Monday, August 24, 2009

Number one threat! the dreaded insider job!

After reading an article on searchsecurity.com http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1365888,00.html I have renewed concern for any company large or small to put an emphasis on combating threats from the inside. We need to go one step further from just disabling user accounts of a terminated employees. Management must take an active roll in being involved with their employees. By having a close relationship managers can spot problems and assess if the person may become a security threat. I think there may be a deficiency in integrating the IT security department and HR so they are both on the same page. A recurring topic came up in this article TRAINING AND POLICY I think we will see both of these words come up frequently.
Posted by at

3 comments:

  1. TOPDOGVideosAugust 25, 2009 at 6:19 AM

    Corporations, in these tight times, are consolidatiing more than ever, and running 'lean' with fewer employees per department. Employees are frequently expected to do the work of what used to be two people. So, to me, this threat is ever increasing. Particularly, since many see the 'heads' of the complany taking big bonuses and having large salaries, while their own salary has been cut.
    This, along with Dave's blog about DoS attacks, makes me realize how much of a threat there can be for corporations, both inside and out.

    ReplyDelete
  2. davidfalls.CNG275August 25, 2009 at 10:53 AM

    Not only is the threat real, but, the losses from inside attacks seem to be more than from outside.
    It was an interesting point that "Most companies will fall into three groups when it comes to policies: the company doesn't have a policy, the policy the company has is outdated and no longer valid, or the company has chosen not to enforce or selectively enforce their policies." I don't think lip service to policy alone will fix the problem. There may be a few employees who make honest mistakes because of lack of training, but, making those same 'mistakes' with malicious intent is wrong whether there is a policy or not.
    As long as these companies continue to accept and/or ignore the risk of hiring and retaining the 'bad apples' just to make a couple more bucks, then the misconduct will continue to be a plague. There is an old saying that "you can't legislate morality". It gets more true every day!

    ReplyDelete
  3. dtdenverAugust 25, 2009 at 5:03 PM

    The key to this is what you said in your post, that management needs to have a close relationship with employees. This is a topic that is very sensitive, but a threat that is very real. I agree with training and policy, that is the best approach. This can be a very sensitive subject. People can have a lapse in judgement if they are terminated under bad conditions, or subject to great stress, or just trying to make a few extra dollars or whatever. Reminding them through policy makes it easier for everyone. That way everyone knows the rules.

    ReplyDelete

Subscribe to: Post Comments (Atom)