"You need to educate people, and you need to have the right control procedures in place to ensure that people are aware of insider fraud," says Larry Ponemon, offering tips to reduce insider risks.
In an interview about the insider threat, Ponemon discusses:
Key findings from this new research;
What needs to be...
The Paul Allen card breach reiterates a concern financial fraud experts have been screaming about for years: Socially-engineered schemes that compromise employees. So, what can institutions do about them?
Increasingly, social engineers target unwitting insiders to plunder organizations' financial and intellectual assets. How can you prevent these and traditional inside attacks? CMU's Dawn Cappelli offers tips.
The Defense Department will employ a two-prong approach - securing the perimeter as well as the data - as it develops its cloud-computing architecture. "We're going to be able to better protect as we get more standardized," CIO Teresa Takai says.
The failure to implement proper security controls exposes Internal Revenue Services financial and tax-processing systems to potential insider threat, putting taxpayer information at risk, a Government Accountability Office audit says.
NIST's latest guidance adds controls that reflect the rapidly changing computing environment, but the fundamentals of implementing controls haven't changed, Senior Fellow Ross says in a video interview.
The insider threat: It's a top challenge for any organization, and it's a hot topic for RSA Conference attendees. Dawn Cappelli and Randy Trzeciak preview their new book, The CERT Guide to Insider Threats.