SlideShare una empresa de Scribd logo

SharePoint Security Playbook [eBook]

Imperva
Imperva

The SharePoint Security Playbook [eBook] outlines the five lines of defense you need to secure your SharePoint environment from both internal and external threats.

TecnologíaNoticias y política
1 de 15
Descargar para leer sin conexión
SharePoint Security Playbook 5 Lines of Defense You Need to Secure Your SharePoint Environment SharePoint Security Resource Kit
Contents IT’S TIME TO THINK ABOUT SHAREPOINT SECURITY Challenge 1: Ensure access rights remain aligned with business needs Challenge 2: Address compliance mandates Challenge 3: Respond to suspicious activity in real time Challenge 4: Protect Web applications from attack Challenge 5: Take control when migrating data Conclusion: SharePoint Security Checklist ABOUT IMPERVA SharePoint Security Resource Kit
It’s Time to Think about SharePoint Security The increasing use of Microsoft SharePoint to store sensitive business data and extend access and collaboration to partners, customers, and suppliers has outpaced native SharePoint security capabilities. More and more organizations are storing and accessing sensitive, regulated information through this platform. To improve business security, organizations must invest in organizing, managing, and protecting these valuable assets. By implementing the five lines of defense outlined in this playbook, you will be able to overcome operational challenges and protect your SharePoint deployments against both internal and external threats. SharePoint Security Resource Kit
CHALLENGE #1 Ensure access rights remain aligned with business needs. “ Unstructured data now accounts for SharePoint Security Gap Without an aggregated, centralized system to view rights information, SharePoint permissions for each site collection must first be extracted to an Excel spreadsheet and then more than 90% of combined by hand to analyze. And, that analysis must be ” done manually within Excel or exported – yet again – to a the Digital Universe. third-party analytics platform. -IDC 2011 SharePoint Security Resource Kit
CHALLENGE #1 Ensure access rights remain aligned with business needs. The Play The Advantage Aggregate permissions across the entire SharePoint deployment and - Understand who has access to what data or, conversely, what data any given automate the review process to keep rights aligned with business needs. user or group can access, and how that access was assigned or inherited. - Simplify the process of identifying where excessive access rights have been granted, if there are dormant users, and who owns each item and document. - Help administrators and data owners establish a baseline snapshot of access rights and conduct rights reviews. SharePoint Security Resource Kit
CHALLENGE #2 Address compliance mandates. “ 60% of organizations have yet to bring SharePoint SharePoint Security Gap Native SharePoint activity monitoring lacks an intuitive, easy-to-use interface for reporting and analytics. Without a third-party solution, businesses must first decode into line with existing data SharePoint’s internal representation of log data before ” they can access meaningful information. compliance policies. -AIIM 2011 SharePoint Security Resource Kit
CHALLENGE #2 Address compliance mandates. The Play The Advantage Use enterprise-class technology that combines permissions and activity - Generate compliance reports on-time and tailored to each recipient’s needs. details to automate compliance reporting. - Drill down, filter, and organize data. - Enrich native data with relevant information, such as type of data, department, and data owner. SharePoint Security Resource Kit
CHALLENGE #3 Respond to suspicious activity in real time. “ 96% of breaches were avoidable through SharePoint Security Gap Native SharePoint activity auditing does not provide the ability to automatically analyze access activity and respond with an alert or block. simple or intermediate controls. ” -Verizon Data Breach Report 2011 SharePoint Security Resource Kit
CHALLENGE #3 Respond to suspicious activity in real time. ?! The Play The Advantage Use a policy framework to build rules across SharePoint’s Web, - Monitor, control, and respond to suspicious activity in real time. file, and database components to identify suspicious behavior and - Balance the need for trust and openness with security concerns. complement native access controls. SharePoint Security Resource Kit
CHALLENGE #4 Protect Web applications from attack. “ 31% of organizations are using SharePoint for externally facing SharePoint Security Gap Native SharePoint does not include Web application firewall protection. Web sites, and another 47% are planning to do so. ” -Forrester Research, Inc. 2011 SharePoint Security Resource Kit
CHALLENGE #4 Protect Web applications from attack. Keep Out (PLEASE) ADMIN DATABASE SharePoint The Play The Advantage Deploy a proven Web application firewall (WAF) technology. - Provide a powerful defense against common attacks, such as SQL injection and cross-site scripting. - Streamline and automate regulatory compliance. - Mitigate data risk. SharePoint Security Resource Kit
CHALLENGE #5 Take control when migrating data. “ SharePoint 2010 deployments grew SharePoint Security Gap SharePoint enforces access controls for files using Access Control Lists (ACLs). What makes native permissions challenging, however, is that SharePoint 5x in the past lacks an automated way to ensure that ACLs remain ” aligned with business needs. six months. -Global 360 2011 SharePoint Security Resource Kit
CHALLENGE #5 Take control when migrating data. The Play The Advantage Identify where excessive access rights have been granted, and use file - Keep rights aligned with business needs. activity monitoring to locate stale data that can be archived or deleted. - Free up storage space and reduce the amount of data that must be actively managed. SharePoint Security Resource Kit
SharePoint Security Checklist Jump start your Microsoft SharePoint security efforts with this quick reference guide Get ahead of all SharePoint deployments Protect Web sites from external attack Implement a SharePoint governance policy Identify SharePoint Web applications that work with sensitive data Put security requirements in place when SharePoint instances go live Deploy a Web application firewall to monitor and protect sensitive SharePoint Look beyond native SharePoint security features Web sites, portals, and intranets Specify what kind of information can be put on SharePoint Respond to suspicious activity such as external users accessing admin pages Concentrate on business-critical assets first Enable auditing for compliance and forensics Start with regulated, employee, or proprietary data, Who owns this data? and intellectual property Who accessed this data? Streamline access to a “business need-to-know” level When and what did they access? Identify and clean up dormant users and stale data Have there been repeated failed login attempts? Alert on unauthorized access Establish a regular review cycle for dormant users, stale data, and excessive rights Work with data owners to manage user access Locate data owners Create permission reports so data owners have visibility into who can access their data Validate with owners that access to data is legitimate Create usage reports so owners can see who is accessing their data SharePoint Security Resource Kit
About Imperva Imperva data security solutions provide visibility and control of high-value business data across critical systems within the data center. Imperva SecureSphere includes database, file, and Web application security solutions that prioritize and mitigate risks to business data, protect against hackers and malicious insiders, and streamline regulatory compliance. Find Us on the Web | Contact Us Direct | Read our Blog | Facebook | Twitter | SlideShare | YouTube Imperva Headquarters 3400 Bridge Parkway, Suite 200 Redwood Shores, CA 94065 Tel: +1-650-345-9000 Fax: +1-650-345-9004 Toll Free (U.S. only): +1-866-926-4678 www.imperva.com SharePoint Security Resource Kit © Copyright 2012 Imperva, Inc. All rights reserved. Imperva, the Imperva logo and SecureSphere are trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.

