Research reports and anecdotal evidence repeatedly show that major vulnerabilities -- perhaps the largest risks -- come from insider threats. That is, trusted people betraying their positions and trust.
But what's the answer? Watchers watching watchers watching each other? Decades ago, as a system programmer responsible for site security, I was open with management about my having the keys to the kingdom because there were no checks or even full reporting on my actions. Now, prudent or mandated "separation of duties" discipline wouldn't grant such unrestricted freedom. But beyond that concept, what's done in small/medium-size/large installations to balance risk mitigation against staff productivity? What tools and practices are used? Of course, sometimes common sense dictates what to do. At that installation where I worked, a second-shift operator was fired for cause, given two weeks notice, and allowed to work through it. I objected -- especially since he worked alone -- but was overruled. As best we could tell, nothing bad happened. But it seemed a foolish risk with potentially awful -- and perhaps hard to detect until much later -- consequences. So please also mention bad practices, missed opportunities, risks not usually addressed. As usual, extra credit for copying replies to me directly so they're not buried in list digests. As usual, thanks... -- Gabriel Goldberg, Computers and Publishing, Inc. [email protected] 3401 Silver Maple Place, Falls Church, VA 22042 (703) 204-0433 LinkedIn: http://www.linkedin.com/in/gabegold Twitter: GabeG0 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
