Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

BCS ITNow 201606 - Insider Threats

29 views

Published on

Insider threats can come from a variety of areas, from under
trained and over-stretched users making innocent mistakes, through lax software development and deployment approaches, to malicious users with the necessary access and motivation to deliberately harm your business, says Gareth Niblett, Chair, BCS Information Security Specialist Group.

Published in: Business
  • Be the first to comment

BCS ITNow 201606 - Insider Threats

  1. 1. Although a lot can be said for human firewalls, end users ultimately act as a mitigating control for organisational IT and process failures. It seems egregious that someone can be penalised for clicking on a link which turns out to be malicious, when they should not have seen it - or been able to trigger the issue - in the first place. We need more focus on productive security, which addresses the downsides of ‘friction’, complexity, and information overload in security policies and enforcement. Poorly crafted and implemented rules get in the way of business productivity. Users will try to get their job done; our job should be to help them. Another area where we can improve things is trying to minimise vulnerabilities throughout our software development life cycles. Development methodologies, even agile ones, need a robust approach for continual testing from alpha through live. Secure by design needs proper focus during design, coding and testing. We all outsource and offshore aspects of our business or support services, from overseas call centres and software development through to running critical functions on cloud platforms. Supply chain assurance is required to INFORMATION SECURITY ensure that, in doing so, new risks are adequately understood and managed. In the same way as business network boundaries have eroded, the scope of what is an insider threat now extends beyond staff, as must our approach. Insider threats can come from a variety of areas, from under trained and over-stretched users making innocent mistakes, through lax software development and deployment approaches, to malicious users with the necessary access and motivation to deliberately harm your business, says Gareth Niblett, Chair, BCS Information Security Specialist Group. Information Security Specialist Group (ISSG): www.bcs-issg.org.uk Information Risk Management and Assurance Specialist Group: www.bcs.org/groups/irma BCS Security Community of Expertise (SCoE): www.bcs.org/securitycommunity FURTHER INFORMATION doi:10.1093/itnow/bww039©2016TheBritishComputerSocietyImage:Thinkstock INSIDER THREATS June 2016 ITNOW 23

×