Recomendados

Data center
Data centerData center
Data centergssmedia
 
The Future of Microsoft Project Portfolio Management (PPM) for Delivering Val...
The Future of Microsoft Project Portfolio Management (PPM) for Delivering Val...The Future of Microsoft Project Portfolio Management (PPM) for Delivering Val...
The Future of Microsoft Project Portfolio Management (PPM) for Delivering Val...OnePlan Solutions
 
Apache metron - An Introduction
Apache metron - An IntroductionApache metron - An Introduction
Apache metron - An IntroductionBaban Gaigole
 
Strategies For High Quality Serverless Applications on AWS
Strategies For High Quality Serverless Applications on AWSStrategies For High Quality Serverless Applications on AWS
Strategies For High Quality Serverless Applications on AWSIan Thomas
 
Microservices Architectures: Become a Unicorn like Netflix, Twitter and Hailo
Microservices Architectures: Become a Unicorn like Netflix, Twitter and HailoMicroservices Architectures: Become a Unicorn like Netflix, Twitter and Hailo
Microservices Architectures: Become a Unicorn like Netflix, Twitter and Hailogjuljo
 
Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties SolutionsAhmed Abdul Hamed
 
GRC
GRCGRC
GRCBearingPoint
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapDATA SECURITY SOLUTIONS
 

Recomendados

Data center
Data centerData center
Data centergssmedia
 
The Future of Microsoft Project Portfolio Management (PPM) for Delivering Val...
The Future of Microsoft Project Portfolio Management (PPM) for Delivering Val...The Future of Microsoft Project Portfolio Management (PPM) for Delivering Val...
The Future of Microsoft Project Portfolio Management (PPM) for Delivering Val...OnePlan Solutions
 
Apache metron - An Introduction
Apache metron - An IntroductionApache metron - An Introduction
Apache metron - An IntroductionBaban Gaigole
 
Strategies For High Quality Serverless Applications on AWS
Strategies For High Quality Serverless Applications on AWSStrategies For High Quality Serverless Applications on AWS
Strategies For High Quality Serverless Applications on AWSIan Thomas
 
Microservices Architectures: Become a Unicorn like Netflix, Twitter and Hailo
Microservices Architectures: Become a Unicorn like Netflix, Twitter and HailoMicroservices Architectures: Become a Unicorn like Netflix, Twitter and Hailo
Microservices Architectures: Become a Unicorn like Netflix, Twitter and Hailogjuljo
 
Segregation of Duties Solutions
Segregation of Duties SolutionsSegregation of Duties Solutions
Segregation of Duties SolutionsAhmed Abdul Hamed
 
GRC
GRCGRC
GRCBearingPoint
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapDATA SECURITY SOLUTIONS
 
Get more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPGet more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPF5NetworksAPJ
 
Splunk Enterprise 6.4
Splunk Enterprise 6.4Splunk Enterprise 6.4
Splunk Enterprise 6.4Splunk
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...AlienVault
 
Introduction to SAP - Why SAP is Important for your Business
Introduction to SAP - Why SAP is Important for your BusinessIntroduction to SAP - Why SAP is Important for your Business
Introduction to SAP - Why SAP is Important for your BusinessCygnet Infotech
 
교육전산망 클라우드와 ITSM 발표자료
교육전산망 클라우드와 ITSM 발표자료교육전산망 클라우드와 ITSM 발표자료
교육전산망 클라우드와 ITSM 발표자료에스티이지 (STEG)
 
ITIL v4 Foundation course
ITIL v4 Foundation course ITIL v4 Foundation course
ITIL v4 Foundation course QRPInternational
 
Agile IT Service Management
Agile IT Service ManagementAgile IT Service Management
Agile IT Service ManagementIan Jones
 
Splunk for ITOps
Splunk for ITOpsSplunk for ITOps
Splunk for ITOpsSplunk
 
Web APIs e dados abertos - API de Compras Governamentais
Web APIs e dados abertos - API de Compras GovernamentaisWeb APIs e dados abertos - API de Compras Governamentais
Web APIs e dados abertos - API de Compras Governamentaisnitaibezerra
 
Identity Governance: Not Just For Compliance
Identity Governance: Not Just For ComplianceIdentity Governance: Not Just For Compliance
Identity Governance: Not Just For ComplianceIBM Security
 
Implementing ITIL Change Management
Implementing ITIL Change Management Implementing ITIL Change Management
Implementing ITIL Change Management ITSM Academy, Inc.
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model PresentationGowdhaman Jothilingam
 
Micro services Architecture
Micro services ArchitectureMicro services Architecture
Micro services ArchitectureAraf Karsh Hamid
 
If you do nothing else in your SIAM programme...make sure you do these things
If you do nothing else in your SIAM programme...make sure you do these thingsIf you do nothing else in your SIAM programme...make sure you do these things
If you do nothing else in your SIAM programme...make sure you do these thingsScopism
 
6 Reasons Why APIs Are Reshaping Your Business
6 Reasons Why APIs Are Reshaping Your Business6 Reasons Why APIs Are Reshaping Your Business
6 Reasons Why APIs Are Reshaping Your BusinessFabernovel
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity PlanningBharath Rao
 
Chaos Engineering - The Art of Breaking Things in Production
Chaos Engineering - The Art of Breaking Things in ProductionChaos Engineering - The Art of Breaking Things in Production
Chaos Engineering - The Art of Breaking Things in ProductionKeet Sugathadasa
 
Site Reliability Engineering: An Enterprise Adoption Story (an ITSM Academy W...
Site Reliability Engineering: An Enterprise Adoption Story (an ITSM Academy W...Site Reliability Engineering: An Enterprise Adoption Story (an ITSM Academy W...
Site Reliability Engineering: An Enterprise Adoption Story (an ITSM Academy W...ITSM Academy, Inc.
 
Observability at Scale
Observability at Scale Observability at Scale
Observability at Scale Knoldus Inc.
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
Mother always said "Did You Ask?": SharePoint 2010 Permissions
Mother always said "Did You Ask?": SharePoint 2010 PermissionsMother always said "Did You Ask?": SharePoint 2010 Permissions
Mother always said "Did You Ask?": SharePoint 2010 PermissionsRegroove
 
SharePoint Permissions Overview
SharePoint Permissions OverviewSharePoint Permissions Overview
SharePoint Permissions OverviewFrancois Pienaar
 

Más contenido relacionado

La actualidad más candente

Get more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPGet more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPF5NetworksAPJ
 
Splunk Enterprise 6.4
Splunk Enterprise 6.4Splunk Enterprise 6.4
Splunk Enterprise 6.4Splunk
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...AlienVault
 
Introduction to SAP - Why SAP is Important for your Business
Introduction to SAP - Why SAP is Important for your BusinessIntroduction to SAP - Why SAP is Important for your Business
Introduction to SAP - Why SAP is Important for your BusinessCygnet Infotech
 
교육전산망 클라우드와 ITSM 발표자료
교육전산망 클라우드와 ITSM 발표자료교육전산망 클라우드와 ITSM 발표자료
교육전산망 클라우드와 ITSM 발표자료에스티이지 (STEG)
 
Agile IT Service Management
Agile IT Service ManagementAgile IT Service Management
Agile IT Service ManagementIan Jones
 
Splunk for ITOps
Splunk for ITOpsSplunk for ITOps
Splunk for ITOpsSplunk
 
Web APIs e dados abertos - API de Compras Governamentais
Web APIs e dados abertos - API de Compras GovernamentaisWeb APIs e dados abertos - API de Compras Governamentais
Web APIs e dados abertos - API de Compras Governamentaisnitaibezerra
 
Identity Governance: Not Just For Compliance
Identity Governance: Not Just For ComplianceIdentity Governance: Not Just For Compliance
Identity Governance: Not Just For ComplianceIBM Security
 
Implementing ITIL Change Management
Implementing ITIL Change Management Implementing ITIL Change Management
Implementing ITIL Change Management ITSM Academy, Inc.
 
