Thursday, November 1, 2007

Right on the bullseye about the insider threat

I was planning to talk about one of my favorite resources in my blogroll, Securosis. This post about the insider threat reminded me about it. Look at these remarks from Mr. Mogull and you'll not only understand this "insider threat" better but also about a very good feed to have in your blogroll:

  1. "Once an external attacker penetrates perimeter security and/or compromises a trusted user account, they become the insider threat.

  2. Thus, from a security controls perspective it often makes little sense to distinguish between the insider threat and external attackers- there are those with access to your network, and those without. Some are authorized, some aren’t.

  3. The best defenses against malicious employees are often business process controls, not security technologies.

  4. The technology cost to reduce the risks of the insider threat to levels comparable to the external threat are materially greater without business process controls.

  5. The number of potential external attackers is the population of the Earth with access to a computer. The number of potential malicious employees is no greater than the total number of employees.

  6. If you allow contractors and partners the same access to your network and resources as your employees, but fail to apply security controls to their systems, you must assume they are compromised.
  7. Detective controls with real-time alerting and an efficient incident response process are usually more effective for protecting internal systems than preventative technology controls, which more materially increase the overall business cost by interfering with business processes.

  8. Preventative controls built into the business process are more efficient than external technological preventative controls."
Number 7 highlight is mine. That's the reason why I believe that monitoring the internal network is sooooo important.

No comments:

Post a Comment