Insider Risk: Finding Sensitive Files in the Enterprise Using a PC's Master File Table

Individuals whom have legitimate access to network resources, trade secrets, or otherwise sensitive data as part of their daily functions are categorized as an Insider Risk. Insider Risk has been pushed into the public eye in recent years with the Edward Snowden leaks of 2013. Snowden had a business need to access the data he retrieved but the controls around how that data was used were insufficient to protect it. It is important to note is that an Insider Risk does not have to have malicious intent. Human error can cause a data beach just as easily as a hacker can. The problem this paper address is one where users have the proper access to the resources they need while at the same time enabling an organization to monitor where that data resides during its useful lifecycle (for example, if that data is copied to a USB drive or to a cloud storage platform). This paper documents a tool that can be used to inventory known sensitive files throughout an enterprise using a PCs Master File Table. The first step in preventing an Insider Risk from causing a breach is to have an accurate assessment of where the data is, then appropriate actions can be deployed if needed. [For the full proceedings, see ED592847.]