Risk management audit |
 |
| 30 Aug 2006 | SearchSecurity.com |
|
|
An risk management audit function is required
to ensure sensitive data and valuable assets are appropriately safeguarded. Take
a hard look at who has access to sensitive data and whether those accesses are
appropriate. The audit function should also monitor systems and insiders to
detect illicit activity. Review audit trails searching for security events and
abuse of privileges. Verify directory permissions, payroll controls and
accounting system configurations. Confirm backup software is appropriately
configured and backups complete without error. Review network shares for
sensitive information stored with wide-open permissions. Conduct office space
reviews to determine if security policies and procedures are followed in
practice (e.g. sensitive material is not left unattended, workstation screens
are locked and laptops are secured).
Ensure accesses are systematically rescinded when personnel leave the organization
or their role changes. Obtain a list of current personnel from human resources
and compare it to active accounts (e.g. network accounts, remote access and
local accounts on servers). Stand-alone applications must be checked as well
(e.g. voicemail and company directories).
Review physical security access
logs. Pay particular attention to employee visits after-hours and on the
weekends. If suspicious activity is detected, cross reference video surveillance
feed and system audit trials.
Conduct the assessments identified above at
least quarterly. Automate auditing as much as possible to conserve resources and
detect security violations as they occur. For more information, see the IIA GTAG
Continuous Auditing Guide.
This article scratches the surface of insider threat
mitigation. For more information, see the US-CERT Common Sense Guide to Prevention and Detection of Insider
Threats. The ACM Occupational Fraud & Abuse Report provides examples of
how fraud is committed and guidance for preventing and detecting it. The Yahoo
insider-threat group is a good resource to keep up with current events and
new developments.
As you can see the threat from within is very real. Trust is
necessary but it must be controlled and
monitored.
INSIDER THREAT MANAGEMENT GUIDE
 Introduction: Insider threat management
Data organization and impact analysis
Baseline management and control
Implementation of baseline control
Risk management audit
Risk management references
|
|
|
|
