RealNews

Tales from the security trenches

Companies share their best practices for avoiding internal threats. “I’d tell you, but then I’d have to kill you.” Enterprises are notorious for refusing to talk about security measures they’re taking. But IT executives at two companies were willing to shed light on some of the ways they guard against internal threats. Here are some of their insights into best practices to control internal threats. Twelve years ago, a reporter from one of Britain’s national newspapers took a temp job at British Telecom, obtained a password for a secure account, and used it to steal — then threatened to publish — some of the company’s most closely guarded information. “We have telephone numbers for people like the queen and the prime minister,” explains Alec Cartwright, a lead designer at BT Exact, British Telecom’s internal IT organization. In the wake of that incident, the company developed internal procedures to protect against future inside threats, and has implemented those procedures using a range of technologies including IDS and firewalls. Today one key focus is protecting the company’s 1,200 Web-based applications, and making sure BT’s 120,000 employees have access to them only on a need-to-know basis. Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.