The threat of insiders to data should not be underestimated. If an entity is to be successful in preventing security breaches, it must have effective policies that minimize the chance of hiring or promoting individuals with low levels of honesty, especially for positions of trust. Supporting this perspective is the realization that persons with high technical skills and organizational process knowledge pose the greatest threat to an entity. Coupled with inadequate controls, persons with access to an entity’s internal network could potentially disrupt or corrupt vital services as well as gain access to unauthorized confidential information. In addition, misappropriation of assets, though often not material to the financial statements, can nonetheless result in substantial losses if an employee has the Incentive/Pressure, Opportunity and/or Attitude/Rationalization to commit an illegal act.
“View Part I of the Effective Employment Practices for Protecting IT series here“