Post reply

Insider Security Threats

  • February 5, 2012 at 10:28 pm

    #250281

    Comments posted to this topic are about the item Insider Security Threats

    Follow me on Twitter: http://www.twitter.com/way0utwest
    Forum Etiquette: How to post data/code on a forum to get the best help
    My Blog: www.voiceofthedba.com

  • February 6, 2012 at 8:15 am

    #1443183

    On a personal note, I have always argued against all employees having general access to "global email boxes". This may not fall under a "security threats" category per say, but it definitely falls under your "did something inappropriate that we hadn't expected" category. I have seen employees misuse and abuse these corporate email boxes from everything from disgruntled employees airing complaints on why they did not get a raise that year, to people emailing an entire company at midnight about their food being taken from the break room refrigerator. Its nonsense, and it is a loophole that seriously needs to be addressed and closed at most companies today. Just my .02 cents. 😀

    "Technology is a weird thing. It brings you great gifts with one hand, and it stabs you in the back with the other. ...:-D"

  • February 6, 2012 at 8:19 am

    #1443192

    Too much security implies too little trust/quote]

    Another large issue that causes lapses is that we frequently design things so tight that we force users to find a way to get around our design in order to do their job. I am reading America The Vulnerable, by Joel Brenner. It was recommended in one of the SANS newsletter I receive. OMG! It is absolutely amazing how even our Defense Department has caused lapses by a poor design when it comes to using the system.

    Still, our security is insufficient. I tend to be a bit naive at times, but I am learning that it is inappropriate to view people as trustworthy when it comes to my job responsibilities. While I agree with you about the too little trust, and certainly I am stating that too much security can cause problems - our industry has to find a way to make things more secure.

    I don't have any answers. I believe what we need is extremely tight security that doesn't impede the users ability to use the system. Hopefully we find a way to get there before our enemies destroy us.

    By the way, if you think I am being extreme, you haven't read the book. We read about attacks all the time, Brenner explains how these have been tracked to China (of course!), but also France and other "allies". These countries are attacking our COMPANIES! This includes Google as we know, but it also includes hospitals, power companies, defense contractors and pretty much anyone they can attack to learn our trade secrets, our military secrets, and PII for our customers. Scary does not begin to describe it.

    Dave

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply