CIA's Ex-CISO on Preventing Leaks

[InfoSec News <alerts () infosecnews org>]

http://www.bankinfosecurity.com/interviews/cias-ex-ciso-on-preventing-leaks-i-1992

By Eric Chabrow
Bank Info Security
June 21, 2013

Robert Bigman, former CISO at the CIA, says many government agencies and 
other organizations have yet to take adequate steps to prevent rogue 
systems administrators from accessing sensitive information on systems 
they manage.

"If you don't have vigorous security oversight, you tend to fall into the 
trap like a lot of organizations do, that we will not have a problem and 
everything will work out fine," Bigman says in an interview with 
Information Security Media Group. He retired last year after 15 years as 
the chief information security officer at the Central Intelligence Agency.

In the interview, Bigman shies away from discussing specifics about the 
case of Edward Snowden, the former National Security Agency systems 
administrator who leaked information regarding two classified 
intelligence-gathering programs despite his top-secret security clearance 
[see IT Tools Available to Stop NSA-Type Leaks]. But he offers advice on 
how organizations can pull in the reins on systems administrators who have 
wide access to many systems and data.

Too often, Bigman says, organizations focus on pumping up services by 
increasing the number of systems administrators to assure round-the-clock 
coverage. Testifying at a House Intelligence Committee hearing on June 18, 
NSA Director Keith Alexander said the number of systems administrators at 
the agency has grown to about 1,000, and its leaders are mulling reducing 
that number to help improve security [see NSA Outlines Steps to Reduce 
Leaks.]

[...]



_______________________________________________
ISN mailing list
ISN () lists infosecnews org
http://lists.infosecnews.org/mailman/listinfo/isn_lists.infosecnews.org