Information Security in the Real World. Confidentiality, Availability, Integrity, Practicality.

Wednesday, 7 October 2009

The Threat from Within

The Threat from Within.
This post from InfoSec Island highlights the threats posed by employees, as opposed to malicious entities outside the organisation. Sandra Avery chimes with Security guru David Lacey on this subject, that we underestimate the internal threats at our peril - people are both the biggest asset and biggest threat - but I would advise caution - SIEMs and DLP tools are important and can reduce the risk of exposure to insider threats, but nothing beats a good Least Privilege and Segregation of Duties exercise and ongoing maintenance of relevant controls.

If your development programmers have no access to live data, if your HR staff have no way of reading customer accounts, if it takes two people who rarely interact to move money, then there is far less for your incident detection and response tools to do.

Preventive controls win hands down, check you have implemented as many as practical before looking for detective and corrective control tools.

No comments:

Post a Comment