November 27, 2008

Insider vs Outsider "The tribal instinct is very strong; if you are a member of my tribe, you can be trusted. If not, you should be viewed with suspicion." Thoughts?
posted by Blacksheep 15 years ago
  • Reminds me of the Terry Childs case. However, short of placing nuclear-weapon-level security on every corporate system, I don't see any way to avoid "insider threat". A company can reduce the threat by treating its workers fairly, but there'll always be the possibility that someone will go loopy. Trust is more efficient than suspicion, but the efficiency gain needs to be offset by the potential cost of someone wreaking havoc on the network.
  • I remember back when I worked in retail, all the security department's focus was on internal theft. We could see customers walking out with stuff, but weren't allowed to say anything for fear of lawsuits. But all we heard, day in and day out, is that employee theft was rampant and ruining the business. I never saw a single instance of it myself.
  • Yup, when I worked retail, being screwed over on hours, break times, having to ask like a little kid to go potty--not just having to have a cover for the register, but 'please, may I go'--just generally treated like snot--that made ME have a great attitude toward the company. Then add the constant yelping about how the employees are a buncha thieves, and we're going to catch all of you at it eventually... *shudders*
  • I think the "insider threat" is a human resources issue, not an IT issue. I mean, most positions that involve giving someone a computer (or anything really) capable of doing VERY BAD THINGS don't go to "untrustworthy" types, felons for example. Newbies don't typically get full access either. There's that training period with the whole getting to know everyone thing, and trust is built. That's when they become a threat. And if you look at the examples of insider attacks, it's mostly sabotage where someone uses this trust against the company. Happy employees don't do this, and seriously unhappy employees will find a way to get back even if they don't have a computer.
  • None of you are in my tribe. It's just me.
  • Where's the insider threat kid these days?
  • MonkeyFilter: Happy employees don't do this, and seriously unhappy employees will find a way to get back even if they don't have a computer.
  • I don't need no fuckin' tribe, bitches!