QOTD - Ex-NSA Deputy Director on Managing Privileged Users

Snowden was a system administrator, so by design he had more privileges. Does that expose a weakness in the system? In hindsight, Snowden went far beyond where we would have expected him to go. The challenge is how do you extend trust to individuals that you’ve gone to great time and trouble to find, vet, and develop confidence in, and allow them to exercise ingenuity, innovation, and creativity? We need to up our game without crushing the 99.9 percent of people who have operated faithfully. We need to focus on behaviors—on the access to data in real time, instead of on defending perimeters, operating systems, or artifacts. You’re looking for a change in behavior that is an anomaly and warrants close examination. 
 -- John C. Inglis, former NSA Deputy Director 

Src: Ex-NSA Deputy Director Says the Agency Must Be “Biased” Towards Defense, Not Attack | MIT Technology Review

No comments: