The biggest threat to information control is internal

IT security folks often say that, while they can spend time protecting systems from external attacks, the biggest risk to a company’s information security is from the inside, from people who get spear-phished or who gleefully and expectantly plug in the USB stick labeled “Executive Comp details” they found in the company garage, only to upload malware or a virus to the system.

Or Edward Snowden, a systems analyst. Or Pfc Bradley Manning.

And most internal fraud is discovered because of a disappointed mistress or ex-wife/husband.

What made me think of that?

“J.P. Morgan Insider Aids U.S. Probe,” Wall Street Journal, October 1, 2013 C1 http://on.wsj.com/GzM0Hh  Author (and cooperating witness) wrote an email pointing out to her superiors that the value of mortgage securities was vastly overstated versus what the company subsequently led investors to believe.

While she may have stunted her career growth at JPM, she may have a rewarding new career on the speaking circuit.  Remember Sherron Watkins from Enron?

If you’re doing bad stuff, don’t assume everyone will be on board.

Advertisements

Leave a comment

Filed under Internal controls, Policy, Requirements, Risk, Security, Value

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s