|By Avi Rosenthal||
|December 10, 2016 02:26 PM EST|
Senior Bankers received a digital card which should be passed prior to executing operations requiring higher level of Authorization.
Other bankers has lower Authorization level. They did not receive these cards. They are prohibited from executing high level authorized operations.
The Computerized Branch systems were built according to the defined Authorization levels. However, Senior Bankers were busy. When another banker asked a senior banker to perform an operation very often he gave him his digital card instead of executing the operation and asked him to execute the operation behalf of the Senior and Busy Banker.
The real Authorization system was different from the formal analyzed, designed and developed systems.
The real system authorized every banker to execute most operations.
The formal system limited Authorization of non-Senior Bankers.
This kind of dissonance between implemented systems and real life systems is very common in other verticals as well as well as in other banks.
The most confident Business data and Reports
It includes data about Strategy, New R and D and new Products, Plans and reports and data summarizing overall Business Performance.
If such data will leak competitors could gain and the company's Business Results could be worse than the Results achieved if the data would not leak.
Naturally, only Top Management team members are authorized to access this data.
However, Top Managers are even busier than Senior Bankers.
They will do exactly what the Senior Bankers depicted in the previous section did:
They will give authorization to their Secretaries.
The real Authorization system is again different from the planned Authorization system.
Are the over authorized secretaries a bigger Security threat than the Top Management?
A Top Manager can benefit a lot from not breaching Security by exposing or selling confidential data.
His salary is high and he may receive high bonus as well.
If he will sell confidential data to a competitor he may lose everything: No more high salary and high bonus but more than this: no other company will ever employ him as a manager.
The probability that CEO or other top manager will sell the most important confidential data to a competitor is extremely low.
It is reasonable that he is aware of the potential risk of exposing such data unintentionally to people who are not authorized to access it and avoid of that risk.
A Secretary selling confidential data can lose less and win more than a Manager.
Her salary is far from being a high salary. She does not expect, and probably will never get, high bonus.
She may operate a little shop or other type of small business instead of working as a secretary.
The probability that she will breach Security and deliver intentionally confidential data is low, but it is significantly higher than the probability that a Top Manager will do it.
As far as exposing a printed report unintentionally is concerned, I am not so sure that the probability that a Manager's Secretary will do it is low.
It is all about Security Awareness. The Manager should be more aware and probably the Security team will periodically remind him of the Security requirements due to the high formal authorization granted to him.
Mar. 30, 2017 04:15 PM EDT Reads: 4,335
Mar. 30, 2017 04:15 PM EDT Reads: 3,329
Mar. 30, 2017 03:45 PM EDT Reads: 6,736
Mar. 30, 2017 03:30 PM EDT Reads: 2,365
Mar. 30, 2017 03:17 PM EDT Reads: 112
Mar. 30, 2017 03:15 PM EDT Reads: 1,025
Mar. 30, 2017 02:45 PM EDT Reads: 945
Mar. 30, 2017 02:45 PM EDT Reads: 3,981
Mar. 30, 2017 02:45 PM EDT Reads: 2,409
Mar. 30, 2017 02:00 PM EDT Reads: 9,003
Mar. 30, 2017 01:58 PM EDT Reads: 147
SYS-CON Events announced today that Loom Systems will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2015, Loom Systems delivers an advanced AI solution to predict and prevent problems in the digital business. Loom stands alone in the industry as an AI analysis platform requiring no prior math knowledge from operators, leveraging the existing staff to succeed in the digital era. With offices in S...
Mar. 30, 2017 01:45 PM EDT Reads: 1,878
Mar. 30, 2017 01:45 PM EDT Reads: 3,201
What if you could build a web application that could support true web-scale traffic without having to ever provision or manage a single server? Sounds magical, and it is! In his session at 20th Cloud Expo, Chris Munns, Senior Developer Advocate for Serverless Applications at Amazon Web Services, will show how to build a serverless website that scales automatically using services like AWS Lambda, Amazon API Gateway, and Amazon S3. We will review several frameworks that can help you build serverle...
Mar. 30, 2017 01:45 PM EDT Reads: 2,369
Most companies are adopting or evaluating container technology - Docker in particular - to speed up application deployment, drive down cost, ease management and make application delivery more flexible overall. As with most new architectures, this dream takes a lot of work to become a reality. Even when you do get your application componentized enough and packaged properly, there are still challenges for DevOps teams to making the shift to continuous delivery and achieving that reduction in cost ...
Mar. 30, 2017 01:45 PM EDT Reads: 560