This week I have been discussing user and systems monitoring with a client’s senior management team. Their immediate response was that they did not want to spy on their staff as they trusted them – and to be fair they are appear to be a friendly supportive organisation. However my point was that our Security Operations Centre service and IT Monitoring software is not spying, it is a tool that supports their team and shows stakeholders that the board cares about the data and information it holds.
How does it support their team? This story in the news today shows how organisations need the tools to prove they did not do something:
TransUnion denies it was hacked, links leaked data to 3rd party (bleepingcomputer.com)
It is my experience that many cyber investigations involve a level of demonstrating that an individual or company did not do something – this is what our tools and my forensic skills can deliver.
But identity is important
However for this to work you must know who is actually signing in. Have a read of this article I wrote on the importance of not sharing passwords:
Back to Basics – Password Sharing
I will put a page up next week for the whole of that password mini-series next week, the final part is being published today.
Clive Catton MSc (Cyber Security) – by-line and other articles