Archive: 2017-08

The 17th practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 17: Institutionalize System Change Controls. Organizations must change their systems and applications in a consistent, formalized manner. Controls must be put into place to ensure that assets, digital or otherwise, are protected from manipulations by an insider. In this post, I discuss case studies involving change control and a describe how to build a roadmap for implementing a change management system. Lastly, I discuss tools that can help you develop change management policies and procedures, and some quick gains and challenges to implementing change controls.

The 16th practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 16: Define explicit security agreements for any cloud services, especially access restrictions and monitoring capabilities. In this post, I discuss the importance of including provisions for data access control and monitoring in agreements with cloud service providers.