1

Click here to load reader

BCS ITNow 201606 - Insider Threats

Embed Size (px)

Citation preview

Page 1: BCS ITNow 201606 - Insider Threats

Although a lot can be said for human firewalls, end users ultimately act as a mitigating control for organisational IT and process failures. It seems egregious that someone can be penalised for clicking on a link which turns out to be malicious, when they should not have seen it - or been able to trigger the issue - in the first place.

We need more focus on productive security, which addresses the downsides of ‘friction’, complexity, and

information overload in security policies and enforcement. Poorly crafted and implemented rules get in the way of business productivity. Users will try to get their job done; our job should be to help them.

Another area where we can improve things is trying to minimise vulnerabilities throughout our software development life cycles. Development methodologies, even agile ones, need a robust approach for continual testing from alpha through live. Secure by design needs proper focus during design, coding and testing.

We all outsource and offshore aspects of our business or support services, from overseas call centres and software development through to running critical functions on cloud platforms.

Supply chain assurance is required to

INFORMATION SECURITY

ensure that, in doing so, new risks are adequately understood and managed.

In the same way as business network boundaries have eroded, the scope of what is an insider threat now extends beyond staff, as must our approach.

Insider threats can come from a variety of areas, from under trained and over-stretched users making innocent mistakes, through lax software development and deployment approaches, to malicious users with the necessary access and motivation to deliberately harm your business, says Gareth Niblett, Chair, BCS Information Security Specialist Group.

Information Security Specialist Group (ISSG):www.bcs-issg.org.uk

Information Risk Management and Assurance Specialist Group:www.bcs.org/groups/irma

BCS Security Community of Expertise (SCoE):www.bcs.org/securitycommunity

FURTHER INFORMATION

doi:1

0.10

93/i

tnow

/bw

w03

9 ©

2016

The

Brit

ish

Com

pute

r So

ciet

yIm

age:

Thin

ksto

ck

INSIDERTHREATS

June 2016 ITNOW 23

Uponor om smatrix wave t168 de 1087412 201606

Uponor om smatrix wave t168 de 1087412 201606

Documents
BCS Softech.docx

BCS Softech.docx

Documents
Uponor om smatrix wave t168 de 1087412 201606 sc

Uponor om smatrix wave t168 de 1087412 201606 sc

Documents
BCS Prime Brokerage Ltd (“BCS UK”) Pillar 3 Disclosures

BCS Prime Brokerage Ltd (“BCS UK”) Pillar 3 Disclosures

Documents
Curso Lichos - MOP and (separately) Niche conservatism 201606

Curso Lichos - MOP and (separately) Niche conservatism 201606

Science
Bcs newsletter2013

Bcs newsletter2013

Documents
201606 Tennis Industry magazine

201606 Tennis Industry magazine

Documents
Bcs Jeopardy

Bcs Jeopardy

Sports
SUPERCONDUCTIVIDAD BCS

SUPERCONDUCTIVIDAD BCS

Documents
Revista ITNow Nov 2015

Revista ITNow Nov 2015

Documents
BCS Kardiovaskuler

BCS Kardiovaskuler

Documents
3811_ReducingCostsUsingPersonalizedAutoRepair_ BCS

3811_ReducingCostsUsingPersonalizedAutoRepair_ BCS

Documents
BCS Catalogue

BCS Catalogue

Documents
Biopharmaceutics Classification System (BCS) Biowaiver ... BCS Biowaiver Assessment... · Biopharmaceutics Classification System (BCS) Biowaiver Assessment Report ... Human absorption

Biopharmaceutics Classification System (BCS) Biowaiver ... BCS Biowaiver Assessment... · Biopharmaceutics Classification System (BCS) Biowaiver Assessment Report ... Human absorption

Documents
BCS RANKINGS

BCS RANKINGS

Documents
Niche comparisons 201606 para curso Lichos

Niche comparisons 201606 para curso Lichos

Science
BCS ITNow 201403 - Data Loss Prevention

BCS ITNow 201403 - Data Loss Prevention

Data & Analytics
CLC's Newsletter 201606 [United International College - UIC]

CLC's Newsletter 201606 [United International College - UIC]

Documents
BCS Portfolio

BCS Portfolio

Documents
Stormshield en-breach-fighter-datasheet-201606

Stormshield en-breach-fighter-datasheet-201606

Data & Analytics
BCS Theory

BCS Theory

Documents
Transforming BCS

Transforming BCS

Documents
Loddon Valley Link 201606 - June 2016

Loddon Valley Link 201606 - June 2016

Documents
ITNOW magazine: June 2014 (sample)

ITNOW magazine: June 2014 (sample)

Leadership & Management
16_awards_list_final.doc - mediad.publicbroadcasting.netmediad.publicbroadcasting.net/.../files/201606/16_awar… · Web viewWCAI - “Creative Life: Carmina Burana

16_awards_list_final.doc - mediad.publicbroadcasting.netmediad.publicbroadcasting.net/.../files/201606/16_awar… · Web viewWCAI - “Creative Life: Carmina Burana

Documents
BCS Viewbook

BCS Viewbook

Documents
Perseus Company Overview 201606

Perseus Company Overview 201606

Documents
Wing arc singapore bi leaflet 201606

Wing arc singapore bi leaflet 201606

Software
BUSINESS ANALYSIS TECHNIQUES - BCS - BCS - The Chartered Institute

BUSINESS ANALYSIS TECHNIQUES - BCS - BCS - The Chartered Institute

Documents
BCS Profile

BCS Profile

Documents