[ Monday, April 09, 2012 ]
Protecting Against Insider Threats: was leafing through the March 26 edition of InformationWeek and found a nice piece by Mathew Schwartz, quoting Dawn Cappelli's 10 tips for protecting against insider threats. They are:
- Figure out what piece(s) of information is the most important, and protect it the most.
- Learn from past attacks.
- Recognize the threat business partners pose.
- Watch for human behavior warning signs, especially people HR already is eyeing.
- Train employees to be wary of being socially engineered.
- Resigning and terminated employees are big threats.
- Use your existing (external) security infrastructure tools to look for insider threats as well.
- Protect employee privacy and abide by state laws.
- Use all aspects of your security workforce together.
- Start an insider theft prevention program now.
Insider threats are often the biggest threat. Build strong fences, but make sure you police the area inside the walls as well.
Jeff [10:51 PM]
Blogger: HIPAA Blog - Edit your Template