roy_batty
asked on
Setting up a honeypot to test a staff member for trustworthyness
I have been tasked with setting up a honeypot to test whether a particular member of staff is steeling company data. This staff member has been warned before and has admitted he has stolen data in the past.
The manager has give him a second chance but still feels he is taking advantage of his position to access and make copies of the data for himself.
He has asked me to set up a file containing containing fake information and then he wants be to monitor said file for suspicious activity.
Does anyone have any advice on how I can technically achieve this?
The manager has give him a second chance but still feels he is taking advantage of his position to access and make copies of the data for himself.
He has asked me to set up a file containing containing fake information and then he wants be to monitor said file for suspicious activity.
Does anyone have any advice on how I can technically achieve this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thnaks
Thank you Roy
of course, we are not talking about public shaming and preaching just proper usage, but the annual regime for acceptable usage policy is essential reminder at wide and specific role/involvement of staff in job function for project need to have another AUP catered to it - for the case of awareness of abuses of special privileges in such involvement. Insider threat programme should be planned rather than an one-off target employee one by one adhoc or demand basis.
Privacy protection need to stay in course with incident handling such that company reputation will not be at stake. There are cases where leaking of company IP via staff inadvertently and cases where staff simply being too reckless and being spied by adversary. Eventually evidence trail leading to chain of event need to be investigated and having those monitoring effort may rather be collective rather than a single one-off deployment. It needs to be planned out carefully and supported by mgmt. - safeguard yourself of unnecessary accusation too on the action to be taken. chain of custody is a need and not a want.
Instead of "spying" maybe think of instead reviewing the staff usage and privileges or change of role function if remaining in the company for a period of "restriction" to proof the staff integrity before admitting him into any strategic involvement. Otherwise, strict messaging such as tolerance to any abuses and unauthorized action should not be tolerated and this need strong message to everyone - no second is (and will ever be) given - this is not fear instilling but part of discipline and enforcement.