 
I0516064
I0516064I0516064
I0516064
 
Ea3212451252
Ea3212451252Ea3212451252
Ea3212451252
 
Paper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile worldPaper Florencio Cano - Patient data security in a wireless and mobile world
Paper Florencio Cano - Patient data security in a wireless and mobile world
 
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi KenyaRegional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya
 
Securing Cloud Using Fog: A Review
Securing Cloud Using Fog: A ReviewSecuring Cloud Using Fog: A Review
Securing Cloud Using Fog: A Review
 
SECURING THE WEB DOMAIN BASED ON HASHING
SECURING THE WEB DOMAIN BASED ON HASHINGSECURING THE WEB DOMAIN BASED ON HASHING
SECURING THE WEB DOMAIN BASED ON HASHING
 
Cyber Security Isaca Bglr Presentation 24th July
Cyber Security Isaca Bglr Presentation 24th JulyCyber Security Isaca Bglr Presentation 24th July
Cyber Security Isaca Bglr Presentation 24th July
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1
 
Paper id 25201417
Paper id 25201417Paper id 25201417
Paper id 25201417
 
A Collaborative Intrusion Detection System for Cloud Computing
A Collaborative Intrusion Detection System for Cloud ComputingA Collaborative Intrusion Detection System for Cloud Computing
A Collaborative Intrusion Detection System for Cloud Computing
 
Forensics
ForensicsForensics
Forensics
 

Destaque

APIs, Identity, and Analytics To Fuel Digital Business Innovation
APIs, Identity, and Analytics To Fuel Digital Business InnovationAPIs, Identity, and Analytics To Fuel Digital Business Innovation
APIs, Identity, and Analytics To Fuel Digital Business InnovationWSO2
 
Digital Fuel & Forrester Cloud Computing IT Financial Management
Digital Fuel & Forrester Cloud Computing IT Financial ManagementDigital Fuel & Forrester Cloud Computing IT Financial Management
Digital Fuel & Forrester Cloud Computing IT Financial Managementyisbat
 
White Paper: The Evolution of Consumer Identity: 10 Predictions for 2015
White Paper: The Evolution of Consumer Identity: 10 Predictions for 2015White Paper: The Evolution of Consumer Identity: 10 Predictions for 2015
White Paper: The Evolution of Consumer Identity: 10 Predictions for 2015Gigya
 
Ndh group+intacct cloud-financial-management-you-can-count-on
Ndh group+intacct cloud-financial-management-you-can-count-onNdh group+intacct cloud-financial-management-you-can-count-on
Ndh group+intacct cloud-financial-management-you-can-count-onndhsshare1
 
Access Management for Cloud and Mobile
Access Management for Cloud and MobileAccess Management for Cloud and Mobile
Access Management for Cloud and MobileForgeRock
 
White Paper: Internal vs. External Identity Access Management
White Paper: Internal vs. External Identity Access Management White Paper: Internal vs. External Identity Access Management
White Paper: Internal vs. External Identity Access Management Gigya
 
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM PracticesIdentity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM PracticesPing Identity
 
Stephan Hendriks Eric IJpelaar - Identity access management in the cloud -
Stephan Hendriks Eric IJpelaar - Identity access management in the cloud - Stephan Hendriks Eric IJpelaar - Identity access management in the cloud -
Stephan Hendriks Eric IJpelaar - Identity access management in the cloud - Infosecurity2010
 
Paradigmo specialised in Identity & Access Management
Paradigmo specialised in Identity & Access ManagementParadigmo specialised in Identity & Access Management
Paradigmo specialised in Identity & Access ManagementJulie Beuselinck
 
White Paper: Saml as an SSO Standard for Customer Identity Management
White Paper: Saml as an SSO Standard for Customer Identity ManagementWhite Paper: Saml as an SSO Standard for Customer Identity Management
White Paper: Saml as an SSO Standard for Customer Identity ManagementGigya
 
[Webinaire] Présentation de la création de workflow avec la Plateforme Nuxeo
[Webinaire] Présentation de la création de workflow avec la Plateforme Nuxeo[Webinaire] Présentation de la création de workflow avec la Plateforme Nuxeo
[Webinaire] Présentation de la création de workflow avec la Plateforme NuxeoNuxeo
 

