Earthshattering: IT admins are security risk
February 7th, 2007 by rivercrow
If you’ve been paying attention to discussions about insider threats, this is old news. For the rest of you–you who aren’t concerned with this kind of thing–this is actually startling news.
A short excerpt from the article (located at Techworld):
Workers who sabotage corporate systems are almost always IT workers suffering from some form of mental derangement, according to recent research.
That is the conclusion of the US military in conjunction with Carnegie Mellon University’s Software Engineering Institute Computer Emergency Response Team (CERT) programme, which together analysed insider cyber-crimes across a variety of critical industry sectors.
The research suggests that potential troublemakers should be easy to spot. Nearly all the cases of cyber-crime investigated were carried out by people who were “disgruntled, paranoid, generally show up late, argue with colleagues, and generally perform poorly”.
I’d like to remind my readers that the organization I’m in is undergoing a guided culture change at the moment.
The PDF of the full study, Management and Education of the Risk of Insider Threat (MERIT): System Dynamics Modeling of Computer System Sabotage, is worth downloading and reading. The annual FBI computer security survey has drawn similar conclusions for the last six years I’ve been reading it.
One Response to “Earthshattering: IT admins are security risk”
Leave a Reply
Is there any documentation on how they intend to fix this problem or are they using solution A1 (fire those most likely to do this before they do it)?
In this day and age of psychology and the level of knowledge we have about how people act and interact you’d have thought there would be more progress towards “a happy workforce is an efficient workforce” kinda theory instead of hire and fire.