CERT-SEI
CERT Insider Threat Blog

Common Sense Guide to Mitigating Insider Threats - Best Practice 7 (of 19)

By CERT Insider Threat Center on 01/16/2013 | Permalink

Hi, this is Chris King, Member of the Technical Staff for the CERT Program, with the seventh of 19 blog posts that describe the best practices fully documented in the fourth edition of the Common Sense Guide to Mitigating Insider Threats.

The CERT Program announced the public release of the fourth edition of the Common Sense Guide to Mitigating Insider Threats on December 12, 2012. The guide describes 19 practices that organizations should implement across the enterprise to mitigate (prevent, detect, and respond to) insider threats, as well as case studies of organizations that failed to do so. The seventh of the 19 best practices follows.

Practice 7: Implement strict password and account management policies and practices.

Account management is a critical but less glamorous part of security management that is important to reducing an insider’s ability to use the organization’s systems for illicit purposes. In the cases we’ve analyzed, a number of insiders took advantage of weak account management policies to gain unauthorized access to organizational systems.

It is important to restrict access to the organization’s critical assets through account management and access control techniques. Restricting access to only individuals who need access based on their job responsibilities helps to attribute employee actions to assets, which is invaluable in the event of an incident.

Organizations should minimize the use of shared accounts by either implementing a shared account password management tool or by simply removing them from the system.  Employees should be encouraged to report any attempts of unauthorized account access to the organization’s help desk or security team.

Account management policies should be clearly written and include termination procedures, account audit procedures, and traceability of activity.  The policies should apply to all contractors, subcontractors, and other trusted business partners who have access to the organization’s information systems or networks.

Refer to the complete fourth edition of the Common Sense Guide to Mitigating Insider Threats for a comprehensive understanding of the issues and recommendations mentioned.

Check back in a few days to read about best practice 8, Enforce separation of duties and least privilege, or subscribe to a feed of CERT Program blogs to be alerted when a new post is available.

If you have questions or want to share experiences you've had with insider threats, send email to insider-threat-feedback@cert.org.

Topics: Best Practices , Insider Threat