June 2009
S M T W T F S
« May   Jul »
 123456
78910111213
14151617181920
21222324252627
282930  
Categories
Latest Postings
Links
Archives
Meta
« National Security Experts: Jackson Death Could Doom Iran | Swine Flu: the latest impediment to one stop security by Philip Baum »

Model Employees May Be The Insider Threat

Several blogs and articles have discussed the increasing reluctance of employees to take vacation time, even if it is mandatory. While reading these articles, I can’t help but notice a lack of discussion about the security implications of this.

Internal investigators will tell you that a employee refusing to take vacation time, or refusing to take a large amount of time at once can be a red flag.

Why?

An employee committing embezzlement, fraud, stealing data or otherwise manipulating books or records needs to have continuous control over those systems to maintain the theft and avoid being caught.

In fact, many aspects of what we consider to be “model” employee behavior can actually be a red flag:

Volunteers often for new projects and duties; particularly in security, finance, or record keeping duties. Often these duties, like processing receipts for reimbursement, are the least desirable duties. After a few volunteer projects, a manager might find that least privilege and separation of duties policies may be being circumvented.
Early in, late out. First in and last out employees have access to files, computers and offices with little or no security or monitoring measures. The employee offering to make coffee in the morning maybe up to something more than making sure the office is perky.
Constantly remaining in touch while on vacation, doing work while on vacation, and working overtime before and after vacation. These may all be attempts at communicating with someone in collusion with the fraud, or at maintaining control over the work product. If your employee insists that he or she completes all work before going on vacation instead of handing over the materials to another employee, this could be cause for concern.

http://www.linkedin.com/news?viewArticle=&articleID=46656434&gid=55857&articleURL=http%3A%2F%2Finformation-security-resources%2Ecom%2F2009%2F06%2F28%2Fsun-tzu-and-the-art-of-cio-success%2F&urlhash=v65W&trk=news_discuss

This entry was posted on June 29, 2009 at 8:33 am and is filed under CIP, HLD. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response or trackback from your own site.

| Print

Leave a Reply

You must be logged in to post a comment.