May 19, 2005
On Firing Your Staff Geek
If you are going to fire one of your systems staffers, what do you do? You make sure your cut off his e-mail and network access, and change all crucial passwords at the same time you are ambusing him with an exit interview and immediately followed by someone escorting him out of the building. No brainer.
The US Secret Service and Carnegie Mellon University released a new "insider threat" survey.
Among the key findings of the ITS study of insider sabotage across critical infrastructure sectors are the following:
A negative work-related event triggered most insiders’ actions.
• Most of the insiders had acted out in a concerning manner in the workplace.
• The majority of insiders planned their activities in advance.
• When hired, the majority of insiders were granted system administrator or privileged access, but less than half of all of the insiders had authorized access at the time of the incident.
• Insiders used unsophisticated methods for exploiting systemic vulnerabilities in applications, processes, and/or procedures, but relatively sophisticated attack tools were also employed.
• The majority of insiders compromised computer accounts, created unauthorized backdoor accounts, or used shared accounts in their attacks.
• Remote access was used to carry out the majority of the attacks.
• The majority of the insider attacks were only detected once there was a noticeable irregularity in the information system or a system became unavailable.
• Insider activities caused organizations financial losses, negative impacts to their business operations and damage to their reputations.
To repeat, if you are going to fire one of your systems staffers, you make sure your cut off his e-mail and network access, and change all ...
TrackBack URL for this entry:
Listed below are links to weblogs that reference On Firing Your Staff Geek: