Subscribe by email
The National Institute of Standards and Technology (NIST) released its proposed guidelines last week, which call for organizations to develop capabilities for continuous monitoring and enterprise-wide tracking of information to better measure the effectiveness of security policies and calculate risk of fraudulent activity.
This is a forward-thinking approach by NIST, and we believe this is a step in the right direction.
Securing information management systems is essential for the wellbeing of companies. The value of information within today’s organizations is unprecedented, and companies should prioritize investments in ways to better protect and manage their information from insider attacks and fraud. Unfortunately, due to vulnerabilities in organizations’ infrastructure, organizations average approximately 53 employee-related incidents of fraud annually, which translates to approximately one incident per week.
From data storage to file transfers, many companies have distributed information systems that control many different tasks related to content management; companies grant specific permissions to employees to access the information in these repositories. While nearly all employees will access this information in order to complete their work, there is a risk that someone could have more devious intentions. A single case of insider abuse can have detrimental consequences.
The NIST guidelines call for organizations to adopt a “trust-but-verify” approach to information security, granting access to employees while monitoring for suspicious activity. Continuous monitoring provides a full picture of an organization’s security posture, measures the extent to which the organization is threatened by a potential circumstance or event, and enables the organization to make informed decisions to address risk.
Companies can start securing their information now by taking three actions:
1. Audit your company’s current information management infrastructure to identify where information is being accessed, processed and stored. Because many companies have information spread across multiple systems, it is essential for you to understand all the access points and how different solutions are securing (or not securing) your organization’s important content and data.
2. Understand the privacy and security policies that are currently in place at your organization and identify where improvements can be made with the NIST guidance. By understanding the policies your organization currently has established and comparing that to the NIST guidance, you can identify areas where your information management systems could be more secure and your information better protected against insider fraud.
3. Compare information management systems that can help consolidate the monitoring and auditing practices outlined by NIST. Attachmate’s Luminet solution can help companies stop fraud and misuse of important information, gain compliancy with industry regulations without additional coding, and more easily create accurate, detailed audits of network access.
It is important for organizations to trust the people they hire, but it is also essential organizations take steps to protect themselves from the possibility of an insider attack on information. Be sure to check out the proposed NIST guidelines today to protect your information tomorrow.
-Christine Meyers, senior product marketing manager, Attachmate Luminet
