1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IDG Contributor Network: Security by the people

Discussion in 'CSO' started by RSS, Aug 8, 2016.

  1. RSS

    RSS New Member Member

    Sometimes it takes a village. In the case of information security, sometimes it takes an employee. Forward thinking enterprises can go beyond simply providing IT security awareness training and hygiene tips for their users, and enlist them in the threat monitoring process.

    Take for example the financial services firm that decided to provide users of high privilege accounts with weekly ‘Self Audit’ reports in which all of their access and activity is given a risk-score. Upon receiving the report on a Friday, one employee who was out of the office on Wednesday and never logged into their accounts becomes suspicious. The report shows account login and activity on that day. Upon further investigation, the security team discovers that one of the company's high privilege accounts had been compromised for over 3.5 years by an external intruder. Without the unique context provided by the self audit report -- machine learning risk scores combined with user visibility -- the breach may have continued for several more years.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page