Destaque (11)

APIs, Identity, and Analytics To Fuel Digital Business Innovation
APIs, Identity, and Analytics To Fuel Digital Business InnovationAPIs, Identity, and Analytics To Fuel Digital Business Innovation
APIs, Identity, and Analytics To Fuel Digital Business Innovation
 
Digital Fuel & Forrester Cloud Computing IT Financial Management
Digital Fuel & Forrester Cloud Computing IT Financial ManagementDigital Fuel & Forrester Cloud Computing IT Financial Management
Digital Fuel & Forrester Cloud Computing IT Financial Management
 
White Paper: The Evolution of Consumer Identity: 10 Predictions for 2015
White Paper: The Evolution of Consumer Identity: 10 Predictions for 2015White Paper: The Evolution of Consumer Identity: 10 Predictions for 2015
White Paper: The Evolution of Consumer Identity: 10 Predictions for 2015
 
Ndh group+intacct cloud-financial-management-you-can-count-on
Ndh group+intacct cloud-financial-management-you-can-count-onNdh group+intacct cloud-financial-management-you-can-count-on
Ndh group+intacct cloud-financial-management-you-can-count-on
 
Access Management for Cloud and Mobile
Access Management for Cloud and MobileAccess Management for Cloud and Mobile
Access Management for Cloud and Mobile
 
White Paper: Internal vs. External Identity Access Management
White Paper: Internal vs. External Identity Access Management White Paper: Internal vs. External Identity Access Management
White Paper: Internal vs. External Identity Access Management
 
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM PracticesIdentity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
 
Stephan Hendriks Eric IJpelaar - Identity access management in the cloud -
Stephan Hendriks Eric IJpelaar - Identity access management in the cloud - Stephan Hendriks Eric IJpelaar - Identity access management in the cloud -
Stephan Hendriks Eric IJpelaar - Identity access management in the cloud -
 
Paradigmo specialised in Identity & Access Management
Paradigmo specialised in Identity & Access ManagementParadigmo specialised in Identity & Access Management
Paradigmo specialised in Identity & Access Management
 
White Paper: Saml as an SSO Standard for Customer Identity Management
White Paper: Saml as an SSO Standard for Customer Identity ManagementWhite Paper: Saml as an SSO Standard for Customer Identity Management
White Paper: Saml as an SSO Standard for Customer Identity Management
 
[Webinaire] Présentation de la création de workflow avec la Plateforme Nuxeo
[Webinaire] Présentation de la création de workflow avec la Plateforme Nuxeo[Webinaire] Présentation de la création de workflow avec la Plateforme Nuxeo
[Webinaire] Présentation de la création de workflow avec la Plateforme Nuxeo
 

Semelhante a Ahmed Al Barrak - Staff information security practices - a latent threat

Enhanced Cryptographic Solution for Security Issues Faced by Saudi Arabian un...
Enhanced Cryptographic Solution for Security Issues Faced by Saudi Arabian un...Enhanced Cryptographic Solution for Security Issues Faced by Saudi Arabian un...
Enhanced Cryptographic Solution for Security Issues Faced by Saudi Arabian un...MajedahAlkharji
 
Cyber Security_Presentation_KTH
Cyber Security_Presentation_KTHCyber Security_Presentation_KTH
Cyber Security_Presentation_KTHAwais Shibli
 
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...AI Publications
 
Chapter 1 overview
Chapter 1 overviewChapter 1 overview
Chapter 1 overviewali raza
 
Network Security-Module_1.pdf
Network Security-Module_1.pdfNetwork Security-Module_1.pdf
Network Security-Module_1.pdfDr. Shivashankar
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmtmadunix
 
A Bring Your Own Device Risk Assessment Model
A Bring Your Own Device Risk Assessment ModelA Bring Your Own Device Risk Assessment Model
A Bring Your Own Device Risk Assessment ModelCSCJournals
 
security and usable.ppt
security and usable.pptsecurity and usable.ppt
security and usable.pptSaba651353
 
A systematic mapping study of security, trust and privacy in clouds
A systematic mapping study of security, trust and privacy in cloudsA systematic mapping study of security, trust and privacy in clouds
A systematic mapping study of security, trust and privacy in cloudsjournalBEEI
 
