The Insider threat – Start thinking about sorting. (pt.2)

by
Is this an issue when it comes to the insider threat

We will start this next part of my Insider Threat back-to-basic primer, right where we finished last week’s instalment. I’m working outside a very nice café in Brighton, with a Sicilian cake and a latte (sorry I had already eaten the cake before I took this photo).

Why? What has that got to do with the insider threat?

I left you last week with the idea that before you can have trust in your team, you need to understand and then sort your information and systems. Above you can see I was working in a public place, but on what? If you read last week’s article you will know I was writing that article. But when Diana – our CEO – went to proof the article, she saw the photo and asked the questions; “What was on the screen?”, “Could anyone else read the screen?”, “Can anyone read the text in the photo, if it is sensitive?”. You get it – she had concerns…

That is because we have an information policy that categorises our information and access to that information is controlled. Everyone in the organisation is accountable to this policy – even Diana and myself.

To reassure her and you, it was the blog article she was proofing, I had sat where no one could overlook my work or snatch the phone, and I had resized the image to blur the text.

How and why do we sort our information for the insider threat?

Here is an example of some information sorting categories:

  • Internal
  • External
  • Confidential
  • Support
  • Directors
  • Smart Thinking

Staff are given access to only the information they need to do their job. If someone goes rogue or makes a mistake then the insider leak is at least limited. I have written about this here:

The Principle of Least Privilege and Authentication, Authorisation and Accountability – A Primer

But it is not zero. That is what we are going to discuss next week.


Clive Catton MSc (Cyber Security) – by-line and other articles

Further Reading

The Insider threat – Not just a question of trust. (pt.1) – CyberAwake

Photo credit Clive Catton (www.clivecatton.co.uk)

Contact us for consultation

Wake up to cyber threats..

The Insider threat – Start thinking about sorting. (pt.2) Cyber Awake
HQ Based between Newark and Lincoln

Get in touch

CyberAwake
Unit 2 Kingsley Court
Kingsley Road
Lincoln
LN6 3TA
United Kingdom

01522 508089

useful links

Website Cookies Icon

This website uses cookies to ensure you get the best experience on our website. Click for more information.

accept & Close