topleft
topright
Enter the Member Network Zone View the Top 10 Points Leaderboard View Members Who Are Currently Online View Latest Member Activity

Featured Members


Member Network Zone

Expert Blog Entries

Expert Blog Comments

IT Worker Confidence Grows
Our lives revolve around technology and this does not surprise me. Good news!
Is Your Team Working Through Lunch?
Brilliant: this should be ENFORCED in all companies struggling to be social! Great read : bookmarked...
What Makes a Great Team Member?
This is so true! Our project management team, and some other people I know fit this description pe...
18 Risks in an After-Hours Walkthrough Print E-mail
Share This -
Digg
Delicious
Slashdot
Furl it!
Reddit
Spurl
Technorati
YahooMyWeb
Monday, 16 August 2010
Article Index
18 Risks in an After-Hours Walkthrough
1-5
6-10
11-15
16-18
Walkthrough Reasons
Page 1 of 6

By Rebecca Herold

At night things seem very different. I enjoy going outside after the sun has completely set. You hear sounds you never hear in the daytime. You see things you never see or notice during daylight. It's not much different within the workplace.

In 1990 when I was an internal auditor I was tasked with determining the overall information security posture of the company. One of the things that I decided would be a good thing to do was to go to the offices Saturday and Sunday evening when there would be the fewest personnel around. I wanted to look at their work areas to see what type of information security risks I could find that were a result of the work habits of the personnel. A computer security investigation for the human realm.

Oh, boy; it was an eye opening experience! I found so many vulnerabilities it filled pages. It became a significant basis for what would become the organization's first set of information security policies. Over the years I have refined the process quite a bit.

Doing after-hours walkthroughs are a great way for all organizations to get out where their personnel work and see what kinds of risks exist to information when no one is around. They can usually be done during the work-week within specific business areas in around two to four hours.

Partnering with the physical security department and having them come along increases the time investment value and security value greatly by not only having physical security risks identified at the same time, but also giving the information security folks a chance to raise information security awareness for the physical security folks and vice versa.

Some people have said to me over the years, "But the risks are so little at night! No one is around, with the exception of the security guards, cleaning staff, maintenance workers and employees who may be working late." Yes, these folks very well COULD be in the area. I have seen many instances of security guards doing bad things with the information they have found, along with the cleaning staff, maintenance workers and employees. When you think about it this is a very large number of people, isn't it?

What are the information security and privacy vulnerabilities you are likely to see? The possibilities are endless. Here are 18 common vulnerabilities, in no particular order, to get you started in thinking about the possibilities. Add to this list and create a walkthrough checklist based upon it to log what you find.


Prev - Next >>
 
Share This -
Digg
Delicious
Slashdot
Furl it!
Reddit
Spurl
Technorati
YahooMyWeb
< Previous   Next >
[ Back ]




Vendor Zones

Visit the Cisco Video Zone

News & Noteworthy Archive

Past News Items From Reuters

More CIOZone Links

Sitemap
CIOZone Update Newsletter Archive
CIOZone Daily Newsletter Archive
CIOZone Partners
FAQs
Polls
Survey Result
Expert Bloggers

White Paper Library

CIOZone IT News

CIOZone Survey Results

Privacy Policy  |  Terms of Use  |  Contact Us  |  CIOZone Media Kit  |  White Papers  |  Invite Colleagues
Copyright © 2007-2012 CIOZones. All Rights Reserved. CIOZone is a property of PSN, Inc.