Micro services Architecture
Micro services ArchitectureMicro services Architecture
Micro services ArchitectureAraf Karsh Hamid
 
If you do nothing else in your SIAM programme...make sure you do these things
If you do nothing else in your SIAM programme...make sure you do these thingsIf you do nothing else in your SIAM programme...make sure you do these things
If you do nothing else in your SIAM programme...make sure you do these thingsScopism
 
6 Reasons Why APIs Are Reshaping Your Business
6 Reasons Why APIs Are Reshaping Your Business6 Reasons Why APIs Are Reshaping Your Business
6 Reasons Why APIs Are Reshaping Your BusinessFabernovel
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity PlanningBharath Rao
 
Chaos Engineering - The Art of Breaking Things in Production
Chaos Engineering - The Art of Breaking Things in ProductionChaos Engineering - The Art of Breaking Things in Production
Chaos Engineering - The Art of Breaking Things in ProductionKeet Sugathadasa
 
Site Reliability Engineering: An Enterprise Adoption Story (an ITSM Academy W...
Site Reliability Engineering: An Enterprise Adoption Story (an ITSM Academy W...Site Reliability Engineering: An Enterprise Adoption Story (an ITSM Academy W...
Site Reliability Engineering: An Enterprise Adoption Story (an ITSM Academy W...ITSM Academy, Inc.
 
Observability at Scale
Observability at Scale Observability at Scale
Observability at Scale Knoldus Inc.
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 

La actualidad más candente (20)

Get more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPGet more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IP
 
Splunk Enterprise 6.4
Splunk Enterprise 6.4Splunk Enterprise 6.4
Splunk Enterprise 6.4
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
 
Introduction to SAP - Why SAP is Important for your Business
Introduction to SAP - Why SAP is Important for your BusinessIntroduction to SAP - Why SAP is Important for your Business
Introduction to SAP - Why SAP is Important for your Business
 
교육전산망 클라우드와 ITSM 발표자료
교육전산망 클라우드와 ITSM 발표자료교육전산망 클라우드와 ITSM 발표자료
교육전산망 클라우드와 ITSM 발표자료
 
ITIL v4 Foundation course
ITIL v4 Foundation course ITIL v4 Foundation course
ITIL v4 Foundation course
 
Agile IT Service Management
Agile IT Service ManagementAgile IT Service Management
Agile IT Service Management
 
Splunk for ITOps
Splunk for ITOpsSplunk for ITOps
Splunk for ITOps
 
Web APIs e dados abertos - API de Compras Governamentais
Web APIs e dados abertos - API de Compras GovernamentaisWeb APIs e dados abertos - API de Compras Governamentais
Web APIs e dados abertos - API de Compras Governamentais
 
Identity Governance: Not Just For Compliance
Identity Governance: Not Just For ComplianceIdentity Governance: Not Just For Compliance
Identity Governance: Not Just For Compliance
 
Implementing ITIL Change Management
Implementing ITIL Change Management Implementing ITIL Change Management
Implementing ITIL Change Management
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
 
Micro services Architecture
Micro services ArchitectureMicro services Architecture
Micro services Architecture
 
If you do nothing else in your SIAM programme...make sure you do these things
If you do nothing else in your SIAM programme...make sure you do these thingsIf you do nothing else in your SIAM programme...make sure you do these things
If you do nothing else in your SIAM programme...make sure you do these things
 
6 Reasons Why APIs Are Reshaping Your Business
6 Reasons Why APIs Are Reshaping Your Business6 Reasons Why APIs Are Reshaping Your Business
6 Reasons Why APIs Are Reshaping Your Business
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 
Chaos Engineering - The Art of Breaking Things in Production
Chaos Engineering - The Art of Breaking Things in ProductionChaos Engineering - The Art of Breaking Things in Production
Chaos Engineering - The Art of Breaking Things in Production
 
Site Reliability Engineering: An Enterprise Adoption Story (an ITSM Academy W...
Site Reliability Engineering: An Enterprise Adoption Story (an ITSM Academy W...Site Reliability Engineering: An Enterprise Adoption Story (an ITSM Academy W...
Site Reliability Engineering: An Enterprise Adoption Story (an ITSM Academy W...
 
