Carnegie Mellon CyLab has just published the second edition of its Common Sense Guide to Prevention and Detection of Insider Threats. (Hat tip to The Register.)
Insider threats such as fraud or sabotage are, in many ways, the most insidious and most dangerous. This report analyses 150 actual cases. It recommends that companies:
- Institute periodic enterprise-wide risk assessments.
- Institute periodic security awareness training for all employees.
- Enforce separation of duties and least privilege (i.e. people only get the computer access and rights they need to do their job and not more).
- Implement strict password and account management policies.
- Log, monitor and audit employee online activities.
- Use extra caution with system administrator and privileged users.
- Actively defend against malicious code.
- Use layered defence against remote attacks.
- Monitor and respond to suspicious or disruptive behaviour (often the precursor to more serious problems).
- Deactivate computer access when someone leaves the company.
- Collect and safe data for use in investigations.
- Implement secure backup and recovery processes.
- Clearly document insider threat controls.
Technorati Tags: Insider, attacks, security, CyLab, Carnegie Mellon
{ 2 comments… read them below or add one }
I have reccieved in my email, a very authentic looking request to supply my personal informatio to an outside paty pretending to be Lloyds tsb. I am a little smarter than the average bear (a bit of a giveaway in the subject bar, stating ‘Expiration Of Your Lloyds TSB Online Banking Access’). As I don’t have an account with ltsb, I figured it must have been a phish. Don’t go any further than to put it in your wastebasket with this rubbish, Lloyds, or in fact, anyone, will NEVER ask you for information in this way. Good luck
Terry
Thanks for the advice!
kathryn
http://www.scamemail.co.uk