Thursday, March 13, 2008
Insider threat in a Auditors Conference
After the case of the French bank SociÃ©tÃ© GÃ©nÃ©rale, the insider threar is again a hot subject on the field. It was always one of my main interests and the subject of my Master thesis.ThisÂ article from Network Computing mentionsÂ the need to work together with HR and putting more emphasis on the human problem. There is no silver bullet technical solution. I like to advocate the need for better monitoring, from social behavior to application usage and network behavior.Adding controls to the internal systems is usually a problem to the productivity of the organization. Because of that, it's important to work on the detection side. I believe that working with SIEM tools integrate the different sources of information AND putting together intelligence from the human perspective is the better way to work. I know about companies that are working with SIEMs with application and infrastructure data, and when there is a reason to suspect from any employee they lower the thresholds to that person. This concept can be expanded to groups of people (departments at risk of lay-offs), geographical locations and others.I made a presentation about it during the You Shot The Sheriff conference last year. I hope I can find time to translate it into English to improve it and submit to other conferences, it's a hot subject now and a good speak opportunity.