Observability at Scale
Observability at Scale Observability at Scale
Observability at Scale
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
 

Destacado

Mother always said "Did You Ask?": SharePoint 2010 Permissions
Mother always said "Did You Ask?": SharePoint 2010 PermissionsMother always said "Did You Ask?": SharePoint 2010 Permissions
Mother always said "Did You Ask?": SharePoint 2010 PermissionsRegroove
 
SharePoint Permissions Overview
SharePoint Permissions OverviewSharePoint Permissions Overview
SharePoint Permissions OverviewFrancois Pienaar
 
SharePoint Security A to Z
SharePoint Security A to ZSharePoint Security A to Z
SharePoint Security A to ZSteve Goldberg
 
SharePoint Permissions Worst Practices
SharePoint Permissions Worst PracticesSharePoint Permissions Worst Practices
SharePoint Permissions Worst PracticesBobby Chang
 
MOSS2007 Security
MOSS2007 SecurityMOSS2007 Security
MOSS2007 Securitydropkic
 
Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...
Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...
Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...Michael Noel
 
SharePoint 2013 Security (IT Pro)
SharePoint 2013 Security (IT Pro)SharePoint 2013 Security (IT Pro)
SharePoint 2013 Security (IT Pro)fabianmoritz
 
SharePoint Information Architecture Best Practices
SharePoint Information Architecture Best PracticesSharePoint Information Architecture Best Practices
SharePoint Information Architecture Best PracticesStephanie Lemieux
 
Introduction to SharePoint Information Architecture
Introduction to SharePoint Information ArchitectureIntroduction to SharePoint Information Architecture
Introduction to SharePoint Information ArchitectureGregory Zelfond
 
Alles Meta oder was?
Alles Meta oder was?Alles Meta oder was?
Alles Meta oder was?steffen meier
 
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...AntonioMaio2
 
SharePoint 2013 Einführung und Anwenderschulung
SharePoint 2013 Einführung und AnwenderschulungSharePoint 2013 Einführung und Anwenderschulung
SharePoint 2013 Einführung und AnwenderschulungLocatech IT Solutions GmbH
 
Introduction to Information Architecture
Introduction to Information ArchitectureIntroduction to Information Architecture
Introduction to Information ArchitectureMike Crabb
 

Destacado (18)

Mother always said "Did You Ask?": SharePoint 2010 Permissions
Mother always said "Did You Ask?": SharePoint 2010 PermissionsMother always said "Did You Ask?": SharePoint 2010 Permissions
Mother always said "Did You Ask?": SharePoint 2010 Permissions
 
SharePoint Permissions Overview
SharePoint Permissions OverviewSharePoint Permissions Overview
SharePoint Permissions Overview
 
SharePoint Security A to Z
SharePoint Security A to ZSharePoint Security A to Z
SharePoint Security A to Z
 
SharePoint Permissions Worst Practices
SharePoint Permissions Worst PracticesSharePoint Permissions Worst Practices
SharePoint Permissions Worst Practices
 
MOSS2007 Security
MOSS2007 SecurityMOSS2007 Security
MOSS2007 Security
 
SharePoint 2007 Security
SharePoint 2007 SecuritySharePoint 2007 Security
SharePoint 2007 Security
 
Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...
Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...
Security for SharePoint in an Insecure World - SharePoint Connections Amsterd...
 
Security & Compliance in SharePoint 2010 und SharePoint 2013
Security & Compliance in SharePoint 2010 und SharePoint 2013Security & Compliance in SharePoint 2010 und SharePoint 2013
Security & Compliance in SharePoint 2010 und SharePoint 2013
 
Metadaten und Dokumentation
Metadaten und DokumentationMetadaten und Dokumentation
Metadaten und Dokumentation
 
Webdesign mit SharePoint 2013
Webdesign mit SharePoint 2013Webdesign mit SharePoint 2013
Webdesign mit SharePoint 2013
 
SharePoint 2013 Security (IT Pro)
SharePoint 2013 Security (IT Pro)SharePoint 2013 Security (IT Pro)
SharePoint 2013 Security (IT Pro)
 
SharePoint Information Architecture Best Practices
SharePoint Information Architecture Best PracticesSharePoint Information Architecture Best Practices
SharePoint Information Architecture Best Practices
 
Introduction to SharePoint Information Architecture
Introduction to SharePoint Information ArchitectureIntroduction to SharePoint Information Architecture
Introduction to SharePoint Information Architecture
 
Alles Meta oder was?
Alles Meta oder was?Alles Meta oder was?
Alles Meta oder was?
 
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
SPTechCon Boston 2013 - Introduction to Security in Microsoft Sharepoint 2013...
 
