{"title":"信息安全中的人为因素:内部威胁——如今你能信任谁?","authors":"Carl Colwill","doi":"10.1016/j.istr.2010.04.004","DOIUrl":null,"url":null,"abstract":"<div><p>This paper examines some of the key issues relating to insider threats to information security and the nature of loyalty and betrayal in the context of organisational, cultural factors and changing economic and social factors. It is recognised that insiders pose security risks due to their legitimate access to facilities and information, knowledge of the organisation and the location of valuable assets. Insiders will know how to achieve the greatest impact whilst leaving little evidence. However, organisations may not have employed effective risk management regimes to deal with the speed and scale of change, for example the rise of outsourcing. Outsourcing can lead to the fragmentation of protection barriers and controls and increase the number of people treated as full time employees. Regional and cultural differences will manifest themselves in differing security threat and risk profiles. At the same time, the recession is causing significant individual (and organisational) uncertainty and may prompt an increase in abnormal behaviour in long-term employees and managers – those traditionally most trusted – including members of the security community. In this environment, how can organisations know who to trust and how to maintain this trust?</p><p>The paper describes a practitioner’s view of the issue and the approaches used by BT to assess and address insider threats and risks. Proactive measures need to be taken to mitigate against insider attacks rather than reactive measures after the event. A key priority is to include a focus on insiders within security risk assessments and compliance regimes. The application of technology alone will not provide solutions. Security controls need to be workable in a variety of environments and designed, implemented and maintained with people’s behaviour in mind. Solutions need to be agile and build and maintain trust and secure relationships over time. This requires a focus on human factors, education and awareness and greater attention on the security ‘aftercare’ of employees and third parties.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"14 4","pages":"Pages 186-196"},"PeriodicalIF":0.0000,"publicationDate":"2009-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2010.04.004","citationCount":"321","resultStr":"{\"title\":\"Human factors in information security: The insider threat – Who can you trust these days?\",\"authors\":\"Carl Colwill\",\"doi\":\"10.1016/j.istr.2010.04.004\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>This paper examines some of the key issues relating to insider threats to information security and the nature of loyalty and betrayal in the context of organisational, cultural factors and changing economic and social factors. It is recognised that insiders pose security risks due to their legitimate access to facilities and information, knowledge of the organisation and the location of valuable assets. Insiders will know how to achieve the greatest impact whilst leaving little evidence. However, organisations may not have employed effective risk management regimes to deal with the speed and scale of change, for example the rise of outsourcing. Outsourcing can lead to the fragmentation of protection barriers and controls and increase the number of people treated as full time employees. Regional and cultural differences will manifest themselves in differing security threat and risk profiles. At the same time, the recession is causing significant individual (and organisational) uncertainty and may prompt an increase in abnormal behaviour in long-term employees and managers – those traditionally most trusted – including members of the security community. In this environment, how can organisations know who to trust and how to maintain this trust?</p><p>The paper describes a practitioner’s view of the issue and the approaches used by BT to assess and address insider threats and risks. Proactive measures need to be taken to mitigate against insider attacks rather than reactive measures after the event. A key priority is to include a focus on insiders within security risk assessments and compliance regimes. The application of technology alone will not provide solutions. Security controls need to be workable in a variety of environments and designed, implemented and maintained with people’s behaviour in mind. Solutions need to be agile and build and maintain trust and secure relationships over time. This requires a focus on human factors, education and awareness and greater attention on the security ‘aftercare’ of employees and third parties.</p></div>\",\"PeriodicalId\":100669,\"journal\":{\"name\":\"Information Security Technical Report\",\"volume\":\"14 4\",\"pages\":\"Pages 186-196\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://sci-hub-pdf.com/10.1016/j.istr.2010.04.004\",\"citationCount\":\"321\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Information Security Technical Report\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1363412710000051\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Security Technical Report","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1363412710000051","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Human factors in information security: The insider threat – Who can you trust these days?
This paper examines some of the key issues relating to insider threats to information security and the nature of loyalty and betrayal in the context of organisational, cultural factors and changing economic and social factors. It is recognised that insiders pose security risks due to their legitimate access to facilities and information, knowledge of the organisation and the location of valuable assets. Insiders will know how to achieve the greatest impact whilst leaving little evidence. However, organisations may not have employed effective risk management regimes to deal with the speed and scale of change, for example the rise of outsourcing. Outsourcing can lead to the fragmentation of protection barriers and controls and increase the number of people treated as full time employees. Regional and cultural differences will manifest themselves in differing security threat and risk profiles. At the same time, the recession is causing significant individual (and organisational) uncertainty and may prompt an increase in abnormal behaviour in long-term employees and managers – those traditionally most trusted – including members of the security community. In this environment, how can organisations know who to trust and how to maintain this trust?
The paper describes a practitioner’s view of the issue and the approaches used by BT to assess and address insider threats and risks. Proactive measures need to be taken to mitigate against insider attacks rather than reactive measures after the event. A key priority is to include a focus on insiders within security risk assessments and compliance regimes. The application of technology alone will not provide solutions. Security controls need to be workable in a variety of environments and designed, implemented and maintained with people’s behaviour in mind. Solutions need to be agile and build and maintain trust and secure relationships over time. This requires a focus on human factors, education and awareness and greater attention on the security ‘aftercare’ of employees and third parties.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