7 - ENISA Smart Hospitals Study.pptx
7 - ENISA Smart Hospitals Study.pptx7 - ENISA Smart Hospitals Study.pptx
7 - ENISA Smart Hospitals Study.pptxnichal3
 
CCNA_Security_01.ppt
CCNA_Security_01.pptCCNA_Security_01.ppt
CCNA_Security_01.pptveracru1
 
Security in Learning Management Systems: Designing Collaborative Learning Act...
Security in Learning Management Systems: Designing Collaborative Learning Act...Security in Learning Management Systems: Designing Collaborative Learning Act...
Security in Learning Management Systems: Designing Collaborative Learning Act...eLearning Papers
 
Security, Compliance & Loss Prevention Part 6.pptx
Security, Compliance & Loss Prevention Part 6.pptxSecurity, Compliance & Loss Prevention Part 6.pptx
Security, Compliance & Loss Prevention Part 6.pptxSheldon Byron
 
Get training in cyber security & place yourself in good companies through...
Get training in cyber security & place yourself in good companies through...Get training in cyber security & place yourself in good companies through...
Get training in cyber security & place yourself in good companies through...CCI Training Center
 
GUL Network Infrastructure
GUL Network InfrastructureGUL Network Infrastructure
GUL Network InfrastructureMuhammad Zeeshan
 
THE CRYPTO CLUSTERING FOR ENHANCEMENT OF DATA PRIVACY
THE CRYPTO CLUSTERING FOR ENHANCEMENT OF DATA PRIVACYTHE CRYPTO CLUSTERING FOR ENHANCEMENT OF DATA PRIVACY
THE CRYPTO CLUSTERING FOR ENHANCEMENT OF DATA PRIVACYIRJET Journal
 

Semelhante a Ahmed Al Barrak - Staff information security practices - a latent threat (20)

Enhanced Cryptographic Solution for Security Issues Faced by Saudi Arabian un...
Enhanced Cryptographic Solution for Security Issues Faced by Saudi Arabian un...Enhanced Cryptographic Solution for Security Issues Faced by Saudi Arabian un...
Enhanced Cryptographic Solution for Security Issues Faced by Saudi Arabian un...
 
Cyber Security_Presentation_KTH
Cyber Security_Presentation_KTHCyber Security_Presentation_KTH
Cyber Security_Presentation_KTH
 
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...
Cultivating Proactive Cybersecurity Culture among IT Professional to Combat E...
 
Network security # Lecture 1
Network security # Lecture 1Network security # Lecture 1
Network security # Lecture 1
 
Chapter 1 overview
Chapter 1 overviewChapter 1 overview
Chapter 1 overview
 
Network Security-Module_1.pdf
Network Security-Module_1.pdfNetwork Security-Module_1.pdf
Network Security-Module_1.pdf
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmt
 
820 1961-1-pb
820 1961-1-pb820 1961-1-pb
820 1961-1-pb
 
Cloud_Security.pptx
Cloud_Security.pptxCloud_Security.pptx
Cloud_Security.pptx
 
A Bring Your Own Device Risk Assessment Model
A Bring Your Own Device Risk Assessment ModelA Bring Your Own Device Risk Assessment Model
A Bring Your Own Device Risk Assessment Model
 
security and usable.ppt
security and usable.pptsecurity and usable.ppt
security and usable.ppt
 
A systematic mapping study of security, trust and privacy in clouds
A systematic mapping study of security, trust and privacy in cloudsA systematic mapping study of security, trust and privacy in clouds
A systematic mapping study of security, trust and privacy in clouds
 
7 - ENISA Smart Hospitals Study.pptx
7 - ENISA Smart Hospitals Study.pptx7 - ENISA Smart Hospitals Study.pptx
7 - ENISA Smart Hospitals Study.pptx
 
CCNA_Security_01.ppt
CCNA_Security_01.pptCCNA_Security_01.ppt
CCNA_Security_01.ppt
 
Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2
 
Security in Learning Management Systems: Designing Collaborative Learning Act...
Security in Learning Management Systems: Designing Collaborative Learning Act...Security in Learning Management Systems: Designing Collaborative Learning Act...
Security in Learning Management Systems: Designing Collaborative Learning Act...
 