SharePoint 2013 Einführung und Anwenderschulung
SharePoint 2013 Einführung und AnwenderschulungSharePoint 2013 Einführung und Anwenderschulung
SharePoint 2013 Einführung und Anwenderschulung
 
Introduction to Information Architecture
Introduction to Information ArchitectureIntroduction to Information Architecture
Introduction to Information Architecture
 
2010 09 29 10-00 seffen engeser
2010 09 29 10-00 seffen engeser2010 09 29 10-00 seffen engeser
2010 09 29 10-00 seffen engeser
 

Similar a SharePoint Security Playbook [eBook]

Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceMarie-Michelle Strah, PhD
 
Smart data platform for SharePoint
Smart data platform for SharePointSmart data platform for SharePoint
Smart data platform for SharePointEmmanuel Perdikis
 
Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceMarie-Michelle Strah, PhD
 
Smart data platform for big data
Smart data platform for big dataSmart data platform for big data
Smart data platform for big dataemmanpks
 
Improving Performance, Efficiency and Information Governance Control of Share...
Improving Performance, Efficiency and Information Governance Control of Share...Improving Performance, Efficiency and Information Governance Control of Share...
Improving Performance, Efficiency and Information Governance Control of Share...Bishop Technologies
 
InfoFusion Overview And Roadmap
InfoFusion Overview And RoadmapInfoFusion Overview And Roadmap
InfoFusion Overview And RoadmapMarten den Haring
 
DSS - ITSEC Conference - Protected-Networks - An Open Door May Tempt a Saint ...
DSS - ITSEC Conference - Protected-Networks - An Open Door May Tempt a Saint ...DSS - ITSEC Conference - Protected-Networks - An Open Door May Tempt a Saint ...
DSS - ITSEC Conference - Protected-Networks - An Open Door May Tempt a Saint ...Andris Soroka
 
CISO's Guide to Securing SharePoint
CISO's Guide to Securing SharePointCISO's Guide to Securing SharePoint
CISO's Guide to Securing SharePointImperva
 
Share point encryption
Share point encryptionShare point encryption
Share point encryptioncsmith2009
 
Security and Privacy in SharePoint 2010: Healthcare
Security and Privacy in SharePoint 2010: HealthcareSecurity and Privacy in SharePoint 2010: Healthcare
Security and Privacy in SharePoint 2010: HealthcareMarie-Michelle Strah, PhD
 
AvePoint Corporate Overview
AvePoint Corporate OverviewAvePoint Corporate Overview
AvePoint Corporate Overviewkimaujla
 
Webinar: Take Control of SharePoint Security
Webinar: Take Control of SharePoint SecurityWebinar: Take Control of SharePoint Security
Webinar: Take Control of SharePoint SecurityAntonioMaio2
 
Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceMarie-Michelle Strah, PhD
 
Integrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLCIntegrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLCDATAVERSITY
 
Recommind-AXC-Data-Management-Intelligent-Information-Governance-DS
Recommind-AXC-Data-Management-Intelligent-Information-Governance-DSRecommind-AXC-Data-Management-Intelligent-Information-Governance-DS
Recommind-AXC-Data-Management-Intelligent-Information-Governance-DSrschrader1954
 
Everything Self-Service:Linked Data Applications with the Information Workbench
Everything Self-Service:Linked Data Applications with the Information WorkbenchEverything Self-Service:Linked Data Applications with the Information Workbench
Everything Self-Service:Linked Data Applications with the Information WorkbenchPeter Haase
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanSPS Paris
 
Microsoft Forefront - Protection 2010 for SharePoint
Microsoft Forefront - Protection 2010 for SharePoint Microsoft Forefront - Protection 2010 for SharePoint
Microsoft Forefront - Protection 2010 for SharePointMicrosoft Private Cloud
 

Similar a SharePoint Security Playbook [eBook] (20)

Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH Compliance
 
Smart data platform for SharePoint
Smart data platform for SharePointSmart data platform for SharePoint
Smart data platform for SharePoint
 
Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH Compliance
 
Smart data platform for big data
Smart data platform for big dataSmart data platform for big data
Smart data platform for big data
 
Improving Performance, Efficiency and Information Governance Control of Share...
Improving Performance, Efficiency and Information Governance Control of Share...Improving Performance, Efficiency and Information Governance Control of Share...
Improving Performance, Efficiency and Information Governance Control of Share...
 
InfoFusion Overview And Roadmap
InfoFusion Overview And RoadmapInfoFusion Overview And Roadmap
InfoFusion Overview And Roadmap
 
DSS - ITSEC Conference - Protected-Networks - An Open Door May Tempt a Saint ...
DSS - ITSEC Conference - Protected-Networks - An Open Door May Tempt a Saint ...DSS - ITSEC Conference - Protected-Networks - An Open Door May Tempt a Saint ...
DSS - ITSEC Conference - Protected-Networks - An Open Door May Tempt a Saint ...
 
