CONTACT US

To learn more about TheInfoPro, request customer support or schedule an Inquiry, please complete the information request form below.

close
Get Directions 108 W. 39th Street, 16th Floor
New York, NY 10018

press inquiries:
518-306-4029

customer service:
212-672-0010


TheInfoPro, a division of The 451 Group.

High-risk Staff? Executives and IT Are Equally Risky

Written by Daniel Kennedy, Research Director for Information Security

It has long been a subject of discussion in security departments, and entire vendor business offerings are built around it: How do you control and monitor the activities of high-risk users in your system’s environment? But who are the highest risk users? We asked that very question in our Wave 14 Information Security Study, and while most of the results are as expected, at least one might be a surprise.

When it comes to the personnel types security managers are most concerned about, contractors and temporary staff easily top the list, doubling the percentage of responses over the next-highest answer, remote employees.

An equal percentage of respondents, 11%, believe the highest threat to be IT staff with elevated privileges or executive management personnel’s use of computing resources. While that may seem surprising, the idea that technology employees with the “keys to the kingdom” in terms of passwords and production access are only as risky as senior executives, these are both staff types that typically have the authority to bypass security controls if they elect to. The first can simply abuse the privileges they have been issued to do their jobs; the second has the organizational authority to potentially force a bypass of security controls.

When asked if they were more concerned about internal or external security events, security managers recorded a nearly even split. Twenty-two percent (22%) were most concerned about internal, another 22% were concerned about external threats, and the majority, 55%, said they were equally concerned about internal and external security threats.

Reflecting that split, 39% reported that the majority of their security incidents were internal, and 33% said the majority of incidents originated externally. Eleven percent (11%) reported they had not had a security incident, that they were aware of, in the past 12 months.

Possibly Related Posts:


Tags: , ,
                   
Interested in finding out more about our services?
Subscribe
 RSS Feed
Social Media


 The IT Expert  Zone on  LinkedIn.com


Privacy PolicyPress | Contact Us | CareersCopyright © 2011 The InfoPro. All Rights Reserved.