[ Monday, April 09, 2012 ]


Protecting Against Insider Threats: was leafing through the March 26 edition of InformationWeek and found a nice piece by Mathew Schwartz, quoting Dawn Cappelli's 10 tips for protecting against insider threats. They are:

  1. Figure out what piece(s) of information is the most important, and protect it the most.

  2. Learn from past attacks.

  3. Recognize the threat business partners pose.

  4. Watch for human behavior warning signs, especially people HR already is eyeing.

  5. Train employees to be wary of being socially engineered.

  6. Resigning and terminated employees are big threats.

  7. Use your existing (external) security infrastructure tools to look for insider threats as well.

  8. Protect employee privacy and abide by state laws.

  9. Use all aspects of your security workforce together.

  10. Start an insider theft prevention program now.

Insider threats are often the biggest threat. Build strong fences, but make sure you police the area inside the walls as well.

Jeff [10:51 PM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template