Saturday, July 26, 2008

Insider Threats, Rogue Admins and San Francisco

There's been a lot of press about the recent arrest of a sys admin from the City of San Francisco locking up the network and refusing initially to release the passwords.

But, the core issue, as others have said, as well, is the question of insider threats. Though we don't have all the details, it seems there was too much access given to one person and it was unchecked and unsupervised. There were violations of the Principle of Least Privilege, inadequate separation of duties, inadequate change control procedures and no back up admin to take over.

The issue boiled down to inadequate access controls. Computer World and eWeek offered some tips. M. E. Kabay, in his Security Strategies Alert newsletter on Network World, cited a survey from Cyber-Ark, a vendor specializing in privileged access management tools.


Post a Comment

<< Home