joseph kummer terri berry brad white. 1. specific instances of employee hacking and the...
TRANSCRIPT
EMPLOYEE HACKING: THE NEW INSIDE JOB
Joseph KummerTerri BerryBrad White
Summary
1. Specific instances of employee hacking
and the consequences which resulted
therefrom.
2. How employees utilize their positions
within an organization to obtain sensitive
information and then briefly discuss their
various motivations for doing so.
Summary
3. Various methods and techniques for
preventing employee hacking and potential
modifications to accounting laws and
regulations relating to internal controls
and IT security that would assist in
ensuring that businesses allocate
sufficient resources for the protection
sensitive information from their own
employees.
Specific Incidents
1. Gucci America Inc.
2. U.S. State Department
3. Education Logistics
4. Akimbo Systems (f/k/a Blue Falcon Networks),
The How and Why
Extensive knowledge of the system and the company
Possess necessary access credentials Understand the security systems in place
and related control mechanisms and know how to avoid controls and detection
TRUST!!!
Intentionally cause damage to the company
Recklessly cause damage to the company Personal financial gain
Sale of trade secrets Sale of financial or other insider information Sale of authorization/access codes and/or
knowledge of the system
Prevention
Promote information security as an organizational goal
Obtain top level support for making information security a priority
Implement proper access and authorization controls
Change access and authorization controls on a regularly scheduled basis
Monitor employee access records Deprovision user access as appropriate
Federal and state governments protect 3rd parties
Require implementation of security and confidentiality procedures and technology
Require strict access control policies, including deprovisioning policies
Require monitoring of employee access Require reporting of unauthorized
disclosures, access and/or breach