Security, Compliance & Loss Prevention Part 6.pptx
Security, Compliance & Loss Prevention Part 6.pptxSecurity, Compliance & Loss Prevention Part 6.pptx
Security, Compliance & Loss Prevention Part 6.pptx
 
Get training in cyber security & place yourself in good companies through...
Get training in cyber security & place yourself in good companies through...Get training in cyber security & place yourself in good companies through...
Get training in cyber security & place yourself in good companies through...
 
GUL Network Infrastructure
GUL Network InfrastructureGUL Network Infrastructure
GUL Network Infrastructure
 
THE CRYPTO CLUSTERING FOR ENHANCEMENT OF DATA PRIVACY
THE CRYPTO CLUSTERING FOR ENHANCEMENT OF DATA PRIVACYTHE CRYPTO CLUSTERING FOR ENHANCEMENT OF DATA PRIVACY
THE CRYPTO CLUSTERING FOR ENHANCEMENT OF DATA PRIVACY
 

Mais de nooralmousa

Mr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration Testing
Mr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration TestingMr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration Testing
Mr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration Testingnooralmousa
 
Mr. Bulent Teksoz - Security trends and innovations
Mr. Bulent Teksoz - Security trends and innovationsMr. Bulent Teksoz - Security trends and innovations
Mr. Bulent Teksoz - Security trends and innovationsnooralmousa
 
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...nooralmousa
 
Mr. Khalid Shaikh - emerging trends in managing it security
Mr. Khalid Shaikh - emerging trends in managing it securityMr. Khalid Shaikh - emerging trends in managing it security
Mr. Khalid Shaikh - emerging trends in managing it securitynooralmousa
 
Mr. Andrey Belenko - secure password managers and military-grade encryption o...
Mr. Andrey Belenko - secure password managers and military-grade encryption o...Mr. Andrey Belenko - secure password managers and military-grade encryption o...
Mr. Andrey Belenko - secure password managers and military-grade encryption o...nooralmousa
 
Mr. Burhan Khalid - secure dev.
Mr. Burhan Khalid - secure dev.Mr. Burhan Khalid - secure dev.
Mr. Burhan Khalid - secure dev.nooralmousa
 
Sudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity modelSudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity modelnooralmousa
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldnooralmousa
 
Renaud Bido & Mohammad Shams - Hijacking web servers & clients
Renaud Bido & Mohammad Shams - Hijacking web servers & clientsRenaud Bido & Mohammad Shams - Hijacking web servers & clients
Renaud Bido & Mohammad Shams - Hijacking web servers & clientsnooralmousa
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
Mohammed Al Mulla - Best practices to secure working environments
Mohammed Al Mulla - Best practices to secure working environmentsMohammed Al Mulla - Best practices to secure working environments
Mohammed Al Mulla - Best practices to secure working environmentsnooralmousa
 
Pradeep menon how to influence people and win top management buy0in for ciso
Pradeep menon how to influence people and win top management buy0in for cisoPradeep menon how to influence people and win top management buy0in for ciso
Pradeep menon how to influence people and win top management buy0in for cisonooralmousa
 
Nabil Malik - Security performance metrics
Nabil Malik - Security performance metricsNabil Malik - Security performance metrics
Nabil Malik - Security performance metricsnooralmousa
 
Khaled al amri using fingerprints as private and public keys
Khaled al amri using fingerprints as private and public keysKhaled al amri using fingerprints as private and public keys
Khaled al amri using fingerprints as private and public keysnooralmousa
 
Hisham Dalle - Zero client computing - taking the desktop into the cloud
Hisham Dalle - Zero client computing - taking the desktop into the cloudHisham Dalle - Zero client computing - taking the desktop into the cloud
Hisham Dalle - Zero client computing - taking the desktop into the cloudnooralmousa
 
Ghassan farra it security a cio perspective
Ghassan farra it security a cio perspectiveGhassan farra it security a cio perspective
Ghassan farra it security a cio perspectivenooralmousa
 
Taiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloudTaiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloudnooralmousa
 

Mais de nooralmousa (17)

Mr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration Testing
Mr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration TestingMr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration Testing
Mr. Vivek Ramachandran - Advanced Wi-­Fi Security Penetration Testing
 
