Re: Internal Security Breach Costs

["Youngquist, Jason R." <jryoungquist () CCIS EDU>]

Speaking of internal security breach costs, what methods are people
using to try and reduce the threat of an insider or a former employee
using confidential information for malicious purposes/monetary gain?

 

 

Here's a few ideas I have come up with, but I don't know how useful they
are as a deterrent.  Perform background checks on potential employees

                        *       Have a security policy that
faculty/staff has to read
                        *       Security awareness training
                        *       Employee monitoring - ie letting
employees know that they can and may be monitored.

 

 

Also, this list doesn't take into consideration former employees who
while employed had access to confidential information and could have a
copy of the data stored at their house.

 

 

Thanks.

Jason Youngquist

 

 

________________________________

From: Geoff Nathan [mailto:geoffnathan () WAYNE EDU] 
Sent: Friday, November 18, 2005 1:27 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Internal Security Breach Costs

 

In preparation for presenting a data custodianship policy to the
powers-that-be here at Wayne I'd like to find a couple of real-life
examples of problems caused by employee access to sensitive data (it's
easy to find reports of cases of externally hacked files).  Could anyone
point me to news reports of internal employee misuse of sensitive data
at some university?
Many thanks,

Geoff Nathan


Geoffrey S. Nathan <geoffnathan () wayne edu>
Security Policy Coordinator, Computing and Information Technology,
        and Associate Professor of English
Linguistics Program                       Phone Numbers
Department of English                     Computing and Information
Technology:  (313) 577-1259
Wayne State University                    Linguistics (English):  (313)
577-8621
Detroit, MI, 48202                        C&IT Fax: (313) 577-1338