What do Executives and Information Technologists have in common? They are among the worst when it comes to maintaining hardened systems because they often feel that they are the exception to the rules. Executives can be difficult because they may believe that the organization should accommodate them (and not the other way around) and that security should not get in the way of business. IT people can be difficult because they may believe they know what they are doing and that they need access to tools and software not used by the rest of the organization. Both of these positions are generally true in most organizations, however that does not mean that they should be allowed to become the weakest link in the organization. Unfortunately, these two groups are also the top targets for hackers because IT people have the greatest access to an organization's systems and executives have access to much of the most valuable information and organization has. Problems associated with these users include a proliferation of non-standard software (which can become a patching nightmare) and nonstandard (and in some cases unauthorized) workarounds to security measures. As a result, additional vulnerabilities can appear in an otherwise secure system.
In the IT world, some might refer to this as a Layer 8 problem, referring to the Human Layer associated with the people that operate the systems.
Discuss some of the threats posed by these "special" users and approaches that you might suggest using to minimize them. Keep in mind that you will probably have to accommodate these users to some extent, just saying "No" is probably not a viable option. Nevertheless, you will still have to harden the system. Approaches could take the form of communicating risks to improve compliance, isolating or mitigating the impact of these users' activities, developing systems for managing "one-off" requests.
Get Answers For Free
Most questions answered within 1 hours.