http://www.darkreading.com/insider-threat/167801100/security/client-security/228800755/compliance-means-getting-a-handle-on-insider-threats.html By Diana Kelley and Ed Moyle Contributing Writers Darkreading Dec 16, 2010 [Excerpted from "Compliance From The Inside Out," a new report posted this week on Dark Reading's Insider Threat Tech Center.] When you talk about security and compliance, you typically think about protecting the organization from external attackers who want to steal sensitive corporate information. But in many cases, the reason companies fare poorly with audits has nothing to do with those bad guys but, rather, with internal threats. Small wonder. These are, after all, people we trust (there’s a reason Dante put traitors at the lowest depths of hell). But the facts tell us we are at high risk from internal attack. Studies conducted jointly by CERT and the U.S. Secret Service show about half the companies responding have experienced at least one insider incident, and about a third of all electronic crimes were committed by insiders. What’s more, the definition of "insider" is expanding beyond "employee" — insiders include contractors, temporary workers, vendors, clients and everyone else with trusted access to company resources. The internal threat is real, and auditors take it seriously. They consider risk regardless of source, so they evaluate controls against internal as well as external threats. To build the proper internal controls to meet these auditors' requirements, you must consider the nature of insider threats, the regulatory hot buttons that auditors look for, and strategies to minimize risk and protect your assets. [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/Received on Thu Dec 16 2010 - 23:16:55 PST
This archive was generated by hypermail 2.2.0 : Fri Dec 17 2010 - 07:31:09 PST