Skip to main content

Posts

Showing posts from July, 2010

The Threat of the Insider

Most organizations and indeed security vendors have traditionally focused on the outsider threat when it comes to company security.  By this I'm referring to external hacker threats or threats from the internet and public untrusted networks.  These areas are generally out of the control of the organizational, unable to be manipulated by internal security controls and procedures.  Historically therefor the emphasis was placed on protecting the internal corporate network and resources from users, hackers and services that originated from outside the control of the organization.

Firewalls, Intrusion Detection Systems, Intrusion Prevention Systems and SQL Injection Attacks are amongst the commonly used vocabulary when referring to security from a best practice, education and vendor perspective.



However in recent years the concept of the insider threat has increased.  By this I refer to a systems attack generally originating from someone from within the organization.  Attack in this se…