Mr. Bulent Teksoz - Security trends and innovations
Mr. Bulent Teksoz - Security trends and innovationsMr. Bulent Teksoz - Security trends and innovations
Mr. Bulent Teksoz - Security trends and innovations
 
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
 
Mr. Khalid Shaikh - emerging trends in managing it security
Mr. Khalid Shaikh - emerging trends in managing it securityMr. Khalid Shaikh - emerging trends in managing it security
Mr. Khalid Shaikh - emerging trends in managing it security
 
Mr. Andrey Belenko - secure password managers and military-grade encryption o...
Mr. Andrey Belenko - secure password managers and military-grade encryption o...Mr. Andrey Belenko - secure password managers and military-grade encryption o...
Mr. Andrey Belenko - secure password managers and military-grade encryption o...
 
Mr. Burhan Khalid - secure dev.
Mr. Burhan Khalid - secure dev.Mr. Burhan Khalid - secure dev.
Mr. Burhan Khalid - secure dev.
 
Sudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity modelSudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity model
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless world
 
Renaud Bido & Mohammad Shams - Hijacking web servers & clients
Renaud Bido & Mohammad Shams - Hijacking web servers & clientsRenaud Bido & Mohammad Shams - Hijacking web servers & clients
Renaud Bido & Mohammad Shams - Hijacking web servers & clients
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governance
 
Mohammed Al Mulla - Best practices to secure working environments
Mohammed Al Mulla - Best practices to secure working environmentsMohammed Al Mulla - Best practices to secure working environments
Mohammed Al Mulla - Best practices to secure working environments
 
Pradeep menon how to influence people and win top management buy0in for ciso
Pradeep menon how to influence people and win top management buy0in for cisoPradeep menon how to influence people and win top management buy0in for ciso
Pradeep menon how to influence people and win top management buy0in for ciso
 
Nabil Malik - Security performance metrics
Nabil Malik - Security performance metricsNabil Malik - Security performance metrics
Nabil Malik - Security performance metrics
 
Khaled al amri using fingerprints as private and public keys
Khaled al amri using fingerprints as private and public keysKhaled al amri using fingerprints as private and public keys
Khaled al amri using fingerprints as private and public keys
 
Hisham Dalle - Zero client computing - taking the desktop into the cloud
Hisham Dalle - Zero client computing - taking the desktop into the cloudHisham Dalle - Zero client computing - taking the desktop into the cloud
Hisham Dalle - Zero client computing - taking the desktop into the cloud
 
Ghassan farra it security a cio perspective
Ghassan farra it security a cio perspectiveGhassan farra it security a cio perspective
Ghassan farra it security a cio perspective
 
Taiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloudTaiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloud
 

