Internal "White Hat" security team

chiefsman
chiefsman used Ask the Experts™
on
We are looking at starting an internal "white hat" security team made up of some of our tech savvy employees.  These users would, from time to time, try to access folders they shouldn't have access to, try to make themselves domain admins, try to change other users' passwords, etc.  This would be in addition to their primary duties.  Does anyone know of something like this being done?  I know outside firms are available to do security testing, but it might be advantageous to have our own team.  Thanks for any feedback!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018

Commented:
Hi.
"Does anyone know of something like this being done?" - sure, why not. As long as those people try those "attacks" (if any) on test networks first, go ahead.
What do you want to know in particular?
i would make damned sure those employees are legit.  That's all you need is for one of them to find an exploit and not tell you about it.
chiefsmanSystems Administrator

Author

Commented:
We just want to make sure our network stays as secure as possible and was curious if anyone else did this.  Thanks!
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

Distinguished Expert 2018

Commented:
But what if anyone else does this, do you feel supported in doing this?
It surely depends on how you let them do this. If they run tools and they don't know how those work, they might disrupt working.
chiefsmanSystems Administrator

Author

Commented:
Yeah, we have a lot of questions.  We were just seeing if anyone else is doing this so we could get some tips on how they are doing it and if it has been successful.
Distinguished Expert 2018
Commented:
Thing is: what expertise would they need to find more than the admin? A lot. Unless the admin has failed to do his job properly, they will maybe find nothing at all. I'd vote for having your network pentested/audited by professionals.
btanExec Consultant
Distinguished Expert 2018

Commented:
You can still have an internal security team setup to do such review and security acceptance but most of the time, the objective is to ensjre independent assessment done rather tham having same admin team to do it. Who guards the guards. The competency and certified party varied and compliance needs may not necessary allows internal team unless strong justification provider. There are penetration testing standard publicly available to kickstart. Note that revjew should not be audit unless that is the intent. Audit requires independent party so internal is mostly not engaged though helps in preparing the internal.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial