{"id":3243,"date":"2014-09-18T14:24:50","date_gmt":"2014-09-18T19:24:50","guid":{"rendered":"http:\/\/www.carnaghan.com\/?p=3243"},"modified":"2019-07-22T17:25:38","modified_gmt":"2019-07-22T22:25:38","slug":"managing-access-to-information-resources","status":"publish","type":"post","link":"https:\/\/www.carnaghan.com\/managing-access-to-information-resources\/","title":{"rendered":"Managing Access to Information Resources"},"content":{"rendered":"

Security breaches caused by internal employees, consultants, business partners and any other individual or group of individuals that have privileged access to certain parts of the network remain one of the highest threats to digital assets.  In an article about the employee life cycle and identification of internal organizational threats, Conrad et al (2009) asserts that within an organization, the employee population is the source of potential malicious insiders.  According to Posy et al. (2012), 88% of all data breaches were caused by an employee of the company.  In addition to this, because of their ability to use their knowledge to exploit a weakness, and motivation to do the business harm, the disgruntled employee can be one of the most severe threats. Not all employees are out to cause malicious harm.  Internal security breaches can be either deliberate or non-deliberate due to negligence and \/ or lack of training or security awareness.<\/p>\n

So why are internal threats, breaches and destruction of digital assets such a problem?  Schnieder (2012) points to the main problem facing many organizations today.  On average, employees simply have access and privileges to systems they should be restricted from.  To get around this problem several things need to happen, which include, but are not necessarily limited to:<\/p>\n