IT Governance, Risk, and Compliance

May 13 2011   8:48PM GMT

Effective Employment Practices for Protecting IT – Part III

Robert Davis Robert Davis Profile: Robert Davis

The threat of insiders to data should not be underestimated. If an entity is to be successful in preventing security breaches, it must have effective policies that minimize the chance of hiring or promoting individuals with low levels of honesty, especially for positions of trust. Supporting this perspective is the realization that persons with high technical skills and organizational process knowledge pose the greatest threat to an entity. Coupled with inadequate controls, persons with access to an entity’s internal network could potentially disrupt or corrupt vital services as well as gain access to unauthorized confidential information. In addition, misappropriation of assets, though often not material to the financial statements, can nonetheless result in substantial losses if an employee has the Incentive/Pressure, Opportunity and/or Attitude/Rationalization to commit an illegal act.

View Part I of the Effective Employment Practices for Protecting IT series here

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: