Practically Secure:: The Threat from Within

Wednesday 7 October 2009

The Threat from Within

The Threat from Within.
This post from InfoSec Island highlights the threats posed by employees, as opposed to malicious entities outside the organisation. Sandra Avery chimes with Security guru David Lacey on this subject, that we underestimate the internal threats at our peril - people are both the biggest asset and biggest threat - but I would advise caution - SIEMs and DLP tools are important and can reduce the risk of exposure to insider threats, but nothing beats a good Least Privilege and Segregation of Duties exercise and ongoing maintenance of relevant controls.

If your development programmers have no access to live data, if your HR staff have no way of reading customer accounts, if it takes two people who rarely interact to move money, then there is far less for your incident detection and response tools to do.

Preventive controls win hands down, check you have implemented as many as practical before looking for detective and corrective control tools.

No comments:

Post a Comment

What Is This Blog?

As a Security Manager, sometime Consultant and former Analyst, this blog is the product of my industry experience in Enterprise Security gained in the financial sector plus years of project, service and people management. Drawing on my experience of both System z and "distributed" access control, IBM RACF and Tivoli - with ITIL and CISSP mixed in - I blog on the practicalities of security measures, trends in governance, risk and compliance (GRC) and, occasionally, on the current mainframe renaissance.

Practically Secure:

Wednesday 7 October 2009

The Threat from Within

No comments:

Post a Comment

What Is This Blog?

Blog Archive

Blogs of Note

Practically Secure:

Wednesday 7 October 2009

The Threat from Within

No comments:

Post a Comment

What Is This Blog?

Blog Archive

Blogs of Note

Subscribe To