Risk management audit
A risk management audit function is required to ensure sensitive data and valuable assets are appropriately safeguarded. Take a hard look at who has access to sensitive

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

data and whether those accesses are appropriate. The audit function should also monitor systems and insiders to detect illicit activity. Review audit trails searching for security events and abuse of privileges. Verify directory permissions, payroll controls and accounting system configurations. Confirm backup software is appropriately configured and backups complete without error. Review network shares for sensitive information stored with wide-open permissions. Conduct office space reviews to determine if security policies and procedures are followed in practice (e.g. sensitive material is not left unattended, workstation screens are locked and laptops are secured).

Ensure accesses are systematically rescinded when personnel leave the organization or their role changes. Obtain a list of current personnel from human resources and compare it to active accounts (e.g. network accounts, remote access and local accounts on servers). Stand-alone applications must be checked as well (e.g. voicemail and company directories).

Review physical security access logs. Pay particular attention to employee visits after-hours and on the weekends. If suspicious activity is detected, cross reference video surveillance feed and system audit trials.

Conduct the assessments identified above at least quarterly. Automate auditing as much as possible to conserve resources and detect security violations as they occur. For more information, see the IIA GTAG Continuous Auditing Guide.

This article scratches the surface of insider threat mitigation. For more information, see the US-CERT Common Sense Guide to Prevention and Detection of Insider Threats. The ACM Occupational Fraud & Abuse Report provides examples of how fraud is committed and guidance for preventing and detecting it. The Yahoo insider-threat group is a good resource to keep up with current events and new developments.

As you can see the threat from within is very real. Trust is necessary but it must be controlled and monitored.


INSIDER THREAT MANAGEMENT GUIDE

  Introduction: Insider threat management
  Data organization and impact analysis
  Baseline management and control
  Implementation of baseline control
  Risk management audit
  Risk management references

This was first published in August 2006