{"id":659859,"date":"2013-05-23T08:55:03","date_gmt":"2013-05-23T12:55:03","guid":{"rendered":"http:\/\/gigaom.com\/?p=646270"},"modified":"2013-05-23T08:55:03","modified_gmt":"2013-05-23T12:55:03","slug":"sponsored-post-determining-the-root-cause-of-a-data-breach-using-the-5-whys","status":"publish","type":"post","link":"https:\/\/mereja.media\/index\/659859","title":{"rendered":"Sponsored post: Determining the root cause of a data breach using \u201cthe 5 Whys\u201d"},"content":{"rendered":"

There is a fun little question-asking technique called the 5 Whys<\/a>. It was developed by Sakichi Toyoda at Toyota to determine the root cause — and solution — to any given problem in the manufacturing process. The technique has been borrowed by coders, sysadmins and executives alike. Let\u2019s say a CIO just learned that a data breach occurred in which 50,000 sensitive files had been stolen from the company. Below is the 5 Whys exercise that this exec worked out:<\/p>\n

Problem: 50,000 files were stolen.
Why? The files were accessible to everyone in the company, even guests.
Why? The folder\u2019s access control list was configured incorrectly.
Why? Chuck the intern configured that file server in 2007 and it hasn\u2019t been reviewed since.
Why? We don\u2019t have a process to review file system permissions.
Why? Because manually reviewing every folder\u2019s ACL for problems is like searching for a needle in a haystack . . . and THERE\u2019S ONLY THREE OF US AND A THOUSAND FILE SERVERS! SHEESH!<\/p>\n

See, behind every technical problem is usually a human problem!<\/p>\n

It seems like the above fictional security incident was technical in nature — the ACL was configured incorrectly. The value of the 5 Whys technique is that it encourages us to really understand the underlying cause: a nonexistent entitlement review policy.<\/p>\n

We hope this post has started you thinking about your entitlement procedures.<\/p>\n

Varonis DatAdvantage and DataPrivilege<\/a>\u00a0improve your company\u2019s breach mitigation solutions by automating the entitlement review and permissions audit process.<\/p>\n

\"\"<\/p>\n

<\/a><\/p>\n

<\/p>\n

\n\n\n
<\/a> <\/a> <\/a> <\/a> <\/a><\/td>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n

<\/a><\/p>\n

\n<\/img><\/a>\n<\/div>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

There is a fun little question-asking technique called the 5 Whys. It was developed by Sakichi Toyoda at Toyota to determine the root cause — and solution — to any given problem in the manufacturing process. The technique has been borrowed by coders, sysadmins and executives alike. Let\u2019s say a CIO just learned that a […]<\/p>\n","protected":false},"author":6612,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-659859","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts\/659859","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/users\/6612"}],"replies":[{"embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/comments?post=659859"}],"version-history":[{"count":0,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts\/659859\/revisions"}],"wp:attachment":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/media?parent=659859"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/categories?post=659859"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/tags?post=659859"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}