Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Cyber Security Awareness Month - Day 17 - What a boss should and should not have access to

Published: 2010-10-17
Last Updated: 2010-10-18 02:52:55 UTC
by Stephen Hall (Version: 1)
7 comment(s)

On day 17 of our yearly Cyber Security Awareness Month, we enter into the thorny subject area of your Boss. Today, we'll look at what a boss should, or indeed should not have access to.

Bosses are interesting people. The don't do what you and I do, they do different things, go to different places, mix with different people (most with new shiny technology), and face different day to day challenges.

Lets look at those day to day challenges, or risks as we call them.

You boss most likely holds the 'keys to your business'. They will know what your company is going to do next, they have information that could move your share price such as the date of launch for a new product, move on a new take over. All of that information is valuable. So, we all think about the risks to our bosses, but do they think about the risks they enter every day. Given that most CxO level bosses are not the most tech savvy people in the world how do we educate them to work in an online world where people want that information, and are willing to try and take it?

What do you do when you boss wants to go to a country where not just crossing a geographical boarder has the potential for having technology confiscated, but how about copied when they are in their hotel room? Spyware loaded onto their laptop they take with them so that e-mails are read, documents copied, and so on. 

When you boss comes to you and they want the latest iShiny technology, how do you show the risks associated with them using it?

Do you have a special executive group on your web proxy which gives these high value targets boarder access than the people in the offices they control? If you do, should you?

If you can pass on some tips on how you can educate CxO level executives to the risks they face, and how that impacts the services, and IT resources they should have access to, I'll add them to the bottom of the diary during today, and into next week.

Steve Hall
ISC Handler

 

7 comment(s)
Diary Archives