0

In most organisations, there will be watchers who will watch out for insider threats from the employees. e.g., Insider Threat Engineer.

But who will watch the watchers themselves in the event they turn rogue? What security controls exist to guard against the watchers?

schroeder
  • 129,372
  • 55
  • 299
  • 340
Nathan Aw
  • 1
  • 8
  • 12
  • What security controls would they not be subject to? Why doesn't the existing controls work for them? – schroeder Jan 19 '22 at 16:16
  • 2
    not trolling: Other watchers? Watchers should be watching each other too. – Soufiane Tahiri Jan 19 '22 at 16:16
  • the insider threat engineers will have an intimate understanding of the mechanisms of monitoring that everyone including themselves are subjected to. Though they will be subjected to the very same controls, they can circumvent it better than others through intimate knowledge - also, who will monitor the watchers? Another watcher? – Nathan Aw Jan 19 '22 at 16:50

1 Answers1

1

Audits and data integrity controls.

The tools and data used to identify unwanted behaviour apply to everyone. A rogue analyst would have to alter data in order to avoid detection. But logging and alerting systems have numerous controls to prevent and alert on data modification.

These controls are the same ones that prevent malicious outsiders with unauthorised access to security systems from 'covering their tracks'.

It's not rocket science and it's nothing special. Just basic integrity checking.

schroeder
  • 129,372
  • 55
  • 299
  • 340