Mais conteúdo relacionado Semelhante a BCS ITNow 201606 - Insider Threats (20) Mais de Gareth Niblett (16) BCS ITNow 201606 - Insider Threats1. Although a lot can be said for human
firewalls, end users ultimately act as a
mitigating control for organisational IT and
process failures. It seems egregious that
someone can be penalised for clicking
on a link which turns out to be malicious,
when they should not have seen it - or
been able to trigger the issue - in the
first place.
We need more focus on productive
security, which addresses the
downsides of ‘friction’, complexity, and
information overload in security policies
and enforcement. Poorly crafted and
implemented rules get in the way of
business productivity. Users will try to
get their job done; our job should be to
help them.
Another area where we can improve
things is trying to minimise vulnerabilities
throughout our software development
life cycles. Development methodologies,
even agile ones, need a robust approach
for continual testing from alpha through
live. Secure by design needs proper focus
during design, coding and testing.
We all outsource and offshore aspects
of our business or support services,
from overseas call centres and software
development through to running critical
functions on cloud platforms.
Supply chain assurance is required to
INFORMATION SECURITY
ensure that, in doing so, new risks are
adequately understood and managed.
In the same way as business network
boundaries have eroded, the scope of what
is an insider threat now extends beyond
staff, as must our approach.
Insider threats can come from a variety of areas, from under
trained and over-stretched users making innocent mistakes, through
lax software development and deployment approaches, to malicious
users with the necessary access and motivation to deliberately harm
your business, says Gareth Niblett, Chair, BCS Information Security
Specialist Group.
Information Security Specialist
Group (ISSG):
www.bcs-issg.org.uk
Information Risk Management and
Assurance Specialist Group:
www.bcs.org/groups/irma
BCS Security Community of
Expertise (SCoE):
www.bcs.org/securitycommunity
FURTHER INFORMATION
doi:10.1093/itnow/bww039©2016TheBritishComputerSocietyImage:Thinkstock
INSIDER
THREATS
June 2016 ITNOW 23