|
|
|
16 Oct 2008
I would never make disparaging comments about my wife, especially since she is smarter than me and has a lot more letters after her name, but she is driving me crazy with the weather.
Ever since she discovered weather forecast web sites, she browses about 10 and tells me what they predict.
And then usually, when they predicted sun and it is pouring with rain, she
asks me what it means when there is a 70 per cent chance of something happening.
So here is a statistic that I guarantee will not be disputed. Right now there is
a 100 per cent chance that some organisation is the victim of either malicious
activity or stupidity by a member of its own IT staff.
Just look at the news. Over the past few months we have had instances in San
Francisco, San Diego and Lichtenstein of
IT staff abusing their privileges.
In these and many other cases the problem is a lack of control and proper process within the organisation. IT research organisation the Burton Group says that unauthorised users can use privileged accounts to bypass internal controls, access confidential information and destroy audit data to cover their tracks.
In San Diego, one IT specialist deleted patient and allied data on purpose from his former employer’s computer systems. In San Francisco a network administrator for the Department of Technology tampered with the network that contains the city’s sensitive data, and created an administrative password that gave him exclusive access.
The challenge is to ensure proper use of these accounts. Gartner has noted
that shared superuser accounts which are
generally system-defined in operating systems, databases and network devices
pose significant risks when the passwords are routinely shared by multiple
users.
So too, do shared firecall accounts, which are used to deal with critical problems outside normal working hours.
Forrester advocates managing shared account passwords in an accountable way
and states in a recent report that old-
fashioned ways of managing them, such as spreadsheets, sealed envelopes,
printouts and sticky notes, are just not secure enough.
Internal IT practices are also increasingly coming under the scrutiny of auditors. Whatever sector you find yourself in, it is likely you will have to submit to a compliancy and regulatory audit.
Sooner rather than later yet another organisation will make the headlines
because they did not take the necessary
precautions to protect themselves. It is always raining somewhere.
In this video find out about the fast-growing Chinese vendor's plans for market domination and how the channel is its route of choice
Find out what gifts Acer has in store for partners for 2012 in this exclusive roundup of its recent conference
CRN's premier networking event is back on 17 May at the Ricoh Arena
Date: Thu 17 May 2012
Channel fighters preparing to square up once more on 24 May
Date: Thu 24 May 2012
The proliferation of endpoint devices within the enterprise has highlighted the shortcomings of one of the traditional approaches to data security
This Forrester report compares the costs and benefits of legacy email and productivity software with Google Apps
Dave discovers that rozzers are seemingly living in the technology dark ages
Mark Needham, founder of distributor Widget, argues that John Browett leaves for Apple with Dixons in better shape than when he arrived
|
|
|
Do you agree?
Have your say