Is Microsoft ignoring the biggest source of security threats?
We've seen it in several years' worth of FBI surveys: Most security incidents are "inside jobs" perpetrated by employees, former employees, contractors, vendors and others with inside knowledge, privileged access or a trusted relationship with other insiders.
What do the insiders do that constitutes a security incident? They steal, alter or corrupt information assets. In other words, they take source code, customer lists, plans or specifications; they deface Web sites; they defraud the organization or embezzle funds; and they damage critical-information systems, which consequently threaten ongoing operations, at least for a time.
By Peter H. Gregory at Computerworld.
[ Read more ]
- Review: HackNotes Windows Security Portable Reference (13 October 2003)