I find this to be one of the hardest to mitigate threats in information security. Frequently, fighting insider threats prevents people from doing work. Another problem is that too much restrictions and surveillance leads to distrust between employer and employee. So what's the right balance? What worked for you? In my opinion, the following idea usually work:
An even worse problem I don't even dare to cover: Insiders who get blackmailed. Again, if they trust you maybe they will come forward first. But that's a lot of trust. So any good ideas you have to implement insider protections like that? Trust me... I will publish them. After all, I am an insider here ;-) (Thanks to Bill for pointing this out). --------
I will be teaching next: Defending Web Applications Security Essentials - SANS Cyber Security West: March 2021 |
Johannes 4068 Posts ISC Handler Oct 29th 2007 |
Thread locked Subscribe |
Oct 29th 2007 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!