Ahmed Al Barrak - Staff information security practices - a latent threat

  • 1. The 3rd Kuwait Infosecurity Conference Staff Information Security Practices: a latent threat P ti l t t th t Dr. Ahmed Albarrak Associate. Professor of Medical Informatics, Chairman, Medical Informatics Dept. Director, E-learning and knowledge management College of Medicine, King Saud University g , g y The 3rd ksuahmed@yahoo.com Kuwait Infosecurity Conference albarrak@ksu.edu.sa Albarrak@ksu.edu.sa
  • 2. Agenda • Introduction • Security threats • User behaviors • International findings in security threats • Security study S – Objectives – methods and settings – Results • Conclusions and recommendations The 3rd Kuwait Infosecurity Conference 2 albarrak@ksu.edu.sa
  • 3. Introduction • Information security is a permanent challenge for any organization especially governmental health and especially, governmental, health, academic organizations • While the risk of external threats can be assessed and accounted for by intrusion detection and other relevant tools • Insider threats are difficult to detect and manage threats, because they primarily emerge from the authorized user malicious practices. The 3rd Kuwait Infosecurity Conference 3 albarrak@ksu.edu.sa
  • 4. Introduction • The enforcement of strict information security polices therefore has become one of the top p p priorities for organizations to protect data against hacking and unauthorized access • It is well understood that technolog alone cannot ell nderstood technology provide all aspects of information security required by any organizations • Technology can help in preventing security threats and breaches of security in the organization infrastructure, computer system security compromises, and insecure compromises transmission of information The 3rd Kuwait Infosecurity Conference 4 albarrak@ksu.edu.sa
  • 5. Introduction • But not or little effect in cases due to the unwanted disclosure of information take place in several ways, such as acts of disloyal employees • Due to the nature of the users threats being latent and cannot easily be detected by the ordinary intrusion or access control mechanisms, and because users behaviour is not consistent across different organization, this issue become a subject of many research and investigations. The 3rd Kuwait Infosecurity Conference 5 albarrak@ksu.edu.sa
  • 6. Introduction • Information security and privacy, and confidentiality of p patients data in healthcare work environment should not regarded as only policies, procedures, and practices • Information security includes culture, mores and should be considered to be part of the healthcare process and y medical ethnicity • Information security of healthcare systems is particularly vital due to the sensitive nature of information stored in these systems as well as the cost associated with the loss of patient’ data patient The 3rd Kuwait Infosecurity Conference 6 albarrak@ksu.edu.sa
  • 7. Introduction • The loss of sensitive patients’ or students’ data may p y cause a huge damage to the organization reputation • It can reduce customer confidence, undermine the organization reliability and jeopardize its competitiveness in the market • In some cases, can result even in legal consequences, fines and penalties The 3rd Kuwait Infosecurity Conference 7 albarrak@ksu.edu.sa
  • 8. Security threats • Information damage might take p g g place in many forms y such as: – intrusion into the systems, – thefts of organization data, – fraudulent use of data, – defacement of organizational websites websites, – other forms of information loss or damage. Such damages are caused by hackers virus writers as hackers, writers, well as AUTHORIZED users The 3rd Kuwait Infosecurity Conference 8 albarrak@ksu.edu.sa
  • 9. Information security and user behavior • Organizations sometimes consider information security g y as something that can be achieved only by enhanced technologies (such as, firewalls and intrusion detection software), software) and well trained IT personals …………… personals, • While ignoring or giving little attention to the role of systems’ users who represent a critical factor in the implementation and protection of the systems and data security The 3rd Kuwait Infosecurity Conference 9 albarrak@ksu.edu.sa
  • 10. Information security and user behavior y • The utilization of IT in the healthcare delivery, where y, services are provided by multidisciplinary teams of healthcare professionals and trainees in a shared environment, environment has been accompanied by several challenges and threats related to the privacy and confidentiality of patients’ information. Lekkas, 2007 • The breech of electronic patients’ information is particularly associated with unbearable high loss. It does not only lead to financial losses, but it may lead to threatening patients’ safety and jeopardize their lives. The 3rd Kuwait Infosecurity Conference 10 albarrak@ksu.edu.sa
