Compliance Means Getting A Handle On Insider Threats

Compliance Means Getting A Handle On Insider Threats
Compliance Means Getting A Handle On Insider Threats

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

Content-Transfer-Encoding: QUOTED-PRINTABLE

By Diana Kelley and Ed Moyle
Contributing Writers
Dec 16, 2010 

[Excerpted from "Compliance From The Inside Out," a new report posted 
this week on Dark Reading's Insider Threat Tech Center.]

When you talk about security and compliance, you typically think about 
protecting the organization from external attackers who want to steal 
sensitive corporate information. But in many cases, the reason companies 
fare poorly with audits has nothing to do with those bad guys but, 
rather, with internal threats.

Small wonder. These are, after all, people we trust (there=E2=80=99s a reason 
Dante put traitors at the lowest depths of hell). But the facts tell us 
we are at high risk from internal attack. Studies conducted jointly by 
CERT and the U.S. Secret Service show about half the companies 
responding have experienced at least one insider incident, and about a 
third of all electronic crimes were committed by insiders.

What=E2=80=99s more, the definition of "insider" is expanding beyond "employee" 
=E2=80=94 insiders include contractors, temporary workers, vendors, clients and 
everyone else with trusted access to company resources. The internal 
threat is real, and auditors take it seriously. They consider risk 
regardless of source, so they evaluate controls against internal as well 
as external threats.

To build the proper internal controls to meet these auditors' 
requirements, you must consider the nature of insider threats, the 
regulatory hot buttons that auditors look for, and strategies to 
minimize risk and protect your assets.


Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure. 

Site design & layout copyright © 1986-2014 CodeGods