Bad sysadmin procedures
From Blindside
Contents |
[edit] What is it
Calum Macleod of Cyber-Ark writes on the BCS security site
A recent study by the U.S. Secret Service, who must be considered eminently qualified to recognize the symptoms, and Carnegie Mellon University's Software Engineering Institute CERT Program http://www.cert.org/archive/pdf/merit.pdf, analysed insider cybercrimes across critical infrastructure sectors. The study showed that insider sabotage was in virtually 100 per cent of cases carried out by people who are disgruntled, paranoid, generally show up late, argue with colleagues and generally perform poorly. Nothing new there, you might say, but when the study also shows that eighty-six per cent of them held technical positions and ninety per cent had system administrator or privileged system access, then you have to start asking questions. After all we're talking about a social group who relate best with machines! Not a problem you say. Fortunately you managed to offload our psychotic geek to somebody else, so he or she - and trust me the she's are just as bad as the he's - is not your problem anymore. Well here's the good news - only forty one per cent of those who sabotaged IT systems were employed at the time they did it. And the bad news - yes you guessed it - the majority of the insiders attacked following termination. In fact a whopping fifty-nine per cent of the insiders were former employees, fifty seven per cent did not have authorized system access at the time of the attack, and sixty four per cent used remote access.
[edit] Impact & Maturity assessment
We estimate the Impact Level at 2, our intermediate level, based on the dramatic effect this can have. However, we don't assign our highest level to this, as correct procedures exist that could resolve the problem immediately. The Maturity Level is 3, as this is a binary situation (either correct procedures are followed or they are not).
[edit] Information Assurance issues
Answer: what seem to be the likely information assurance issues of the emerging technology under discussion
[edit] Timescale
We believe that the impact is probably close to its peak at this time. Drives for professionalization and sysadmin performance should be having an effect even now, and business rules and information assurance guidelines will help reduce the effects of this poblem.
[edit] Examples
[edit] Comments (attributed)
What people say about this emerging technology (attributed)
[edit] Organisations
Groups which have a particular contribution or point of view about this emerging technology, eg tech businesses, user organisations or advocacy groups
[edit] Documents & research papers
Very brief abstracts or links to informative documents, presentations or academic research papers about this emerging technology
[edit] Experts (academic, practitioner)
Links to academic experts or expert practitioners and commentators on this emerging technology
