Thursday, May 1, 2008

The insider threat - jobs at risk!

Looks like Her Majesty's Revenue & Customs does not take lightly to employees peeking at sensitive data - they have disciplined around 600 employees.

Lots of questions come up - intentional breach, stupid mistakes etc. If the data were protected with the right policies and access controls would this have been prevented?

My Dad always said when I leave stuff in my car seat - "Don't tempt folks. Even if they are not thieves, the sight of something valuable can turn people". I started believing this after my car was broken into and it turned out to be a neighbor kid.

I firmly believe that taking temptation away (in this case not having access to data you should not) is a great strategy. Insider threats are more troubling, since this is targeted at the most sensitive and valuable data - while the outsider threat depends a lot on luck to get to this.

No comments: