Joe a website administrator believes he owns the intellectual property for a company invention and has been replacing image files on the company's public facing website in the DMZ.
Joe is using steganography to hide stolen data.
Which of the following controls can be implemented to mitigate this type of inside threat?
Click on the arrows to vote for the correct answer
A. B. C. D. E.B.
The scenario describes an inside threat, where an employee, Joe, is misusing his access to the company's systems to steal and hide data. To mitigate such risks, the organization can implement several controls, including:
A. Digital signatures: Digital signatures are used to verify the authenticity and integrity of electronic documents or software. However, they are not effective in detecting or preventing insider threats. Thus, this control is not the best option in this scenario.
B. File integrity monitoring: File integrity monitoring (FIM) is a security measure that detects unauthorized changes to files or directories. FIM solutions can monitor and alert administrators of any unauthorized changes to image files on the website. This would help in detecting any unauthorized modifications that Joe may have made. Therefore, FIM is a relevant control for mitigating the risk posed by insider threats.
C. Access controls: Access controls limit users' privileges and permissions, thereby minimizing the risk of insider threats. In this scenario, access controls could prevent Joe from accessing and modifying image files in the DMZ. However, if Joe has legitimate access to the files, access controls alone may not be sufficient.
D. Change management: Change management refers to a set of processes and procedures for controlling changes to systems and applications. A well-designed change management process can prevent unauthorized changes, including those made by insiders. In this scenario, change management could prevent Joe from making unauthorized changes to the image files by requiring approval and oversight for all changes.
E. Stateful inspection firewall: Stateful inspection firewalls are designed to monitor network traffic and filter out unauthorized traffic. In this scenario, a stateful inspection firewall could prevent Joe from accessing the image files in the DMZ by blocking his traffic. However, this control may not be effective if Joe has legitimate access to the files.
In conclusion, the most effective control for mitigating the risk of insider threats in this scenario would be a combination of file integrity monitoring and change management. These controls can detect and prevent unauthorized changes to the image files and provide oversight and approval for all changes made to the website.