Identity Theft Prevention Information
The rise in Identity Theft had lead to 47+ states and the federal government issuing guidance on information security requirements intended to prevent identity theft. Despite increased emphasis on technical controls intended to prevent data breaches of Personally Identifiable Information (PII), Patient Health Information (PHI), Card Holder Data (CHD), and Intellectual Property (IP) – it continues to be a problem. Generally, the emphasis in controlling these types of attacks has been to prevent malicious access into the environment, however, this provides little benefit to a malicious insider or a malicious outsider should they bypass external security mechanisms. Key to Identity Theft Prevention is validating the internal control mechanisms (operational/technical) necessary to address this issue and reduce the probability of a business impacting data breach.
An Identity PII Assessment incorporates a controls gap assessment relating to those controls that are critical to maintaining the confidentiality and integrity of sensitive data, for example:
- Access Control
- Encryption
- System Auditing & Security Testing
- Network Security
- Vulnerability Management
- Security Policy & Awareness
- Data Management
Identity Management and Compliance
Increasingly complying with critical laws and regulations (e.g., Sarbanes Oxley, PCI-DSS) requires that you be able to track and verify your security policies are being properly and consistently applied on a user by user basis. Optimally leveraging the consolidation, normalization, taxonomization, reporting, and workflow capabilities of a Security Information Event Management solution is the only feasible mechanism to achieve effective Identity Management and Compliance. Normalizing all security events to the users actually responsible for those events greatly simplifies incident response, breach investigation, and provides incontrovertible evidence that relevant laws and regulations are complied with.
Making sure employees, contractors, and third parties have only the access they need can be incredibly difficult, but by leveraging PPS’s Identity Management & Compliance services organizations can benefit by using identity-enriched log events to clearly see what individual and different types of user groups are actually doing, establish baselines to detect anomalous behavior, and facilitate true access governance.
