Page 1370 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1370

One of the authors of this book recently wrapped up a consulting
                  engagement with a medium-sized subsidiary of a large, well-known

                  corporation. The company had suffered a serious security breach,
                  involving the theft of thousands of dollars and the deliberate
                  destruction of sensitive corporate information. The IT leaders
                  within the organization needed someone to work with them to
                  diagnose the cause of the event and protect themselves against
                  similar events in the future.


                  After only a very small amount of digging, it became apparent that
                  they were dealing with an insider attack. The intruder’s actions
                  demonstrated knowledge of the company’s IT infrastructure as
                  well as an understanding of which data was most important to the
                  company’s ongoing operations.

                  Additional investigation revealed that the culprit was a former
                  employee who ended his employment with the firm on less-than-

                  favorable terms. He left the building with a chip on his shoulder
                  and an ax to grind. Unfortunately, he was a system administrator
                  with a wide range of access to corporate systems, and the company
                  had an immature deprovisioning process that failed to remove all
                  of his access upon his termination. He simply found several
                  accounts that remained active and used them to access the
                  corporate network through a VPN.


                  The moral of this story? Don’t underestimate the insider threat.
                  Take the time to evaluate your controls to mitigate the risk that
                  malicious current and former employees pose to your organization.



               Your security policy should address the potential of attacks by
               disgruntled employees. For example, as soon as an employee is
               terminated, all system access for that employee should be terminated.
               This action reduces the likelihood of a grudge attack and removes
               unused access accounts that could be used in future attacks.

               Although most grudge attackers are just disgruntled people with

               limited hacking and cracking abilities, some possess the skills to cause
               substantial damage. An unhappy cracker can be a handful for security
               professionals. Take extreme care when a person with known cracking
   1365   1366   1367   1368   1369   1370   1371   1372   1373   1374   1375