THREAT MONITOR
Thwarting insider threats
Mike Chapple, CISSP
06.01.2005
Rating: --- (out of 5)
What you will learn from this tip: Five simple measures you can take to protect your organization from insider attacks.
The greatest information security threat facing your organization is in your office right now. It has the ability to bypass the physical and logical controls you've put in place to protect the perimeter of your network and has already obtained credentials to access a significant portion of your infrastructure. What is this threat? It's the often underestimated insider threat -- the risk that your users will violate the trust you've placed in them to conduct malicious activity on your network.
What can you do to protect yourself? First, you must understand the nature of the threat.
The National Threat Assessment Center of the U.S. Secret Service recently completed an Insider Threat Study in conjunction with the renowned Software Engineering Institute at Carnegie Mellon University. Here are a few interesting facts discovered by the study:
These facts are sobering and help put the problem in perspecti
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
ve. Protecting your organization against insider threats requires careful planning and foresight to develop a layered defense that reduces the scope of the risk and mitigates the effects that an incident might have on your network. Here are five simple measures you can take to protect your organization against insider attacks:
These simple measures can go a long way toward helping you protect your organization against the insider risk. Remember, however, that there is no single cure and the most important component of any security program is vigilance!
MORE INFORMATION:
About the author
Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles including the CISSP Prep Guide and Information Security Illuminated.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
