InfoSec Institute Resources - "Working From Home" - The Next Insider Threat_

4/14/13 InfoSec Institute Resources – “Working from Home” – The next insider threat?

resources.infosecinstitute.com/working-from-home-the-next-insider-threat/ 1/6

InfoSec Institute

InfoSec Resources

Intense School

GGeenneerraall SSeeccuurriittyy

“Working from Home” – The next insider threat? 22

JJeessssee VVaalleennttiinn Maarrcchh 2211,, 22001133

Even with all the technical advances of current human society, there are unfortunately certain areas where we

have not progressed as a people but instead –REGRESSED. The proliferation of educational material and the

availability of these resources have not been able to remedy very basic human problems, among which is

dishonesty. This has created problems from many different perspectives. For example, if you’re a creative

individual then your concern is that a “dishonest” party may steal your ideas.If you’re a company that offers a

work from home benefit, then your concern is that “dishonest” employees may be stealing your money by not

properly using the time for which they’re being paid.If you factor in to this equationthe ever-vanishing perimeter

and the connect-from anywhere mentality – then working from home has just become the next insider threat

vector.This article will discuss certain suggestions that can help managers and companies offering this benefit to

address this issue using a layered approach.This will help toensure that they are staying competitive while still

being able to offer this benefit to honest,hardworking employees.

So, where do we start?

D e fining the Re lationship B e tw e e n Em ploye r and Em ploye e

Since employment is an official agreement of certain terms between an individual and their employer, it must

be considered a “business deal” or contract. Before accepting any business deals, both parties need to

understand what they require from each other. From the perspective of the employer, hiring an individual is an

investment in the current talent and future abilities and that thisperson can develop to further the interests of

the employer.

The employee in turn considers accepting the position as an investment in time and agrees to perform a certain

function to the best of their ability for an agreed upon price. This “price”is manifested in the form of a salary,

benefits and other perks possibly made available by the employer.One of these additional perks is:

Cre ating the Right Culture

Many companies have also decided on certain strategies to attract and retain talent within their organizations to

protect these investments in staff. Among these strategies is creating a corporate culture that gives an employee

direction but allows enough latitude to permit them to fulfill their responsibilities according to their own

education and experience.

Working in this type of environment can be very gratifying, as the employee develops a sense of purpose in the

job they are accomplishing and is motivated to produce quality work. In creating this type of culture, some

organizations have opted to allow the work from home benefit and permit their employees to stay productive

while in the comfort of their own homes. This allows the employer to experience a cost savings by perhaps not

requiring as much real estate, utilities or Internet circuits to run daily operations.

Want to learn more?? The InfoSec Institute CISSP Training course trains and

prepares you to pass the premier security certification, the CISSP. Professionals

that hold the CISSP have demonstrated that they have deep knowledge of all 10

Common Body of Knowledge Domains, and have the necessary skills to provide

leadership in the creation and operational duties of enterprise wide information

security programs.

HHOOMEE CCAATTEEGGOORRIIEESS IITT CCEERRTTIIFFIICCAATTIIOONNSS CCOONNTTRRIIBBUUTTOORRSS CCOONNTTAACCTT UUSS SSTTUUDDEENNTT PPAAPPEERRSS SSeeaarrcchh

OTHEER ARTIICCLLEESS BY JJEESSSSEE VALLEENTIIN

Building an Incident Response Team and IR Process

Anatomy of a Risk Assessment

Protecting yourself from Social Engineering Attacks

LLIIKEE USS ON FFACCEEBOOK ==== SSTAY UP TO DATEE

InfoSec Institute

Like You like this.

AWARD WIINNIING TRAIINIING FFROM IINFFOSSEECC

Be the first to hear of new free tutorials, training videos,

product demos, and more. We'll deliver the best of our free

resources to you each month, sign up here:

Email

a@hotmail.com

Yes, Send My Free Training & Tutorials

Want to l earn m ore?? The InfoSec Institute CISSP

Training course trains and prepares y ou to pass the

premier security certification, the CISSP. Professionals that

hold the CISSP have demonstrated that

...