CISO's Guide to Securing SharePoint
CISO's Guide to Securing SharePointCISO's Guide to Securing SharePoint
CISO's Guide to Securing SharePoint
 
Share point encryption
Share point encryptionShare point encryption
Share point encryption
 
Security and Privacy in SharePoint 2010: Healthcare
Security and Privacy in SharePoint 2010: HealthcareSecurity and Privacy in SharePoint 2010: Healthcare
Security and Privacy in SharePoint 2010: Healthcare
 
AvePoint Corporate Overview
AvePoint Corporate OverviewAvePoint Corporate Overview
AvePoint Corporate Overview
 
Webinar: Take Control of SharePoint Security
Webinar: Take Control of SharePoint SecurityWebinar: Take Control of SharePoint Security
Webinar: Take Control of SharePoint Security
 
Securing Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH ComplianceSecuring Microsoft Technologies for HITECH Compliance
Securing Microsoft Technologies for HITECH Compliance
 
Integrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLCIntegrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLC
 
Recommind-AXC-Data-Management-Intelligent-Information-Governance-DS
Recommind-AXC-Data-Management-Intelligent-Information-Governance-DSRecommind-AXC-Data-Management-Intelligent-Information-Governance-DS
Recommind-AXC-Data-Management-Intelligent-Information-Governance-DS
 
encase enterprise
encase enterprise encase enterprise
encase enterprise
 
Everything Self-Service:Linked Data Applications with the Information Workbench
Everything Self-Service:Linked Data Applications with the Information WorkbenchEverything Self-Service:Linked Data Applications with the Information Workbench
Everything Self-Service:Linked Data Applications with the Information Workbench
 
Big security for big data
Big security for big dataBig security for big data
Big security for big data
 
B2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam LevithanB2 - The History of Content Security: Part 2 - Adam Levithan
B2 - The History of Content Security: Part 2 - Adam Levithan
 
Microsoft Forefront - Protection 2010 for SharePoint
Microsoft Forefront - Protection 2010 for SharePoint Microsoft Forefront - Protection 2010 for SharePoint
Microsoft Forefront - Protection 2010 for SharePoint
 

Más de Imperva

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyImperva
 
API Security Survey
API Security SurveyAPI Security Survey
API Security SurveyImperva
 
Imperva ppt
Imperva pptImperva ppt
Imperva pptImperva
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountImperva
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Imperva
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesImperva
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchImperva
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecurityImperva
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRImperva
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware Imperva
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged VendorsImperva
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet SophisticationImperva
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made EasyImperva
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceImperva
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyImperva
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR PlanImperva
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataImperva
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityImperva
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationImperva
 

Más de Imperva (20)

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 Survey
 
API Security Survey
API Security SurveyAPI Security Survey
API Security Survey
 
Imperva ppt
Imperva pptImperva ppt
Imperva ppt
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked account
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to Narratives
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over Lunch
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber Security
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPR
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet Sophistication
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made Easy
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense Report
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat Intelligence
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR Plan
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your Data
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data Security
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
 

Último

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 

Último (20)

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 

SharePoint Security Playbook [eBook]

