[ISN] CIA’s Ex-CISO on Preventing Leaks

http://www.bankinfosecurity.com/interviews/cias-ex-ciso-on-preventing-leaks-i-1992 By Eric Chabrow Bank Info Security June 21, 2013 Robert Bigman, former CISO at the CIA, says many government agencies and other organizations have yet to take adequate steps to prevent rogue systems administrators from accessing sensitive information on systems they manage. “If you don’t have vigorous security oversight, you tend to fall into the trap like a lot of organizations do, that we will not have a problem and everything will work out fine,” Bigman says in an interview with Information Security Media Group. He retired last year after 15 years as the chief information security officer at the Central Intelligence Agency. In the interview, Bigman shies away from discussing specifics about the case of Edward Snowden, the former National Security Agency systems administrator who leaked information regarding two classified intelligence-gathering programs despite his top-secret security clearance [see IT Tools Available to Stop NSA-Type Leaks]. But he offers advice on how organizations can pull in the reins on systems administrators who have wide access to many systems and data. Too often, Bigman says, organizations focus on pumping up services by increasing the number of systems administrators to assure round-the-clock coverage. Testifying at a House Intelligence Committee hearing on June 18, NSA Director Keith Alexander said the number of systems administrators at the agency has grown to about 1,000, and its leaders are mulling reducing that number to help improve security [see NSA Outlines Steps to Reduce Leaks.] […] _______________________________________________ ISN mailing list ISN@lists.infosecnews.org http://lists.infosecnews.org/mailman/listinfo/isn_lists.infosecnews.org