Re: Keeping secrets from insiders likely to turn on you

["Al Mac Wow" <macwheel99 () wowway com>]

Depending on type of computer system used, identifying insider misbehavior,
with the data, such as embezzlement, can be incredibly easy and inexpensive.

Access logs need to be intelligible.  Some are.  They need to be viewed and
acted upon.

 

Check out Unbeaten Path.

Many similar conceptual packages are available on some other platforms, from
other firms.

 

Of course, when a company finds out that there is an insider threat in
progress, relevant managers should act accordingly, in a timely manner.  Not
like this scenario:

http://www.unbeatenpath.com/news/SODconflictBrazil.pdf 

 

In my opinion, the government could do a much better job of combating
insider threat if there was someone to go to for employees who feel
disenchanted with what the government is doing.  Like a Chaplain in the
military, or an Inspector General who will keep the contact confidential.  A
lot of whistle blowing, outside of an organization, is because a
disenchanted person feels they have nowhere to turn to complain about
something they think is unethical, or because they fear that instead of
wrong-doers being punished, rats will be punished.

 

There's also an attitude that people are more likely to be criminals when
they are struggling with personal financial misfortunes.  I'd like to see
some statistics whether there is any validity with that.  It seems to me
that many of the people who have done Ponzi schemes have been millionaires.

 

Al Mac = Alister William Macintyre

NSA = the only part of government which actually listens to the people.

-----Original Message-----
From: dataloss-bounces () datalossdb org
[mailto:dataloss-bounces () datalossdb org] On Behalf Of Audrey McNeil
Sent: Tuesday, September 10, 2013 11:35 PM
To: dataloss () datalossdb org
Subject: [Dataloss] Keeping secrets from insiders likely to turn on you

 

http://www.canberratimes.com.au/it-pro/security-it/keeping-secrets-from-insi
ders-likely-to-turn-on-you-20130910-hv1pl.html

 

<snip>

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

o()xxxx[{::::::::::::::::::::::::::::::::::::::::>
# InfoSec Builders, Breakers and Defenders - Time Square, New York City  18-21 November
# OWASP AppSecUSA 2013  -   http://www.appsecusa.org
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.