securingyour.info

A typical example of whats called an insider threat, a threat that not even the best external security design or systems can stop.  The one that is built on poor access control, bad security policy and simple failure at the HR level to identify potential insider risks through regular people, roles and access assessment. Which should always be part of a regular security policy and procedure.

I agree 100% that security should not be disruptive to work flow or productivity but it must be in place, enforced and implemented. First and foremost to best suit the company’s interests, then the work processes and procedures then the employee roles and responsibilities.  There is no reason this can’t be achieved, there are POC’s all over the world from the Mom & Pops shop right through to the Blue Chip companies.

Security policy, Assessment and Access control the first three steps to avoid this happening to you, or your could simply call us.

Read the full story here

For further reading on the subject of Insider Threats read the eCrime Summary released earlier this year by CERT/US Secret Service/CSO magazine.

Source Data - http://www.net-security.org/secworld.php?id=8534

Click image for larger version