Passport breach: Let’s chalk one up for monitoring.
The Washington Post reported that the illegal viewing, and subsequent disclosure, of passport information from Barak Obama, Hillary Clinton and John McCain was caught by a monitoring system.
This is precisely the type of activity that monitoring can detect, and it can be used very effectively for alerting to suspicious behavior regardless of the user.
In early 2005 I was invited by some people at DHS
to pay a visit a couple of congressmen and senators to discuss trends
in information privacy & security. I later
discovered the reason for the invite was one of the Republican staffers
had been reading a couple of the Democratic rivals files and documents. It turns out that both parties shared a common file server & database that had little to no security beyond access control. The staffer was fired and escorted out by the Secret Service. I
advocated database monitoring to detect this type of activity in the
future, coupled with assessment as a preventative control.
It appears that the state department already has something like this in place so ‘Bravo’! And they, like most public companies, only deployed after a breach had occurred.
Comments
You can follow this conversation by subscribing to the comment feed for this post.