[SCADASEC] Trusted Insider
southworthrg at bigpond.com
southworthrg at bigpond.com
Tue Feb 12 18:26:11 CST 2008
Clint,
The trusted insider takes many forms and profiling analasys will only catch the person that is effected by the day to day grind. (VB) and the famous Maroochy case is a classic example.
When a specific incident occurs, providing sufficient motivation to trigger the "improper" activitiy, in a control system context, the trusted insider takes on a different look.
When people are pushed outside of their comfort zone they revert to their basic instincts and that is where you can and will be surprised every time! It can be the gentelest sole without a malicious bone in their body!
I do agree that a a significant improvement in the reduction of these types of incidents can be accomplished by effective identity management processes and proceedures.
I am always surprised at how much attention is placed to external threats when the greatest percentile (80 percent odd) is still the insider threats.
For the record I base my comments on first hand experience as an investigator of over 10 years experience, either directly effected at an enterprise or from a law enforcement investigative perspective.
It is easy to reduce this threat landscape by the way, it is all about effective human resource management and creating a positive and happy work environment.
Ron
More information about the scadasec
mailing list