Friday, February 16, 2007
Yet another "but so what" article
Allegedly, employees who will later commit sabotage have identifiable behavior traits in advance of the incident. A Carnegie Mellon University security study has details.
So, what is it that you're supposed to be afraid of?
Is that true because it's a description of IT people in general? The people doing the job of laid-off colleagues are disgruntled (and who disgruntled them? They must have been gruntled sometime in the past). Any effective security administrator is going to get called "paranoid" by somebody. Computer people are seldom morning people: they work late into the evening when things are quiet and don't come back in until after 8:45. Arguing with colleagues is downright healthy unless the colleagues are infallible, and nobody can perform well in the typical understaffed corporate environment.
The value of the study is that the majority of "insider" crime is by recently fired people who still have sensitive passwords. So revoke the passwords on termination. This is a lot easier if you have separate passwords for every employee, something that also makes accountability easier to achieve.
But one source in the article disagrees:
I'd also recommend not poisoning the relationship between you and your IT employees, and listening to them when they warn you about dangers like laptop theft and missing backup tapes. But no, according to the article you're not supposed to listen and in fact you're supposed to treat anyone who speaks up as an enemy:
That attracted a rebuttal on the geek forum Slashdot from user "millionthmonkey", who quipped:
Another poster there, "glas_gow", wisely noted "If they'd turned up on time, were cordial with their colleagues and performed better, they'd never have been caught.".
The constructive approach is to run background checks before hiring people for sensitive positions. If that's not enough, do what banks do and require two people for important operations. There are plenty of other ways to prevent or contain damage from malicious insiders that don't say "I fear and despise you". Many of those ways also protect against just plain normal errors.
|
So, what is it that you're supposed to be afraid of?
Nearly all the cases of cybercrime investigated were carried out by people who were disgruntled and paranoid, generally showed up late, argued with colleagues and generally performed poorly
Is that true because it's a description of IT people in general? The people doing the job of laid-off colleagues are disgruntled (and who disgruntled them? They must have been gruntled sometime in the past). Any effective security administrator is going to get called "paranoid" by somebody. Computer people are seldom morning people: they work late into the evening when things are quiet and don't come back in until after 8:45. Arguing with colleagues is downright healthy unless the colleagues are infallible, and nobody can perform well in the typical understaffed corporate environment.
The value of the study is that the majority of "insider" crime is by recently fired people who still have sensitive passwords. So revoke the passwords on termination. This is a lot easier if you have separate passwords for every employee, something that also makes accountability easier to achieve.
But one source in the article disagrees:
Macleod's solution is password management. This means ensuring that policies and standards are in place to control administrative access by containing the number of privileged accounts to three or fewer.
I'd also recommend not poisoning the relationship between you and your IT employees, and listening to them when they warn you about dangers like laptop theft and missing backup tapes. But no, according to the article you're not supposed to listen and in fact you're supposed to treat anyone who speaks up as an enemy:
Macleod concluded: "So as far as doing the right thing, I’d suggest that you start from the basis that your IT [staffers] are the biggest risk to your organization's security, and if [any] of them disputes this, remember that arguing with colleagues was one of the clear signs of an impending attack.
That attracted a rebuttal on the geek forum Slashdot from user "millionthmonkey", who quipped:
You should assume witches are the biggest risk to your organizational security.
If any of the witches in your organization denies being a witch, remember that arguing with colleagues about it is one of the clear signs of impending witchcraft.
Another poster there, "glas_gow", wisely noted "If they'd turned up on time, were cordial with their colleagues and performed better, they'd never have been caught.".
The constructive approach is to run background checks before hiring people for sensitive positions. If that's not enough, do what banks do and require two people for important operations. There are plenty of other ways to prevent or contain damage from malicious insiders that don't say "I fear and despise you". Many of those ways also protect against just plain normal errors.
# posted by Frederick @ 12:12 AM Email to a friend:
Haloscan: they provide trackback