The Insider threat – Start thinking about sorting. (pt.2)

We will start this next part of my Insider Threat back-to-basic primer, right where we finished last week’s instalment. I’m working outside a very nice café in Brighton, with a Sicilian cake and a latte (sorry I had already eaten the cake before I took this photo).

Why? What has that got to do with the insider threat?

I left you last week with the idea that before you can have trust in your team, you need to understand and then sort your information and systems. Above you can see I was working in a public place, but on what? If you read last week’s article you will know I was writing that article. But when Diana – our CEO – went to proof the article, she saw the photo and asked the questions; “What was on the screen?”, “Could anyone else read the screen?”, “Can anyone read the text in the photo, if it is sensitive?”. You get it – she had concerns…

That is because we have an information policy that categorises our information and access to that information is controlled. Everyone in the organisation is accountable to this policy – even Diana and myself.

To reassure her and you, it was the blog article she was proofing, I had sat where no one could overlook my work or snatch the phone, and I had resized the image to blur the text.

How and why do we sort our information for the insider threat?

Here is an example of some information sorting categories:

  • Internal
  • External
  • Confidential
  • Support
  • Directors
  • Smart Thinking

Staff are given access to only the information they need to do their job. If someone goes rogue or makes a mistake then the insider leak is at least limited. I have written about this here:

The Principle of Least Privilege and Authentication, Authorisation and Accountability – A Primer

But it is not zero. That is what we are going to discuss next week.


Clive Catton MSc (Cyber Security) – 
by-line and other articles

Further Reading

The Insider threat – Not just a question of trust. (pt.1) – CyberAwake

Photo credit Clive Catton (www.clivecatton.co.uk)