An ironic example of the insider threat is the case of Jessica Harper, 50 a former Lloyds Bank worker who while working as head of fraud and security for digital banking has been convicted of carrying
out a fraud worth more than £2.4m and will be sentenced on the 21st Sept 2012.
The insider threat is a disgruntled insider with knowledge of the victim's system, see also abuse of privilege, insider attack, internal vulnerability, insider.
Combating the insider threat can be done by the use of controls
Technical controls focus on data and computer activities, while nontechnical controls focus on human motivations and behaviour. Nontechnical controls are critical because many insider attacks do not depend on technology.
Job rotation,
segregation of duties,
mandatory vacations,
regular audits/reviews,
periodic employee background checks
Technical solutions
Data loss protection (DLP) systems
Fraud detection tools
Security information and event management (SIEM) solutions
No comments:
Post a Comment