-
Essay / Insider Threats to Network Security - 1496
Insider Threats to Network SecurityThe topic of network security is a recurring theme in today's business world. An almost unfathomable amount of data is generated, transmitted and stored every day. Unfortunately, traditional media and news sources these days generally focus only on external threats like hackers. Many people completely overlook the insider threats that are present and can potentially pose an even greater threat than any outside source. One of the constantly repeated acronyms in the security industry is the principle of CIA or Confidentiality, Integrity and Availability. Authorized users, whether by accident or through malicious acts, are in a unique position to threaten all three aspects of the CIA. Authorized users, by their very nature, are allowed to access company data to varying degrees. If access rights are not set correctly, there is a huge risk that data will be compromised, corrupted or destroyed. Employee access does not stop at electronic access to data, but many employees will have significant physical access to network hardware and devices. The risk of damage or theft by employees is a risk that should not be neglected. If that's not enough, you have to worry about not only data theft and corruption, but also what the user chooses to store. Your business can get into trouble simply by storing copyrighted or pornographic material. Users are also known to leave written passwords near their devices. Some users go even further and keep a rotating list of all the passwords they use. Passwords also present another weak link in that they can be shared between users, or handed out in the middle of a sheet of paper......whether voluntary or involuntary, a procedure must be in place and executed every time to ensure that network credentials are revoked and that the user does not have the option to delete or destroy information at the last minute. In the case of involuntary termination, the employee should not receive any warning before the event occurs so that he or she does not have time to perform malicious actions before being terminated. For effective internal network security, a policy and procedure must be in place, and it must be enforced from the top down. It is also a good idea to periodically review these policies and procedures to ensure that they still meet the necessary requirements required by the company. If IT can work collaboratively with the rest of the business, we can help learn from this accidental and malicious threat of authorized internal users..