Okay, why would a large city like San Francisco make such a silly, preventable mistake like allowing one employee to be able to establish a super user type of account and then lock everyone else out of the government network?
“Hacker Holds Key to City’s Network: An Alleged Hacker Won’t Reveal Secret Password to Unlock San Francisco’s Network”
Posts Tagged ‘insider threat’
Insider Threat Example: San Fran IT Employee Exploits Poor Security Practices
Thursday, July 17th, 2008Insider Threat Example: Coworkers Accessing Other Coworkers’ Email Messages
Tuesday, June 3rd, 2008Back in the mid-1990’s, a middle manager knew that the print queue messages for all the emails in the large organization were viewable in clear text; all you had to know was which printer queue to open. He would lurk in the print queues each day, all day, for all the printers all the other middle managers, and executives, used, and he would copy all the email messages he found that could be “advantageous” to his career. He amazed a lot of people by always seeming to know what was going on before anyone else did.
I was reminded of this particular mole-manager as I just read a news story, “Philly News Anchor Target in FBI Probe: FBI Investigates Anchor in Suspected Hacking of Fired Co-Anchor’s E-mail”
Insider Threat Example: Bank Worker Sentenced To 36 Months In Prison; + Prison Terms For Others In Cahoots
Sunday, May 25th, 2008I’ve been doing some research for insider threat training content I’m creating, and I ran across a recent judgment against a bank employee for identity theft. This provides some good lessons to organizations for the insider threat, and would make a great case study for any organization to help personnel improve the ability to better protect personally identifiable information (PII).
Here’s the news release from the The United States Attorney’s Office for the Southern District of Texas…
Insider Threat Example: Bank Worker Sentenced To 36 Months In Prison; + Prison Terms For Others In Cahoots
Sunday, May 25th, 2008I’ve been doing some research for insider threat training content I’m creating, and I ran across a recent judgment against a bank employee for identity theft. This provides some good lessons to organizations for the insider threat, and would make a great case study for any organization to help personnel improve the ability to better protect personally identifiable information (PII).
Here’s the news release from the The United States Attorney’s Office for the Southern District of Texas…
Addressing the Insider Threat
Tuesday, May 13th, 2008My May issue of “IT Compliance in Realtime” is now available!
The first article I have within this issue is, “Addressing the Insider Threat.”
Here is the unformatted text of the article; download the PDF to get the much nicer, prettier, formatted version…
Risks & Compliance: Giving Personnel Access to Their Own, And Coworkers’, Records is Generally a Bad Idea
Wednesday, April 2nd, 2008I get several questions from folks about various information security, privacy and compliance issues. I answer all I can. Most of them are great, thought-provoking questions that help to spawn a nice discussion!
I recently got a very good and interesting question from a healthcare provider that all organizations really need to put some thought into. With this in mind, the following is the de-identified message I recieved, along with my slightly edited reply…
Using PCI DSS-Compliant Log Management to Identify Insider Access Abuse
Tuesday, April 1st, 2008Today I just finished writing the last of a three paper series, “The Essentials Series: PCI Compliance,” in which I discuss and demonstrate three ways in which meeting the PCI DSS requirements for logging also benefits businesses by putting into place log management practices that:
Insider Threat: Ex-Employee Takes Files To New Employer
Tuesday, February 19th, 2008Here’s a good article for your files, and to point out to your legal counsel to point out the very real insider threat to information security and privacy…
A Massachusetts trial court recently ruled that the unauthorized transfer of electronic files is actionable as a conversion under Massachusetts’ common law.
U.S. DoD Workers Give Military Secrets To China
Monday, February 11th, 2008Here are two more insider threat incident examples to put into your files and use within your information security and privacy training curriculum and awareness communications:
Insider Threat: Worker Deletes 7 Years of Files; Lesson? Make Backups!!
Friday, January 25th, 2008Here is another example of what a worker, entrusted with access to business files, can do…and also provides a lesson about business continuity…
I just watched a CNN clip, “Cyber Sabotage” that provides a very good example of how costly the insider threat can be.
