Home > Governance, Humor, Risk Management, Security > IT Security: Insider threats not taken seriously by most US companies

IT Security: Insider threats not taken seriously by most US companies

A clown participating in a 2004 Memorial Day p...
Image via Wikipedia

I have found as an auditor at the Fortune 500 level that most companies do not understand the seriousness of insider threats, do not have properly documented policies and guidelines to deal with them, and in most instances do not have trained staff to address breaches when they occur. The focus is on hardware and software to protect the perimeters and detect intrusions, but these are techno solutions that leave out the legal, human and procedural issues.   For example, how can employees be reprimanded or fired if there are no written and properly authorized policies dealing with the behaviors to be controlled?

Here is a great paper from cert.org on detecting and preventing insider threats.    Everyone involved in IT Security, IT Audit and Risk Management should read it.

The photo above, of an employee that clearly did not look dangerous, turned out to be of Carlos Manuel Pico de Pan y Gonzales Jimenez, better known in Black Hat circles as “The Irish Potato,” who stole 7,000,000 credit card records from his company last week.   The manager of security for the company was unfortunately focused on monitoring the mail room boy, the one with the nervous twitch and funny accent.

Enhanced by Zemanta
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: