How Would You Know?

There is a case running in the US at present where a student hacked into his school’s database and changed his grades. This could be considered as malicious data corruption! The allegations arose when some cross checking showed up some anomalies which led to an investigation. The question is, would you know if something similar was going on in your organization?

Data loss is easy to spot if it is a laptop that has gone missing - it was here one minute, now it’s gone. Data skimming is tough to spot, i.e. where data is being slowly an steadily extracted, for example over a wireless network - but it does get eventually found out, however, it sometimes takes years. But what about malicious data corruption, how would you know? In this case it was relatively simple to spot once the cross check event occurred - but what if there hadn’t been the need for a cross check? what if someone had broken in to a system and upped a credit note? The automated cheque system would probably print out the rebate without hesitation - providing it wasn’t over a specific amount.

Audit trails would provide some comeback (should a cross check occur) but the operation to alter credit notes is probably a valid function, so how would you know which was ‘real’ and which was not?

June 24, 2008 | Filed Under Insider, Reputation, security 

comments

One Response to “How Would You Know?”

  1. Daniel Craig on June 30th, 2008

    Hi there, I was looking around for a while searching for wireless audit and I happened upon this site and your post regarding ould You Know? : View From The Bunker, I will definitely this to my wireless audit bookmarks!

Leave a Reply