Posted by the ManGeek
Saturday, May 21st 2005 12:12 am CDT
The recent study published by CERT on insider threats is the topic of discussion on Bruce Schneier's web log [www.schneier.com] and his analysis of its value is worth regarding just prior to disregarding the study.
Perhaps this is too strongly worded, but the threat from the inside is frequently overlooked in the Information Systems arena. After all, what benefit would an internal employee gain from breaking into your confidential information? (Like the allegations [www.dailynexus.com] brought against a UCSB student.)
The limitation in this study is their point of view and the scope to which the problem is approached. At best it could be used as a scare tactic with certain types of management to show them that there is an issue. However it will result in efforts being put into the wrong areas. You could just sit down an protect yourself from the threats of rogue administrators, but that falls short of an information system policy that protects you from the gambit of insider threats.
At least it's being considered, but it's always best to do it right the first time.
Trackback URL: http://www.mangeek.com/blogc/17track.html
Posted by: ...
Monday, September 6th 2010 7:00 am CDT
No comments on file...
This site and all its contents copyright © 2010 ManGeek, Inc. All rights reserved.
All quotations copyright © to their respective source.