In the world of Information Security no one knows it all and anyone that claims to needs to be removed from your team. Learning every single day is part of the profession because I can assure you those that are after your data always get smarter. That being said I try to attend as many diverse webinars, lectures, conferences and user groups that broaden my knowledge and expose me to the entire world of risks and threats. I encourage you to do the same.
Recently I attended a discussion on how to identify and manage insider threats. How to check out, verify and continue that process through an employee’s duration at the company to mitigate their position’s risk to the company. Because it’s not the people who don’t have access that you have to keep an extra eye on rather the authorized people who have the access. Today they are a model citizen, tomorrow they could run into financial troubles, take out loans on their 401k and start to look for other means of making money. Perhaps selling the company data? Two months ago he was the center of the team BBQ, today is could put you on the front page. Trust but verify and repeat.
Out of that discussion came a good nugget that I highly encourage anyone involved with HR, Info. Sec., Infrastructure, Executive Management at your company to read. The Common Sense Guide To Mitigating Insider Threats by CERT of Carnagie Mellon University you can download the PDF from the link.
This fourth edition of the Common Sense Guide to Mitigating Insider Threats provides the most current recommendations of the CERT® Program (part of Carnegie Mellon University’s Software Engineering Institute), based on an expanded database of more than 700 insider threat cases and continued research and analysis. It introduces the topic of insider threats, explains its intended audience and how this guide differs from previous editions, defines insider threats, and outlines current patterns and trends. The guide then describes 19 practices that organizations should implement across the enterprise to prevent and detect insider threats, as well as case studies of organizations that failed to do so. Each practice includes features new to this edition: challenges to implementation, quick wins and high-impact solutions for small and large organizations, and relevant security standards. This edition also focuses on six groups within an organization-human resources, legal, physical security, data owners, information technology, and software engineering-and maps the relevant groups to each practice. The appendices provide a revised list of information security best practices, a new mapping of the guide’s practices to established security standards, a new breakdown of the practices by organizational group, and new checklists of activities for each practice.
This guide provides an easy to understand layout on what insider threats are and how to build around that. We are humans and in general humans are a social creature. The problem in today’s inter-connected world is that there is too much trust given to the personal individual rather than limiting the position within the company independent of the person that holds it. Trust is fine but over time it can backfire on you. Chances are that by the time an employee gives their two-week notice, they have already taken whatever data, files, items they wanted before they put the red flag out to you.
Just another item of focus that needs more attention paid in the ever-growing world of interconnected threats and risks.
End of line.
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.