Monday, May 25, 2009

5 simple steps to minimize insider threats

Insiders who have the trust can abuse this trust. I recently listened to an interview with one of my favorite security experts, Bruice Schneier, on this subject. Every organization can/should take the follow 5 steps to minimize/mitigate insider threats.

1. Have only a few trusted people.
By limiting the number of trusted people, you limit the possible threats.

2. Ensure that the trusted people are trustworthy.
For example, background checks, limiting to citizens, bonding employees, etc.

3. Limit (compartmentalize) the trust each person has.
For example, give the key to her cubicle only not to other cubicles, give only user passwords not root password.

4. Give overlapping sphere of trust (Make it compulsory to require two or more people to get the task (usually very sensitive and can have profound consequences) done).
For example, co-signers, secret sharing schemes, if you are a Knight Rider fan, you must have seen that to activate the self-destruction mode on KIT two people's finger prints are required.

5. Detect breach of trust and prosecute. Auditing is used for this purpose. Having an audit system in place may deter people from breaching trust as well as provide evidence if breached. Whatever system in place should be tamper resistant and provide sufficient details of user actions/behavior.

As you might have noticed, these 5 steps are nothing new, but you'll be amazed that many organizations don't have these basics right.