GDPR has increased the awareness about data privacy but also security questions. Companies have started to do data risk assessments, look at where their data is stored, who has access to the data, etc.
Within IT Security, there are preventive measures like risk analyses and security assessments. Investigations of what has happened after a fraud, hack, or other incident are called ‘forensics’ (after the scientific methods of solving crimes).
In the latest Process Mining Café, we talked with Lucas Vousten and Vincenzo Salden about process mining in a security audit and forensics context. They discussed the most common errors that companies make, and, step by step, we went through their analysis of a ransomware attack with process mining. If you missed the live broadcast or want to re-watch the café, you can now watch the recording here.
Thanks again to Lucas and Vincenzo and all of you for joining us!
Links
Here are the links that we mentioned during the session:
-
Process mining café on Privacy, Security, and Ethics
-
Earlier paper on the exploitation of process mining for security audits shows how process mining can be used for more standard applications such as finding control-flow deviations, testing authorization constraints, testing Binding of Duties and Segregation of Duties constraints, testing data constraints, and testing time constraints
-
Lucas recommends this article about IT security’s importance in protecting against ransomware and his interview about pen testing
After the café, Lucas also put the following seven fundamental principles together for you:
- Identification of Crown jewels. Identify all critical assets (information and systems) in your organization.
- Identify vulnerabilities. Scan all your IT components for known vulnerabilities and make a risk analysis based on availability, integrity, and confidentiality.
- Use safe settings. Check the settings of equipment, software, and network and Internet connections. Adjust default settings and look critically at features and services that are automatically ‘on’.
- Perform periodic updates. Ensure devices and software are up to date. Install security updates immediately. Turn on automatic updates so that your devices and software always run on the latest version.
- Restrict access. Define for each user which systems and data access are required to work. Make sure that access rights are adjusted in a timely manner if someone gets a new position or leaves the company.
- Prevent viruses and other malware. There are a few ways to prevent malware: Encourage safe employee behavior, use antivirus/anti-malware programs, download apps safely, and limit software installation.
- Incident Response Plan. Be sure to have a well-prepared contingency plan if anything goes wrong (including disaster recovery, insurance, communication, etc.).
Contact us via cafe@fluxicon.com if you have questions or suggestions for the café anytime.