  • 11. International Findings In Security Threats Th t • In a study by North 2006, of 465 students at Clark y y , Atlanta University, – 23% of students replied that they have used other people’s computers without authorization. l ’ t ith t th i ti • A research conducted by CISCO in 2008, – 2000 users in 10 countries showed that at least one of every 3 employees leave their computers logged on and unlocked when they are away from their desk to t k t take a lunch or go h l h home after working h ft ki hours. The 3rd Kuwait Infosecurity Conference 11 albarrak@ksu.edu.sa
  • 12. International Findings In Security Threats • In a survey of 381 employees of a medium sized p y p y public sector agency, – 16% of the respondents shared passwords with other people. Woodhouse 2007 l • A survey study of students on password practices and attitudes, it was found that, – 22% of respondents share their webmail password with others. Hart 2008 – Similar conclusion was also reported by CISCO 2008, that 18% of the surveyed employees share passwords with co-workers. co workers. The 3rd Kuwait Infosecurity Conference 12 albarrak@ksu.edu.sa
  • 13. International Findings In Security Threats • Research and Studies have shown that users are generally reluctant to change their passwords as well. In a survey given to university students at Plattsburgh about their attitudes and practices regarding passwords passwords, – Over than 80% of them rarely change their password. (Hart 2008) – Comparable results were reported in a study by Stanton et al. that 23% of the employees surveyed sometimes disclose their passwords to colleagues and staff members. (Stanton et al. 2004) The 3rd Kuwait Infosecurity Conference 13 albarrak@ksu.edu.sa
  • 14. International Findings In Security Threats g y • A totally secured system from a technical p y y point of view can become totally insecure by the users’ mal practices. Bardram 2005 • The promotion of security culture to comply with security policies and raising the end-user awareness on security end user issue through education as the best practices to reduce security threats in the working place environment. D’Arcy D’Arc 2007 The 3rd Kuwait Infosecurity Conference 14 albarrak@ksu.edu.sa
  • 15. Security study • A study examined breaches of information security y y originating from the staff mal practices at KSU College of Medicine and two University Hospitals The bj ti Th objectives of th study were: f the t d • to assess, evaluate, and analyze the security behavior of users at King Saud University Hospitals, Riyadh, Saudi Arabia, • to examines whether such behavior differ across employee categories l t i The 3rd Kuwait Infosecurity Conference 15 albarrak@ksu.edu.sa
  • 16. Study methods and settings • Data collection was done by a means of a q y questionnaire distributed to a random sample of 2000 employees (220 administrative staff, 380 physicians, 900 nursing staff and 500 allied health and technical staff) • The questions were set to address the security behavior of users and explore their awareness on some basics security and privacy issues. • The (SPSS 16©) was used for all data analysis. Comparison was held statistically significant if (p≤ 0.05). The 3rd Kuwait Infosecurity Conference 16 albarrak@ksu.edu.sa
  • 17. Results • In total, 554 questionnaires were completed on which , q p analysis was based • Demographics: – 73% females, 27% male – Saudis constituted 18% – age (40 +/ 0 5 yrs; mean+/ SE) age, +/- 0.5 mean+/- – period of employment at the hospitals, (7 +/- 0.3 yrs; mean+/- SE) ) – time since employee started using the hospital IT system, (6 +/- 0.2; mean+/- SE) years. The 3rd Kuwait Infosecurity Conference 17 albarrak@ksu.edu.sa
  • 18. Results Respondents were distributed between p p professions as follows; • 62 Physicians (consultants, specialists and general practitioners), titi ) • 49 administrative staff, • 354 nursing staff staff, • 84 allied health staff (laboratory, x-ray and other technicians). The 3rd Kuwait Infosecurity Conference 18 albarrak@ksu.edu.sa
  • 19. Results Respondents ( p (users) access the hospital IT system to ) p y perform at least one of the following tasks; • viewing and editing of medical records and accessing the h th hospital i f it l information system (HIS) (47%) ti t (47%), • investigating laboratory results (LAB system) (15%), • retrieving of x-rays (22%), (22%) • internet and e-mail services (15%). The 3rd Kuwait Infosecurity Conference 19 albarrak@ksu.edu.sa
  • 20. • 81% of hospital staff use shared computers, and the p p , proportion of nursing and allied health staff using shared computers is significantly higher than in other job categories personal, 19% shared , 81% The 3rd Kuwait Infosecurity Conference 20 albarrak@ksu.edu.sa
  • 21. Working environment (shared work stations)  100 90 80 70 60 50 Personal  Personal Shared  40 30 20 10 0 Physicians% Administrative% Nursing% Allied health staff% The 3rd Kuwait Infosecurity Conference 21 albarrak@ksu.edu.sa
  • 22. • 16% of respondents do not sign out applications after p g pp working sessions • Older employees tend to be more aware about such a practice th th i younger counterparts ( 0 01) ti than their t t (p=0.01). • Communication of passwords between office mates and friends was reported by 27% of respondents. More frequent among females than among males (p=0.0001). higher among nursing staff than other job categories (p=0.0001) (p=0 0001) The 3rd Kuwait Infosecurity Conference 22 albarrak@ksu.edu.sa
