Posted on August 28th, 2009 by Mark McClain
Like many in the industry, this week’s RSA-sponsored IDC report, “Insider Risk Management: A Framework Approach to Internal Security,” caught my eye. The report led with the finding that 52% of the respondents “characterized their incidents arising from insider threats as predominantly accidental.” This in turn triggered a media storm pointing to careless, incompetent or [...]
Filed under: Identity Governance, Insider Threats/Security Breaches | No Comments »
Posted on July 7th, 2009 by Darran Rolls
I came to work this morning to read a Bloomberg article, “Goldman May Lose Millions From Ex-Worker’s Code Theft,” about a recent data breach. The details are still coming in, but allegedly a former computer programmer from Goldman Sachs, Sergey Aleynikov, downloaded and stole a copy of proprietary trading software. To me, this is an [...]
Filed under: Identity Governance, Insider Threats/Security Breaches, Risk Management | No Comments »
Posted on May 29th, 2009 by Jackie Gilbert
I read an interesting piece in InfoWorld by Roger Grimes, “A Sweet Solution to the Insider Threat.” The premise of Grimes’ article is that companies should use computer decoys, or “honeypots,” to catch workers attempting to login to resources they have no business reason for accessing. Honeypots by their very nature are fake computers that [...]
Filed under: Identity Governance, Insider Threats/Security Breaches, Risk Management | No Comments »
Posted on May 12th, 2009 by Jackie Gilbert
In SailPoint’s second Market Pulse Survey (announced yesterday), we asked Global 2000 companies about how they are managing IT risk given the economic downturn and resulting corporate churn. Not surprisingly, given the recessionary budgets and resource allocations these companies are facing, the survey showed that companies remain very exposed to the risks of insider threats [...]
Filed under: Identity Governance, Insider Threats/Security Breaches, SailPoint | No Comments »
Posted on April 23rd, 2009 by Jackie Gilbert
I’ve been at the RSA Conference all week, so I just noticed an intriguing news item from The Register on Monday. The article details survey results from an unnamed security vendor, concluding that one-third of workers are open to bribes for data theft. It’s beyond the scope of this blog to speculate on the statistical [...]
Filed under: Identity Governance, Insider Threats/Security Breaches, Risk Management | No Comments »
Posted on February 25th, 2009 by Jackie Gilbert
Heads up – there’s been another “massive” credit card security breach – the 3rd such incident in recent months. We don’t know which company suffered the breach, but it appears to be another card payment processor. We’re still in the “whisper period” as some call it – Visa and MasterCard have begun notifying banks, and [...]
Filed under: Identity Governance, Insider Threats/Security Breaches, Risk Management | No Comments »
Posted on February 17th, 2009 by Mark McClain
I just read a Wall Street Journal article by Bruce Schneier, the CTO of BT and a renowned security author. The piece, “Thwarting an Internal Hacker,” is timely given recent security breaches hitting the news (including Heartland Payment Systems and Fannie Mae, which he references) coupled with the economy. I’ve already written about how the [...]
Filed under: Identity Governance, Insider Threats/Security Breaches, Risk Management, User Access Control | No Comments »
Posted on January 23rd, 2009 by Kevin Cunningham
I read today that TJX just held a “Customer Appreciation” sale related to the massive data breach that exposed as many as 100 million customer accounts. According to TJX spokesperson Sherry Lang, TJX offered customers 15% off entire purchases on January 22 “to express our appreciation to customers for their continued support and patronage following [...]
Filed under: Identity Governance, Insider Threats/Security Breaches | 1 Comment »
