Sound Security Practices
Lack of training is not the only source of threats emanating from the users of a system. The estimated share of system penetrations stemming from fully authorized users who abuse their access privileges to perform unauthorized functions has varied over the past decade from 50 percent to 80 percent. Although these estimates fall within a considerably wide range, the bottom line is that the “insider threat” should not be ignored.
The following areas are points where systems may be vulnerable to attacks and should receive extra attention:
Controls over data handling. Controls need to be implemented for every form of data, not just the data that reside on the computer systems. These controls need to be documented and enforced, ...