  • 23. • The practice of NOT changing the p p g g password after being g known to unauthorized persons was stated by 45% of participants • M l are significantly d i b tt concerning thi h bit Males i ifi tl doing better i this habit than females • Nursing staff appears to be the least aware group about changing their passwords when released to others than any other group of staff (p=0.0001) The 3rd Kuwait Infosecurity Conference 23 albarrak@ksu.edu.sa
  • 24. • 70% of respondents had never changed their default p g system generated passwords. This practice is also more frequent among females compared to males and among nursing staff compared to other professions yes 30% no 70% Changing the password after first being  generated by administrator The 3rd Kuwait Infosecurity Conference 24 albarrak@ksu.edu.sa
  • 25. Changing the password after first being generated by administrator 80 70 60 50 40 Yes No 30 20 10 0 Physicians% Administrative% Nursing% Allied health staff% The 3rd Kuwait Infosecurity Conference 25 albarrak@ksu.edu.sa
  • 26. 60 53% 50 40 33% 30 20 14% 10 0% 0 Alphabets Digits only Alphabets & Alphabets, only digits digits & symbols Password structure The 3rd Kuwait Infosecurity Conference 26 albarrak@ksu.edu.sa
  • 27. Parameter Response No. % Use of personal or shared computer Personal 99 19 Shared 418 81 Logging off the application after yes 448 84 work sessions no 83 16 Allowing others to use the account yes 213 40 without giving them the password no 317 60 Allowing office mates and friends yes All i ffi t d f i d 145 27 to know the password no 394 73 Changing the password after being yes 290 55 known to other people no 240 45 Changing the password after first yes 158 30 being generated by administrator no 370 70   The 3rd Kuwait Infosecurity Conference 27 albarrak@ksu.edu.sa
  • 28. Allowing office mates and friends to know the password 100 90 80 70 60 50 Yes No 40 30 20 10 0 Physicians% Administrative% Nursing% Allied health staff% The 3rd Kuwait Infosecurity Conference 28 albarrak@ksu.edu.sa
  • 29. Changing the password after being known to others 80 70 60 50 40 Yes No 30 20 10 0 Physicians% Administrative% Nursing% Allied health staff% The 3rd Kuwait Infosecurity Conference 29 albarrak@ksu.edu.sa
  • 30. Allowing others to use the account without giving them the  password 80 70 60 50 40 Yes No 30 20 10 0 Physicians% Administrative% Nursing% Allied health staff% The 3rd Kuwait Infosecurity Conference 30 albarrak@ksu.edu.sa
  • 31. Findings • Although sharing of workstations is not a user choice g g and it is more likely attributed to the nature of hospital or work environment, however it represents a latent security threats • It be can argued that compliance with security policies and procedures is very hard in a multiuser shared environment than in other places where each user login to a dedicated personal computer • In such a multiuser environment security practice and environment, awareness of users constitutes the first defense line to safeguard patient data The 3rd Kuwait Infosecurity Conference 31 albarrak@ksu.edu.sa
  • 32. Findings • Studies have shown that users are generally reluctant to g y change their passwords • Users should be initiated and encouraged to change their th i passwords when f lt f any reasons it b d h felt for become unsafe • Change of password, as a precautionary security measure, is highly recommended, mainly in three situations; after being issued by system administrator, after feeling that it was known by others and after every others, regular time intervals The 3rd Kuwait Infosecurity Conference 32 albarrak@ksu.edu.sa
  • 33. Findings • This study further reveals that the staff are varying in y y g complying with security measures • Understanding privacy, and security threats and challenges facing organization is essential for building a holistic security process and avoiding loss and threats to patient information • Besides, users should be instructed to strictly comply with policies and procedures th t prevent communication ith li i d d that t i ti of passwords, using others accounts and keeping of p passwords unchanged for long time intervals g g The 3rd Kuwait Infosecurity Conference 33 albarrak@ksu.edu.sa
  • 34. Recommendations • Organizations should build a sense of information security awareness among all staff to g y g gain their support pp in protecting sensitive data • Continuous educations and evaluation of the security processes are major elements in that context • Other measures such as, auto locking & logging off when are not in use for predefined period. The 3rd Kuwait Infosecurity Conference 34 albarrak@ksu.edu.sa
  • 35. Conclusions • It is clearly proofed that the technical security measures alone can NOT prevent security breaches. • Insider threats, are difficult to detect and manage because they primarily emerge from the authorized user malicious practices • Which emphasized that awareness training and education of users on information security issues are very i important for achieving a reliable l t tf hi i li bl level of l f information security in any organizations The 3rd Kuwait Infosecurity Conference 35 albarrak@ksu.edu.sa
  • 36. The 3rd Kuwait Infosecurity Conference 36 albarrak@ksu.edu.sa