User tricks, security 'treats'
Because sometimes dealing with folks at the office is a dark art
Computerworld - Thirteen malevolent spirits may haunt the halls and cubicles of your company, and if you're going to scare them into security compliance, you may need to get a little bit spooky yourself. Have a few treats up your sleeve to return for these goblins' sinister tricks.
The Privileged Executive
The privileged executive feels responsible for every aspect of the organization, and compelled to control it. She wants to know everything about every department and project; demands root access to systems and applications, and sufficient rights to act on others’ behalf -- including sending e-mail using other employees’ accounts. Naturally, she objects to the logging of her own activities while demanding stringent audit of everyone else.
Forward articles on prosecution of executives for insider trading, misusing data, and Sarbanes-Oxley Act violations, particularly ones that detail how malfeasance got pinned on the corner office because of too much access. Follow up a few days after each prying event by hinting to IT that it ought to look into apparent audit discrepancies, and suggesting to internal auditors they ought to look into IT control logs. Send monthly updates about how you’re working hard to make sure the execs aren’t exposed to excess risk; make plausible deniability your mantra.
When the king of the roost doesn’t have enough operational responsibility, his functional understanding of technology accompanied by an assumption of anonymity can develop into a penchant for mischief, porn and control issues that fall just short of true megalomania. Sooner or later, the idle owner eventually does something really stupid -- storing very personal videos on company servers, downloading bootlegs of competitor’s products, sending threatening e-mails to his ex, or downloading media you’d rather forward to law enforcement.
Strike up a conversation about how it’s great that your ISP logs all network traffic to adjust the quality of service, and alert you to employee misbehavior. Marvel over how the ISP itself is notified by the FBI’s mysterious Carnivore system, and how it seems to be effective at tracking nefarious e-mail and downloads to specific computers even through networks using NAT. Discreetly throttle network bandwidth to accounting or production when he’s on a downloading jag, and suggest that your audit team might have to look into it. If the activities might reflect back on you, quietly move his office to a separate DSL line for his pernicious personal proclivities.
An Angry God
Your systems administrator was running your network before dirt was invented. He’s always had root or administrator accounts for his daily work, and he’s not going to start using sudo now. In fact, he’s insulted that you suggested it, and is withholding access rights from the only other senior administrator. One of the R&D departments claims that a bunch of its data is now inaccessible, and now your guy is asking for a raise.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!