  • 1. SharePoint Security Playbook 5 Lines of Defense You Need to Secure Your SharePoint Environment SharePoint Security Resource Kit
  • 2. Contents IT’S TIME TO THINK ABOUT SHAREPOINT SECURITY Challenge 1: Ensure access rights remain aligned with business needs Challenge 2: Address compliance mandates Challenge 3: Respond to suspicious activity in real time Challenge 4: Protect Web applications from attack Challenge 5: Take control when migrating data Conclusion: SharePoint Security Checklist ABOUT IMPERVA SharePoint Security Resource Kit
  • 3. It’s Time to Think about SharePoint Security The increasing use of Microsoft SharePoint to store sensitive business data and extend access and collaboration to partners, customers, and suppliers has outpaced native SharePoint security capabilities. More and more organizations are storing and accessing sensitive, regulated information through this platform. To improve business security, organizations must invest in organizing, managing, and protecting these valuable assets. By implementing the five lines of defense outlined in this playbook, you will be able to overcome operational challenges and protect your SharePoint deployments against both internal and external threats. SharePoint Security Resource Kit
  • 4. CHALLENGE #1 Ensure access rights remain aligned with business needs. “ Unstructured data now accounts for SharePoint Security Gap Without an aggregated, centralized system to view rights information, SharePoint permissions for each site collection must first be extracted to an Excel spreadsheet and then more than 90% of combined by hand to analyze. And, that analysis must be ” done manually within Excel or exported – yet again – to a the Digital Universe. third-party analytics platform. -IDC 2011 SharePoint Security Resource Kit
  • 5. CHALLENGE #1 Ensure access rights remain aligned with business needs. The Play The Advantage Aggregate permissions across the entire SharePoint deployment and - Understand who has access to what data or, conversely, what data any given automate the review process to keep rights aligned with business needs. user or group can access, and how that access was assigned or inherited. - Simplify the process of identifying where excessive access rights have been granted, if there are dormant users, and who owns each item and document. - Help administrators and data owners establish a baseline snapshot of access rights and conduct rights reviews. SharePoint Security Resource Kit
  • 6. CHALLENGE #2 Address compliance mandates. “ 60% of organizations have yet to bring SharePoint SharePoint Security Gap Native SharePoint activity monitoring lacks an intuitive, easy-to-use interface for reporting and analytics. Without a third-party solution, businesses must first decode into line with existing data SharePoint’s internal representation of log data before ” they can access meaningful information. compliance policies. -AIIM 2011 SharePoint Security Resource Kit
  • 7. CHALLENGE #2 Address compliance mandates. The Play The Advantage Use enterprise-class technology that combines permissions and activity - Generate compliance reports on-time and tailored to each recipient’s needs. details to automate compliance reporting. - Drill down, filter, and organize data. - Enrich native data with relevant information, such as type of data, department, and data owner. SharePoint Security Resource Kit
  • 8. CHALLENGE #3 Respond to suspicious activity in real time. “ 96% of breaches were avoidable through SharePoint Security Gap Native SharePoint activity auditing does not provide the ability to automatically analyze access activity and respond with an alert or block. simple or intermediate controls. ” -Verizon Data Breach Report 2011 SharePoint Security Resource Kit
  • 9. CHALLENGE #3 Respond to suspicious activity in real time. ?! The Play The Advantage Use a policy framework to build rules across SharePoint’s Web, - Monitor, control, and respond to suspicious activity in real time. file, and database components to identify suspicious behavior and - Balance the need for trust and openness with security concerns. complement native access controls. SharePoint Security Resource Kit
  • 10. CHALLENGE #4 Protect Web applications from attack. “ 31% of organizations are using SharePoint for externally facing SharePoint Security Gap Native SharePoint does not include Web application firewall protection. Web sites, and another 47% are planning to do so. ” -Forrester Research, Inc. 2011 SharePoint Security Resource Kit
  • 11. CHALLENGE #4 Protect Web applications from attack. Keep Out (PLEASE) ADMIN DATABASE SharePoint The Play The Advantage Deploy a proven Web application firewall (WAF) technology. - Provide a powerful defense against common attacks, such as SQL injection and cross-site scripting. - Streamline and automate regulatory compliance. - Mitigate data risk. SharePoint Security Resource Kit
  • 12. CHALLENGE #5 Take control when migrating data. “ SharePoint 2010 deployments grew SharePoint Security Gap SharePoint enforces access controls for files using Access Control Lists (ACLs). What makes native permissions challenging, however, is that SharePoint 5x in the past lacks an automated way to ensure that ACLs remain ” aligned with business needs. six months. -Global 360 2011 SharePoint Security Resource Kit
  • 13. CHALLENGE #5 Take control when migrating data. The Play The Advantage Identify where excessive access rights have been granted, and use file - Keep rights aligned with business needs. activity monitoring to locate stale data that can be archived or deleted. - Free up storage space and reduce the amount of data that must be actively managed. SharePoint Security Resource Kit
  • 14. SharePoint Security Checklist Jump start your Microsoft SharePoint security efforts with this quick reference guide Get ahead of all SharePoint deployments Protect Web sites from external attack Implement a SharePoint governance policy Identify SharePoint Web applications that work with sensitive data Put security requirements in place when SharePoint instances go live Deploy a Web application firewall to monitor and protect sensitive SharePoint Look beyond native SharePoint security features Web sites, portals, and intranets Specify what kind of information can be put on SharePoint Respond to suspicious activity such as external users accessing admin pages Concentrate on business-critical assets first Enable auditing for compliance and forensics Start with regulated, employee, or proprietary data, Who owns this data? and intellectual property Who accessed this data? Streamline access to a “business need-to-know” level When and what did they access? Identify and clean up dormant users and stale data Have there been repeated failed login attempts? Alert on unauthorized access Establish a regular review cycle for dormant users, stale data, and excessive rights Work with data owners to manage user access Locate data owners Create permission reports so data owners have visibility into who can access their data Validate with owners that access to data is legitimate Create usage reports so owners can see who is accessing their data SharePoint Security Resource Kit
  • 15. About Imperva Imperva data security solutions provide visibility and control of high-value business data across critical systems within the data center. Imperva SecureSphere includes database, file, and Web application security solutions that prioritize and mitigate risks to business data, protect against hackers and malicious insiders, and streamline regulatory compliance. Find Us on the Web | Contact Us Direct | Read our Blog | Facebook | Twitter | SlideShare | YouTube Imperva Headquarters 3400 Bridge Parkway, Suite 200 Redwood Shores, CA 94065 Tel: +1-650-345-9000 Fax: +1-650-345-9004 Toll Free (U.S. only): +1-866-926-4678 www.imperva.com SharePoint Security Resource Kit © Copyright 2012 Imperva, Inc. All rights reserved. Imperva, the Imperva logo and SecureSphere are trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.