From: Jovi Umawing (AV-PH)
Sent: Tuesday, August 24, 2010 10:38:31 PM
To: Newsbank
Subject: [NEWSBANK] How Real is The Insider Threat?
Auto forwarded by a Rule
How real is the insider threat?
datalossdb.org - Incidents by source |
I am constantly amazed at how many norms or axioms there are in the information security field that are simply accepted and passed on to new recruits without real challenge or through falsification with data and/or logical argument. Examples include: internal IT is safer than outsourcing, physical servers are more secure than virtual, clear text transfers should be avoided at all costs and the threat from insiders is greater than external.
While there are nuggets of truth in each of these, and the answer is usually “it depends”, they are very rarely backed up by solid statistically significant, non survey based evidence and thinking has not been updated to keep up with industry trends and innovations in information security. They also seem be passed on from one CISSP (talk about a relic that belongs in the 1970’s) to another without really being challenged. I have discussed some of them such as cloud computing, virtualization and transport security in previous posts; in this let’s examine that last one: how real is the insider threat?
Quick plug: the methodology I am going to examine and contrast the insider vs. external threat is used in the Simple Security Risk Assessment application. The application will be in beta test in November 2010 (figures crossed), so if you like how it breaks down a risk assessment analysis to logical steps and would like to participate in the beta direct message me. The application will be turn-key, zero setup and easy to use. It will allow you via a web browser or mobile to plug in values for the elements I discuss below and to report on and export the overall inherent and residual risk.
More here: http://rakkhi.blogspot.com/2010/08/how-real-is-insider-threat.html
All the best,