Computerworld story reports that the employee was caught only after one of the owners of a property under foreclosure was called by the employee and the property owner subsequently complained. The ComputerWorld story is careful to note that “no actual hacking” took place. But more importantly, there was no internal business process or IT infrastructure in place to detect the “wrongful” accesses. The good news is that the actions taken by the employee were clearly against Progressive’s published information security policies and the employee was quickly fired.

The ComputerWorld article correctly points out, in my opinion, that this is an example of the rising problem of insider threats from rogue employees.

Read the rest of this entry »

No technology can replace a culture of respect for privacy. Arthur Riel, a former IT manager at Morgan Stanley found out the hard way. Information Week has done a good job covering the story. Seems that Mr. Riel was in charge of putting in place an e-mail archiving and searching solution at Morgan Stanley. Ironically enough, as a result of SOX findings that indicated that the company needed to do a better job of managing it’s e-mail.

Read the rest of this entry »