CISO's Guide to Securing SharePoint - owasp

More documents

Recommendations

Info

#5: Respond to Suspicious Activity • Summary: – SharePoint is used as a place to share information – Access is granted to internal and external users – Organizations need to balance trust and openness with the ability to detect and alert on suspicious activity • Why challenging? – No automated analysis of access activity • What is Required? – Policy framework to identify suspicious behavior • Example: In the Wikileaks scenario, Manning used an automated process to crawl the SharePoint system and to siphon out available files. A simple policy on occurrences would have alerted if a certain number of files were touched in a short timeframe.
A Checklist to Securing SharePoint Get ahead of all SharePoint deployments • Implement a SharePoint governance policy. • Define security requirements before deployment • Don’t trust native security features. • Specify what kind of information can be put in SharePoint. Identify sensitive data and protect it • Use search capabilities to identify sensitive data. • Secure sensitive data held in files
Page 1 and 2: CISO’s Guide to Securing SharePoi
Page 3 and 4: Impact of SharePoint Insecurity “
Page 5 and 6: Food Brings Along Appetite External
Page 7 and 8: Source: SharePoint: Strategies and
Page 9 and 10: Source: SharePoint: Strategies and
Page 11 and 12: Type of Content Shared Other Propri
Page 13 and 14: Native SharePoint Security Capabili
Page 15 and 16: #1: Getting Permissions Right • S
Page 17 and 18: User Rights Management: Doing it Ri
Page 19 and 20: Automatic Identification of Excessi
Page 21 and 22: Reviewing User Rights with Data Own
Page 23 and 24: #2: Compliance Reporting • Summar
Page 25 and 26: SharePoint Admins Gone Wild Most po
Page 27 and 28: SharePoint Architecture - Direct Ac
Page 29 and 30: Patch Protection InfoWorld (2010):
Page 31 and 32: Google Diggity Project
Page 33: Database Protection Microsoft Suppo
Page 37 and 38: A Checklist to Securing SharePoint
Page 39: https://www.surveymonkey.com/s/Rese

CISO's Guide to Securing SharePoint - owasp

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?