belliott
Joined: 29 Aug 2004
Posts: 25
|
| Posted: Mon Apr 18, 2005 10:36 pm Post subject: Protecting data against insider |
|
|
Article title: Protecting data against insider
AKS-Labs wrote: Insiders often possess information of substantial value as they may obtain access to their employer’s information systems and find a way around existing security measures through legitimate means. Insider activity might involve such incidents as compromising, manipulating, exceeding authorized access to, tampering with and even disabling company’s information resources, workstation, or network.
Typically, a wide range of individuals and groups has access to the corporate network: from employees at all levels of authority to suppliers to customers to vendors. User access policies should consider what people in which department can be granted access to particular information resources. For instance, employees in the finance department must be given access to accounting information, while employees in the technical department are not supposed to access this type of data. However, assigning access to specific resources is not sufficient.
Security breaches associated with insider activity may cause considerable damage to a corporation, ranging from illegal distribution of the company’s intellectual property to the loss of customer data and business disruption. The reputation damage is also a significant risk. That’s why major companies try to avoid public announcements on insider abuse as these publications might have a negative effect on brand integrity or the whole industry reputation.
The files containing sensitive information should be stored in a specific location. It should be immediately detected if the data was transferred across the corporate network or to an external device. To reduce insider theft risks, it is essential to monitor and audit user activity across the entire network on a regular basis.
Read article: Protecting data against insider
|
|
