InformationWeek’s offering for the “information security community” has recently published a commentary by Mike Tierney identifiying “The Insiders: A Rogues Gallery“, thought to help organiziations spot and prevent potential threats to their data integrity.
Tierney identifies three categories into which potential security threats fall:
- external threats posing as internals, e.g. through account takeovers;
- malicious insiders and
- non-malicious insiders.
He also describes six main “archetypes” of internal threats, by behaviour and motivation – and indicates which general measures can be taken to counter the threat they pose.
In my view these measures boil down to a combination of organizational and technical means, that I think can all be covered or helped with our offering:
1. Organisational means:
- e.g. clarify data access rights of a user (and boundaries thereof), and enforce these (for which you might need to identify infringement, and thus need data access transparency – the prime functionality provided by UI Logging)
- foster a sense of shared interest in security, or an appropriate culture (“human firewall”). By feedback of some of our customers, it seems that this “shared interest” seems to be strongly boosted merely if users are aware that tools are being utilized to protect data.
2. Technical means:
- monitor and review activities and employees in order to detect anomalies – for which UI Logging provides both the means to record what users did, and the means to a meaningful analysis of the log
- restrict access where possible, e.g. with database encryption, or in the UI to protect against threats from business users (the latter is exactly what UI Masking makes possible, building on your access/authorization setup and refining into transactions)
Let me know what you think!