responses, make sure to identify at least one problem with the approach suggested on how to meet a security management goal.

Response baised on bellow post

                  byrodney

Identify and talk about at least one security management goal, then explain a difficulty in meeting that goal. Offer a way to meet that management goal. In your classmates’ responses, make sure to identify at least one problem with the approach suggested on how to meet a security management goal.

Security management goals can be a wide range of topics and are generally not defined and articulated well (1). The basic management goals of cybersecurity are confidentiality, integrity, and availability of systems and information (2). Even these basic goals are too broad for this particular discussion. We will look at one aspect of one of these goals. One of the goals under confidentiality is to improve the security involving the insider threat.

Confidentiality is controlling access to files and ensuring only the right people have access to the right information with the correct permissions (3). This makes the insider threat challenging because the users must have access to the systems and files that are required to do their jobs and since they have some access, it makes it easier for the insider to circumvent security controls without raising any alarms. Another aspect that makes the insider threat challenging is that it involves human nature. You cannot place automated controls on people themselves like you can computers and systems.

There is no single mitigation to solve this problem. Like the security program itself there are several layers of controls that must be put into place in order to reduce the risk from an insider threat. These areas of mitigation include:

Hiring Practices

Policies and Procedures

Training

Culture

Automation

Mitigation starts before an employee begins work at the company. The Human Resource department should be doing background checks to include social media posts to understand the person that they are going to entrust with their data (4). Policies and procedures are another area of importance. These documents convey to employees what they can and cannot do on the network. They may also inform employees of reporting procedures if they find problems themselves. This also sets the legal framework to be able to remove an employee if needed (5). Training is needed to help employees understand these policies and procedures as well as why they are in place. Many times people are more likely to follow them if the understand the purpose (6). Policies and procedures can also give the system administrators ways to prevent these attack through procedures such as ensuring user accounts are disabled when an employee leaves the company to include changing all passwords that they may have had access too, especially administrator passwords (7).  Culture is often an overlooked area. If employees are happy in their jobs and feel like the company is taking care of them they are less likely to turn against it. Most insider attacks are caused by disgruntled employees. Automation can help monitor the networks to understand things that may be out of place or abnormal. This may provide the red flag that alerts someone to investigate a little more. It also provides audit logs that can be used to help trace information back to the source or show user accounts that shouldn’t be there. Constant reevaluation is needed of all of these areas to understand any changes and adjust the systems as needed (8).

There are many security management goals that must be met in order to provide security, guarding against the insider threat is just one of them. This forum is just a short overview of this threat so not every aspect has been covered.