Revised Privacy Policy and Information about Cookies

Before continuing, we ask you to review our Privacy Policy which includes how we use Cookies to help us improve the quality of your vist to Get Safe Online.


Preventing insider attacks

By Tony Neate on 07 Feb, 2007

Carnegie Mellon CyLab has just published the second edition of its Common Sense Guide to Prevention and Detection of Insider Threats.  (Hat tip to The Register.)

Insider threats such as fraud or sabotage are, in many ways, the most insidious and most dangerous.  This report analyses 150 actual cases.  It recommends that companies:

  1. Institute periodic enterprise-wide risk assessments.
  2. Institute periodic security awareness training for all employees.
  3. Enforce separation of duties and least privilege (i.e. people only get the computer access and rights they need to do their job and not more).
  4. Implement strict password and account management policies.
  5. Log, monitor and audit employee online activities.
  6. Use extra caution with system administrator and privileged users.
  7. Actively defend against malicious code.
  8. Use layered defence against remote attacks.
  9. Monitor and respond to suspicious or disruptive behaviour (often the precursor to more serious problems).
  10. Deactivate computer access when someone leaves the company.
  11. Collect and safe data for use in investigations.
  12. Implement secure backup and recovery processes.
  13. Clearly document insider threat controls.

[tags]Insider, attacks, security, CyLab, Carnegie Mellon[/tags]