Do you know how to handle insider threats? Perhaps a new mailing list can help
We like to think that the people we see every day at work are as honest and hardworking as we are (and in the event I have misspoken for you, then we hope they are more honest and hardworking 
) - but the commonly understood risk of insiders is that the bulk (upwards of 75%) of successful attacks are executed by insiders.
I suspect that some of what is considered an insider attack is really “insider error” or a variety of other accidental happenings that get lumped into the category.
However, if this is an area you’d like to explore more about, there is a new list started on the Yahoo! Groups dedicated to this topic. From the homepage description:
The insider threat group provides a forum to discuss resources and techniques to mitigate the threat posed by authorized personnel. Those interested in learning more about insider threat will benefit benefit from the exchange of tips and the opportunity to ask questions. The group is moderated to keep on topic.
As a matter of policy, group members have undertaken not to support or condone spammers. Our members do not purchase or even evaluate products from organisations that use spamming and ‘group fly posting’ as a sales tactic. Please do not waste your time or ours.
Related Link: http://www.ussecurityawareness.org
I have only recently signed up, so I’m not yet sure the relative value of this effort. My initial impression is positive and I look forward to your impressions, too.
If you enjoyed this post, make sure you subscribe to my RSS feed!
Posted in Information Protection |
Print this post
|
Permalink
rwoerner said,
June 23, 2006 @ 9:57 am
Thanks for the link.
The threat of insiders is definately on my radar. We are all human. We all make mistakes (see the previous story). We are all occasionally stupid.
In my experience in security, most insider threats are due to error or stupidity, not malicious intent.
See Hanlon’s Razor that reads “Never attribute to malice that which can be adequately explained by stupidity.” (http://www.jargon.net/jargonfile/h/HanlonsRazor.html)
The Yahoo group is having a good discussion around trust and the insider threat. It’s worth reading. Also, the first post has some links to good articles on the Insider Threat. (BTW, check out the links.)