InfoSec Institute Resources - "Working From Home" - The Next Insider Threat_
Enviado por fantasmagoria3 • 9 de Junio de 2013 • 3.090 Palabras (13 Páginas) • 581 Visitas
4/14/13 InfoSec Institute Resources – “Working from Home” – The next insider threat?
resources.infosecinstitute.com/working-from-home-the-next-insider-threat/ 1/6
InfoSec Institute
InfoSec Resources
Intense School
GGeenneerraall SSeeccuurriittyy
“Working from Home” – The next insider threat? 22
JJeessssee VVaalleennttiinn Maarrcchh 2211,, 22001133
Even with all the technical advances of current human society, there are unfortunately certain areas where we
have not progressed as a people but instead –REGRESSED. The proliferation of educational material and the
availability of these resources have not been able to remedy very basic human problems, among which is
dishonesty. This has created problems from many different perspectives. For example, if you’re a creative
individual then your concern is that a “dishonest” party may steal your ideas.If you’re a company that offers a
work from home benefit, then your concern is that “dishonest” employees may be stealing your money by not
properly using the time for which they’re being paid.If you factor in to this equationthe ever-vanishing perimeter
and the connect-from anywhere mentality – then working from home has just become the next insider threat
vector.This article will discuss certain suggestions that can help managers and companies offering this benefit to
address this issue using a layered approach.This will help toensure that they are staying competitive while still
being able to offer this benefit to honest,hardworking employees.
So, where do we start?
D e fining the Re lationship B e tw e e n Em ploye r and Em ploye e
Since employment is an official agreement of certain terms between an individual and their employer, it must
be considered a “business deal” or contract. Before accepting any business deals, both parties need to
understand what they require from each other. From the perspective of the employer, hiring an individual is an
investment in the current talent and future abilities and that thisperson can develop to further the interests of
the employer.
The employee in turn considers accepting the position as an investment in time and agrees to perform a certain
function to the best of their ability for an agreed upon price. This “price”is manifested in the form of a salary,
benefits and other perks possibly made available by the employer.One of these additional perks is:
Cre ating the Right Culture
Many companies have also decided on certain strategies to attract and retain talent within their organizations to
protect these investments in staff. Among these strategies is creating a corporate culture that gives an employee
direction but allows enough latitude to permit them to fulfill their responsibilities according to their own
education and experience.
Working in this type of environment can be very gratifying, as the employee develops a sense of purpose in the
job they are accomplishing and is motivated to produce quality work. In creating this type of culture, some
organizations have opted to allow the work from home benefit and permit their employees to stay productive
while in the comfort of their own homes. This allows the employer to experience a cost savings by perhaps not
requiring as much real estate, utilities or Internet circuits to run daily operations.
Want to learn more?? The InfoSec Institute CISSP Training course trains and
prepares you to pass the premier security certification, the CISSP. Professionals
that hold the CISSP have demonstrated that they have deep knowledge of all 10
Common Body of Knowledge Domains, and have the necessary skills to provide
leadership in the creation and operational duties of enterprise wide information
security programs.
HHOOMEE CCAATTEEGGOORRIIEESS IITT CCEERRTTIIFFIICCAATTIIOONNSS CCOONNTTRRIIBBUUTTOORRSS CCOONNTTAACCTT UUSS SSTTUUDDEENNTT PPAAPPEERRSS SSeeaarrcchh
OTHEER ARTIICCLLEESS BY JJEESSSSEE VALLEENTIIN
Building an Incident Response Team and IR Process
Anatomy of a Risk Assessment
Protecting yourself from Social Engineering Attacks
LLIIKEE USS ON FFACCEEBOOK ==== SSTAY UP TO DATEE
InfoSec Institute
Like You like this.
AWARD WIINNIING TRAIINIING FFROM IINFFOSSEECC
Be the first to hear of new free tutorials, training videos,
product demos, and more. We'll deliver the best of our free
resources to you each month, sign up here:
a@hotmail.com
Yes, Send My Free Training & Tutorials
Want to l earn m ore?? The InfoSec Institute CISSP
Training course trains and prepares y ou to pass the
premier security certification, the CISSP. Professionals that
hold the CISSP have demonstrated that they have deep
knowledge of all 10 Common Body of Knowledge Domains,
and have the necessary skills to provide leadership in the
creation and operational duties of enterprise wide
information security programs.
InfoSec Institute's proprietary CISSP certification courseware
materials are always up to date and synchronized with the
latest ISC2 exam objectives. Our industry leading course
curriculum combined with our award-winning CISSP training
provided by expert instructors delivers the platform you
need in order to pass the CISSP exam with flying colors.
Y ou wil l l eave the InfoS ec Institute CIS S P Boot
Cam p with the knowl edge and dom ain expertise to
successful l y pass the CIS S P exam the first tim e
y ou take it. Some benefits of the CISSP Boot Camp are:
Dual Certification - CISSP and ISSEP/ISSMP/ISSAP
We have cultivated a strong reputation for getting at the
secrets of the CISSP certification exam
Our materials are always updated with the latest
information on the exam objectives: This is NOT a
Common Body of Knowledge review-it is intense,
successful preparation for CISSP certification.
We focus on preparing you for the CISSP certification
exam through drill sessions, review of the entire
4/14/13 InfoSec Institute Resources – “Working from Home” – The next insider threat?
resources.infosecinstitute.com/working-from-home-the-next-insider-threat/ 2/6
InfoSec Institute's proprietary CISSP certification courseware materials are always
up to date and synchronized with the latest ISC2 exam objectives.
...