Protectings Systems from Malicous Users
Our company host most of our systems internally, some of them being critical systems and as such they have their own support teams just to look after them etc. One of the things we are considering at the moment to reduce costs is to outsource some of these systems to a third party. As a result, these support teams will inevitable have to be made redundant.
The systems that concern me the most are our financial systems (SAP). These support staff obviously have an excellent understanding of the system, no doubt better than anyone else in the company. My concern is that these support staff will become disgruntled if they catch wind of any ideas (whether we go through with them or not but especially if we do) and could potentially, using their knowledge, either committee fraud or malicious acts against the system or data.
How can we as a company protect the system and its data against such acts by staff who might be adamant on causing issues? Perhaps we can’t do this 100% but would at least need to be able to identify it after the event.
What I plan on doing firstly is reviewing system access to ensure that everyone’s access is based on the principle of least privilege. Then ensuring that audit logs are capturing everything and that these logs are regularly reviewed to identify any suspicious activity.
Is there anything else we can do?
The systems that concern me the most are our financial systems (SAP). These support staff obviously have an excellent understanding of the system, no doubt better than anyone else in the company. My concern is that these support staff will become disgruntled if they catch wind of any ideas (whether we go through with them or not but especially if we do) and could potentially, using their knowledge, either committee fraud or malicious acts against the system or data.
How can we as a company protect the system and its data against such acts by staff who might be adamant on causing issues? Perhaps we can’t do this 100% but would at least need to be able to identify it after the event.
What I plan on doing firstly is reviewing system access to ensure that everyone’s access is based on the principle of least privilege. Then ensuring that audit logs are capturing everything and that these logs are regularly reviewed to identify any suspicious activity.
Is there anything else we can do?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Shalom Carmel
Oh, and find an excuse for it, because everybody has to know what you are doing. Again, you need top level support for this. Invent imaginary investors who need due diligence, or blame it on a new regulation.
To add make sure audit trail is verified as it will not make sense just to turn on audit without oversight and action taken. You will need to tune the audit report to the severity and risk score if you want to make sure of any anomalies to highlight to the management in charge.
There is SIEM solution as shared earlier that aggregates security logs from the various security device source to surface actionable for the incident and IT support staff.
There is SIEM solution as shared earlier that aggregates security logs from the various security device source to surface actionable for the incident and IT support staff.